[ALSA-2022:1557] mariadb:10.5 security, bug fix, and enhancement update
Severity
Moderate
Affected Packages
48
CVEs
12
An update for the mariadb:10.5 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)
Security Fix(es):
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)
mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)
Galera doesn't work without 'procps-ng' package MariaDB-10.5 (BZ#2050542)
- ID
- ALSA-2022:1557
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2022:1557.html
- Published
-
2022-04-26T13:50:46
(2 years ago) - Modified
-
2022-04-28T12:56:03
(2 years ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
-
ALAS-2021-1544
-
ALAS2-2023-2057
-
ALPINE:CVE-2021-2154
-
ALPINE:CVE-2021-2166
-
ALPINE:CVE-2021-2372
-
ALPINE:CVE-2021-2389
-
ALPINE:CVE-2021-35604
-
ALPINE:CVE-2021-46662
-
ALPINE:CVE-2021-46667
-
ALPINE:CVE-2022-27385
-
ALSA-2021:3590
-
ALSA-2022:1556
-
ALSA-2022:6590
-
ALSA-2022:7119
-
ASA-202105-14
-
ELSA-2021-3590
-
ELSA-2022-1556
-
ELSA-2022-1557
-
ELSA-2022-6590
-
ELSA-2022-7119
-
FEDORA-2021-01189f6361
-
FEDORA-2021-179f2fbb88
-
FEDORA-2021-27187ac9dd
-
FEDORA-2021-46dc82116b
-
FEDORA-2021-5b6c69a73a
-
FEDORA-2021-68db93b130
-
FEDORA-2021-70dd0b9f5d
-
FEDORA-2021-72d5918529
-
FEDORA-2021-acef1dc8cf
-
FEDORA-2021-b8b7829a83
-
FEDORA-2021-dc4299a8d0
-
FEDORA-2021-df40c41094
-
FEDORA-2021-f74148c6d4
-
FEDORA-2022-03350936ee
-
FEDORA-2022-263f7cc483
-
FEDORA-2022-5cfe372ab7
-
FREEBSD:38A4A043-E937-11EB-9B84-D4C9EF517024
-
FREEBSD:56BA4513-A1BE-11EB-9072-D4C9EF517024
-
FREEBSD:ADD683BE-BD76-11EC-A06F-D4C9EF517024
-
FREEBSD:C9387E4D-2F5F-11EC-8BE6-D4C9EF517024
-
GLSA-202105-27
-
GLSA-202105-28
-
GLSA-202405-25
-
MS:CVE-2021-2166
-
MS:CVE-2021-46657
-
MS:CVE-2021-46658
-
MS:CVE-2021-46662
-
MS:CVE-2021-46666
-
MS:CVE-2021-46667
-
MS:CVE-2022-21451
-
MS:CVE-2022-27385
-
openSUSE-SU-2021:2605-1
-
openSUSE-SU-2021:2616-1
-
openSUSE-SU-2021:2617-1
-
openSUSE-SU-2021:2835-1
-
openSUSE-SU-2021:2837-1
-
openSUSE-SU-2021:2939-1
-
openSUSE-SU-2021:3835-1
-
openSUSE-SU-2022:0731-1
-
RHSA-2021:3590
-
RHSA-2022:1556
-
RHSA-2022:1557
-
RHSA-2022:6590
-
RHSA-2022:7119
-
RLSA-2021:3590
-
RLSA-2022:1556
-
RLSA-2022:1557
-
RLSA-2022:6590
-
RLSA-2022:7119
-
SUSE-SU-2021:2605-1
-
SUSE-SU-2021:2616-1
-
SUSE-SU-2021:2617-1
-
SUSE-SU-2021:2634-1
-
SUSE-SU-2021:2835-1
-
SUSE-SU-2021:2837-1
-
SUSE-SU-2021:2939-1
-
SUSE-SU-2021:3008-1
-
SUSE-SU-2021:3835-1
-
SUSE-SU-2021:3836-1
-
SUSE-SU-2021:3948-1
-
SUSE-SU-2021:4202-1
-
SUSE-SU-2022:0725-1
-
SUSE-SU-2022:0726-1
-
SUSE-SU-2022:0731-1
-
SUSE-SU-2022:0731-2
-
SUSE-SU-2022:0782-1
-
SUSE-SU-2022:2561-1
-
USN-4952-1
-
USN-5022-1
-
USN-5022-2
-
USN-5022-3
-
USN-5123-1
-
USN-5123-2
-
USN-5170-1
-
USN-5400-1
-
USN-5400-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2021-2154 |
|
|
| CVE | CVE-2021-2166 |
|
|
| CVE | CVE-2021-2372 |
|
|
| CVE | CVE-2021-2389 |
|
|
| CVE | CVE-2021-35604 |
|
|
| CVE | CVE-2021-46657 |
|
|
| CVE | CVE-2021-46658 |
|
|
| CVE | CVE-2021-46662 |
|
|
| CVE | CVE-2021-46666 |
|
|
| CVE | CVE-2021-46667 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/almalinux/mariadb?arch=x86_64&distro=almalinux-8.6 | almalinux |
 mariadb
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-test?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-test
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-test?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-test
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-test?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-test
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-server?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-server
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-server?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-server
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-server?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-server
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-server-utils?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-server-utils
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-server-utils?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-server-utils
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-server-utils?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-server-utils
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-server-galera?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-server-galera
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-server-galera?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-server-galera
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-server-galera?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-server-galera
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-pam?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-pam
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-pam?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-pam
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-pam?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-pam
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-oqgraph-engine?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-oqgraph-engine
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-oqgraph-engine?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-oqgraph-engine
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-oqgraph-engine?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-oqgraph-engine
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-gssapi-server?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-gssapi-server
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-gssapi-server?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-gssapi-server
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-gssapi-server?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-gssapi-server
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-errmsg?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-errmsg
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-errmsg?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-errmsg
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-errmsg?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-errmsg
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-embedded?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-embedded
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-embedded?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-embedded
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-embedded?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-embedded
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-embedded-devel?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-embedded-devel
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-embedded-devel?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-embedded-devel
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-embedded-devel?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-embedded-devel
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-devel?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-devel
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-devel?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-devel
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-devel?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-devel
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-common?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-common
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-common?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-common
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-common?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-common
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/mariadb-backup?arch=x86_64&distro=almalinux-8.6 | almalinux |
mariadb-backup
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-backup?arch=x86_64&distro=almalinux-8.5 | almalinux |
mariadb-backup
|
< 10.5.13-1.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/mariadb-backup?arch=aarch64&distro=almalinux-8.6 | almalinux |
mariadb-backup
|
< 10.5.13-1.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.6 | almalinux |
Judy
|
< 1.0.5-18.module_el8.6.0+2867+72759d2f | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/Judy?arch=x86_64&distro=almalinux-8.5 | almalinux |
Judy
|
< 1.0.5-18.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/Judy?arch=aarch64&distro=almalinux-8.6 | almalinux |
Judy
|
< 1.0.5-18.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 | |
| Affected | pkg:rpm/almalinux/galera?arch=x86_64&distro=almalinux-8.6 | almalinux |
galera
|
< 26.4.9-4.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | x86_64 | |
| Affected | pkg:rpm/almalinux/galera?arch=x86_64&distro=almalinux-8.5 | almalinux |
galera
|
< 26.4.9-4.module_el8.5.0+2637+d11efe18 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/galera?arch=aarch64&distro=almalinux-8.6 | almalinux |
galera
|
< 26.4.9-4.module_el8.6.0+2761+593e5e59 | almalinux-8.6 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |