-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb:10.3 security and bug fix update Advisory ID: RHSA-2022:4818-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4818 Issue date: 2022-05-31 CVE Names: CVE-2021-2154 CVE-2021-2166 CVE-2021-2372 CVE-2021-2389 CVE-2021-35604 CVE-2021-46657 CVE-2021-46658 CVE-2021-46662 CVE-2021-46666 CVE-2021-46667 CVE-2022-27385 ==================================================================== 1. Summary: An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). Security Fix(es): * mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154) * mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166) * mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372) * mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389) * mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604) * mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667) * mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385) * mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657) * mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658) * mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662) * mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666) * mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WSREP race condition causes crash in mariadb 10.3.28, fixed in 10.3.32 (BZ#2077509) * mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2079855) * Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2079858) * Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) (BZ#2079859) * MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" (BZ#2080159) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021) 1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021) 1981332 - mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command 1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021) 1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021) 2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021) 2049294 - CVE-2021-46658 mariadb: save_window_function_values triggers an abort during IN subquery 2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref 2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries 2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause 2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash 2075001 - CVE-2022-27385 mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join 2077509 - WSREP race condition causes crash in mariadb 10.3.28, fixed in 10.3.32 [rhel-8.4.0.z] 2079855 - mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhel-8.4.0.z] 2079858 - Galera doesn't work without 'procps-ng' package MariaDB-10.3 [rhel-8.4.0.z] 2079859 - Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) [rhel-8.4.0.z] 2080159 - MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" [rhel-8.4.0.z] 2081362 - Crash: WSREP: invalid state ROLLED_BACK (FATAL) [rhel-8.4.0.z] 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.4): Source: Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.src.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.src.rpm aarch64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.aarch64.rpm galera-debuginfo-25.3.34-4.module+el8.4.0+15058+0c3d11c7.aarch64.rpm galera-debugsource-25.3.34-4.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-backup-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-backup-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-common-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-debugsource-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-embedded-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-embedded-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-embedded-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-errmsg-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-gssapi-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-oqgraph-engine-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-server-galera-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-server-utils-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-server-utils-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-test-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-test-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm ppc64le: Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm galera-debuginfo-25.3.34-4.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm galera-debugsource-25.3.34-4.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-backup-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-backup-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-common-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-debugsource-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-embedded-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-embedded-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-embedded-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-errmsg-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-gssapi-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-oqgraph-engine-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-server-galera-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-server-utils-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-server-utils-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-test-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm mariadb-test-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.ppc64le.rpm s390x: Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.s390x.rpm galera-debuginfo-25.3.34-4.module+el8.4.0+15058+0c3d11c7.s390x.rpm galera-debugsource-25.3.34-4.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-backup-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-backup-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-common-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-debugsource-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-embedded-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-embedded-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-embedded-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-errmsg-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-gssapi-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-oqgraph-engine-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-server-galera-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-server-utils-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-server-utils-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-test-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm mariadb-test-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.s390x.rpm x86_64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.x86_64.rpm galera-debuginfo-25.3.34-4.module+el8.4.0+15058+0c3d11c7.x86_64.rpm galera-debugsource-25.3.34-4.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-backup-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-backup-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-common-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-debugsource-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-embedded-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-embedded-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-embedded-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-errmsg-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-gssapi-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-oqgraph-engine-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-server-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-server-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-server-galera-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-server-utils-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-server-utils-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-test-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm mariadb-test-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2154 https://access.redhat.com/security/cve/CVE-2021-2166 https://access.redhat.com/security/cve/CVE-2021-2372 https://access.redhat.com/security/cve/CVE-2021-2389 https://access.redhat.com/security/cve/CVE-2021-35604 https://access.redhat.com/security/cve/CVE-2021-46657 https://access.redhat.com/security/cve/CVE-2021-46658 https://access.redhat.com/security/cve/CVE-2021-46662 https://access.redhat.com/security/cve/CVE-2021-46666 https://access.redhat.com/security/cve/CVE-2021-46667 https://access.redhat.com/security/cve/CVE-2022-27385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpYjodzjgjWX9erEAQiYrw//QIayaNuezHPHbj0LCrCWrLZSOiUYfjTU SY7pSThwoK6YWnHRhNNRC0PSptgo6VhTkIz20XlvWnGZkGcXDKn7pVvwBm8+Xv5Q ojGborWPas2J7wJ7NdvmsbR2KUsqey6JBNWpiJx37jaGXYFIuaV4ZqkWfFWnIYE3 BkKZAopG+DNiYIpKuKoesSrlXCSK9Lb5MrplEOD4MaGdNKth8JXthFyUSCcxqp2m SZRX4FhryxRmcFZqocGiFzCuLZVm6r0QxwWuvxDi/EBv4KWrOX+CJTz3Lx3XpA4t V7OXcngZDOKL0aLVXmjlp4DVIk86eHLpU4c/JXfqnk14/kYqmpPi6om6WZgkYLG0 j+bR35Q1xVR2l34jIbYY6WP6muhVt0TnxXdYpIiaez2DSa4n64TJ0wBcKAY1H38t xTy7Lhyhx/XFeMtc8OaPU/XDOZF3K9kzVKkSvrSDvlGnuuIQd/t81BZyqjcHAU3b 9q3x8B0LH+MbcKKPjM3xhUI4pW5ihdWp9Uh7RThZ3Y0xtUB++bc29zlBkLUJyAyz 8dqTbPbOXnn+ItxgxhH58zJ/sZizq8xEwwKp5566qkPN/zbS1OQyDMShbXJ/24s9 vJ0/+nTz9PsQkNxTZWLfYL+3P/EnyE174WRzvVlFq5KmhAYBjVbzVfffYjeUwBJQ wnNtVkY+SKA=ahwW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce