[RHSA-2020:5500] mariadb:10.3 security, bug fix, and enhancement update
Severity
Important
Affected Packages
60
CVEs
17
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899082, BZ#1899086)
Security Fix(es):
mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)
mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)
mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)
mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)
mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)
mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)
mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)
mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)
mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899009)
Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899017)
Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899021)
There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899077)
- ID
- RHSA-2020:5500
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2020:5500
- Published
-
2020-12-15T00:00:00
(3 years ago) - Modified
-
2020-12-15T00:00:00
(3 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2020-1332
-
ALAS-2020-1333
-
ALAS-2020-1402
-
ALAS-2020-1403
-
ALAS-2021-1464
-
ALAS2-2020-1537
-
ALPINE:CVE-2019-2938
-
ALPINE:CVE-2019-2974
-
ALPINE:CVE-2020-13249
-
ALPINE:CVE-2020-14765
-
ALPINE:CVE-2020-14776
-
ALPINE:CVE-2020-14789
-
ALPINE:CVE-2020-14812
-
ALPINE:CVE-2020-15180
-
ALPINE:CVE-2020-2574
-
ALPINE:CVE-2020-2752
-
ALPINE:CVE-2020-2760
-
ALPINE:CVE-2020-2812
-
ALPINE:CVE-2020-2814
-
ALSA-2020:3732
-
ALSA-2020:5500
-
ALSA-2020:5503
-
ALSA-2021:3590
-
DSA-4776-1
-
ELSA-2020-3732
-
ELSA-2020-4026
-
ELSA-2020-5500
-
ELSA-2020-5503
-
ELSA-2021-3590
-
FEDORA-2019-48a0a07033
-
FEDORA-2019-c1fab3f139
-
FEDORA-2019-d40df38271
-
FEDORA-2020-136dc82437
-
FEDORA-2020-20ac7c92a1
-
FEDORA-2020-261c9ddd7c
-
FEDORA-2020-35f52d9370
-
FEDORA-2020-4f9ee82bc5
-
FEDORA-2020-53df1c05be
-
FEDORA-2020-561eed63ef
-
FEDORA-2020-ac2d47d89a
-
FEDORA-2020-b995eb2973
-
FEDORA-2020-eee64a579c
-
FEDORA-2021-01189f6361
-
FEDORA-2021-5b6c69a73a
-
FEDORA-2021-b1d1655cef
-
FEDORA-2021-b8b7829a83
-
FEDORA-2021-db50ab62d3
-
FREEBSD:21D59EA3-8559-11EA-A5E2-D4C9EF517024
-
FREEBSD:4FBA07CA-13AA-11EB-B31E-D4C9EF517024
-
FREEBSD:56BA4513-A1BE-11EB-9072-D4C9EF517024
-
FREEBSD:622B5C47-855B-11EA-A5E2-D4C9EF517024
-
FREEBSD:A2565962-1156-11EB-9C9C-D4C9EF517024
-
FREEBSD:A6CF65AD-37D2-11EA-A1C7-B499BAEBFEAF
-
FREEBSD:CB0183BB-45F6-11EA-A1C7-B499BAEBFEAF
-
FREEBSD:FC91F2EF-FD7B-11E9-A1C7-B499BAEBFEAF
-
GLSA-202011-14
-
GLSA-202012-08
-
GLSA-202105-27
-
GLSA-202405-25
-
MS:CVE-2020-14765
-
MS:CVE-2020-14776
-
MS:CVE-2020-14789
-
MS:CVE-2020-14812
-
MS:CVE-2021-2022
-
MS:CVE-2021-2194
-
openSUSE-SU-2019:2698-1
-
openSUSE-SU-2020:0289-1
-
openSUSE-SU-2020:0738-1
-
openSUSE-SU-2020:0870-1
-
openSUSE-SU-2020:2090-1
-
openSUSE-SU-2020:2149-1
-
openSUSE-SU-2020:2254-1
-
RHSA-2020:3732
-
RHSA-2020:4026
-
RHSA-2020:5503
-
RHSA-2021:3590
-
RLSA-2020:3732
-
RLSA-2020:5500
-
RLSA-2020:5503
-
RLSA-2021:3590
-
SSA:2020-133-01
-
SUSE-SU-2019:3306-1
-
SUSE-SU-2019:3369-1
-
SUSE-SU-2019:3370-1
-
SUSE-SU-2020:0050-1
-
SUSE-SU-2020:0496-1
-
SUSE-SU-2020:0505-1
-
SUSE-SU-2020:0523-1
-
SUSE-SU-2020:0527-1
-
SUSE-SU-2020:0640-1
-
SUSE-SU-2020:0831-1
-
SUSE-SU-2020:1423-1
-
SUSE-SU-2020:1431-1
-
SUSE-SU-2020:1625-1
-
SUSE-SU-2020:1710-1
-
SUSE-SU-2020:1711-1
-
SUSE-SU-2020:1798-1
-
SUSE-SU-2020:3497-1
-
SUSE-SU-2020:3500-1
-
SUSE-SU-2020:3564-1
-
SUSE-SU-2020:3625-1
-
USN-4195-1
-
USN-4195-2
-
USN-4250-1
-
USN-4250-2
-
USN-4350-1
-
USN-4603-1
-
USN-4604-1
-
USN-4716-1
-
USN-4952-1
-
USN-5022-3
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/mariadb?arch=x86_64&distro=redhat-8.3 | redhat |
 mariadb
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb?arch=s390x&distro=redhat-8.3 | redhat |
mariadb
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-test?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-test
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-test?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-test
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-test?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-test
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-test?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-test
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-server?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-server?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-server?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-server?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-server-utils?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-server-utils
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-server-utils?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-server-utils
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-server-utils?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-server-utils
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-server-utils?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-server-utils
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-server-galera?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-server-galera
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-server-galera?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-server-galera
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-server-galera?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-server-galera
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-server-galera?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-server-galera
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-oqgraph-engine?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-oqgraph-engine
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-oqgraph-engine?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-oqgraph-engine
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-oqgraph-engine?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-oqgraph-engine
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-oqgraph-engine?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-oqgraph-engine
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-gssapi-server?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-gssapi-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-gssapi-server?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-gssapi-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-gssapi-server?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-gssapi-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-gssapi-server?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-gssapi-server
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-errmsg?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-errmsg
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-errmsg?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-errmsg
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-errmsg?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-errmsg
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-errmsg?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-errmsg
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-embedded?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-embedded
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-embedded?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-embedded
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-embedded?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-embedded
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-embedded?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-embedded
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-embedded-devel?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-embedded-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-embedded-devel?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-embedded-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-embedded-devel?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-embedded-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-embedded-devel?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-embedded-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-devel?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-devel?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-devel?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-devel?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-devel
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-common?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-common
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-common?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-common
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-common?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-common
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-common?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-common
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/mariadb-backup?arch=x86_64&distro=redhat-8.3 | redhat |
mariadb-backup
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/mariadb-backup?arch=s390x&distro=redhat-8.3 | redhat |
mariadb-backup
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/mariadb-backup?arch=ppc64le&distro=redhat-8.3 | redhat |
mariadb-backup
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/mariadb-backup?arch=aarch64&distro=redhat-8.3 | redhat |
mariadb-backup
|
< 10.3.27-3.module+el8.3.0+8972+5e3224e9 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/Judy?arch=x86_64&distro=redhat-8 | redhat |
Judy
|
< 1.0.5-18.module+el8+2765+cfa4f87b | redhat-8 | x86_64 | |
| Affected | pkg:rpm/redhat/Judy?arch=s390x&distro=redhat-8 | redhat |
Judy
|
< 1.0.5-18.module+el8+2765+cfa4f87b | redhat-8 | s390x | |
| Affected | pkg:rpm/redhat/Judy?arch=ppc64le&distro=redhat-8 | redhat |
Judy
|
< 1.0.5-18.module+el8+2765+cfa4f87b | redhat-8 | ppc64le | |
| Affected | pkg:rpm/redhat/Judy?arch=aarch64&distro=redhat-8 | redhat |
Judy
|
< 1.0.5-18.module+el8+2765+cfa4f87b | redhat-8 | aarch64 | |
| Affected | pkg:rpm/redhat/galera?arch=x86_64&distro=redhat-8.3 | redhat |
galera
|
< 25.3.31-1.module+el8.3.0+8843+3f4e42f6 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/galera?arch=s390x&distro=redhat-8.3 | redhat |
galera
|
< 25.3.31-1.module+el8.3.0+8843+3f4e42f6 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/galera?arch=ppc64le&distro=redhat-8.3 | redhat |
galera
|
< 25.3.31-1.module+el8.3.0+8843+3f4e42f6 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/galera?arch=aarch64&distro=redhat-8.3 | redhat |
galera
|
< 25.3.31-1.module+el8.3.0+8843+3f4e42f6 | redhat-8.3 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |