[ALSA-2020:5500] mariadb:10.3 security, bug fix, and enhancement update

Severity Important

Affected Packages 19

CVEs 17

An update for the mariadb:10.3 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899082, BZ#1899086)

Security Fix(es):

mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)
mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)
mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)
mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)
mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)
mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)
mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)
mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)
mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899009)
Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899017)
Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899021)
There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899077)

Package	Affected Version
pkg:rpm/almalinux/mariadb?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-test?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-server?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-server-utils?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-server-galera?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-oqgraph-engine?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-gssapi-server?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-errmsg?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-embedded?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-embedded-devel?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-devel?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-common?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/mariadb-backup?arch=x86_64&distro=almalinux-8.3	< 10.3.27-3.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.6	< 1.0.5-18.module_el8.6.0+2867+72759d2f
pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.5	< 1.0.5-18.module_el8.5.0+2632+14ced695
pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.3	< 1.0.5-18.module_el8.3.0+2028+5e3224e9
pkg:rpm/almalinux/Judy?arch=aarch64&distro=almalinux-8.6	< 1.0.5-18.module_el8.6.0+2761+593e5e59
pkg:rpm/almalinux/Judy?arch=aarch64&distro=almalinux-8.4	< 1.0.5-18.module_el8.4.0+2215+7adc332a
pkg:rpm/almalinux/galera?arch=x86_64&distro=almalinux-8.3	< 25.3.31-1.module_el8.3.0+2063+5e3224e9

ID

ALSA-2020:5500

Severity

important

URL

https://errata.almalinux.org/ALSA-2020:5500.html

Published

2020-12-15T16:03:43
(3 years ago)

Modified

2022-04-28T12:47:02
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2019-2938	https://vulners.com/cve/CVE-2019-2938
CVE	CVE-2019-2974	https://vulners.com/cve/CVE-2019-2974
CVE	CVE-2020-13249	https://vulners.com/cve/CVE-2020-13249
CVE	CVE-2020-14765	https://vulners.com/cve/CVE-2020-14765
CVE	CVE-2020-14776	https://vulners.com/cve/CVE-2020-14776
CVE	CVE-2020-14789	https://vulners.com/cve/CVE-2020-14789
CVE	CVE-2020-14812	https://vulners.com/cve/CVE-2020-14812
CVE	CVE-2020-15180	https://vulners.com/cve/CVE-2020-15180
CVE	CVE-2020-2574	https://vulners.com/cve/CVE-2020-2574
CVE	CVE-2020-2752	https://vulners.com/cve/CVE-2020-2752
CVE	CVE-2020-2760	https://vulners.com/cve/CVE-2020-2760
CVE	CVE-2020-2780	https://vulners.com/cve/CVE-2020-2780
CVE	CVE-2020-2812	https://vulners.com/cve/CVE-2020-2812
CVE	CVE-2020-2814	https://vulners.com/cve/CVE-2020-2814
CVE	CVE-2021-2022	https://vulners.com/cve/CVE-2021-2022
CVE	CVE-2021-2144	https://vulners.com/cve/CVE-2021-2144
CVE	CVE-2021-2194	https://vulners.com/cve/CVE-2021-2194

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/almalinux/mariadb?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-test?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-test	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-server?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-server	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-server-utils?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-server-utils	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-server-galera?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-server-galera	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-oqgraph-engine?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-oqgraph-engine	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-gssapi-server?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-gssapi-server	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-errmsg?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-errmsg	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-embedded?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-embedded	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-embedded-devel?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-embedded-devel	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-devel?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-devel	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-common?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-common	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-backup?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-backup	< 10.3.27-3.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.6	almalinux	Judy	< 1.0.5-18.module_el8.6.0+2867+72759d2f	almalinux-8.6	x86_64
Affected	pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.5	almalinux	Judy	< 1.0.5-18.module_el8.5.0+2632+14ced695	almalinux-8.5	x86_64
Affected	pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.3	almalinux	Judy	< 1.0.5-18.module_el8.3.0+2028+5e3224e9	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/Judy?arch=aarch64&distro=almalinux-8.6	almalinux	Judy	< 1.0.5-18.module_el8.6.0+2761+593e5e59	almalinux-8.6	aarch64
Affected	pkg:rpm/almalinux/Judy?arch=aarch64&distro=almalinux-8.4	almalinux	Judy	< 1.0.5-18.module_el8.4.0+2215+7adc332a	almalinux-8.4	aarch64
Affected	pkg:rpm/almalinux/galera?arch=x86_64&distro=almalinux-8.3	almalinux	galera	< 25.3.31-1.module_el8.3.0+2063+5e3224e9	almalinux-8.3	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date