Issued:
2022-08-09
Updated:
2022-08-09

RHSA-2022:5948 - Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

Synopsis

Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

Type/Severity

Security Advisory Moderate

Topic

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5).

Security Fix(es):

  • mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)

  • mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)

  • mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)

  • mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)

  • mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052)

  • mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)

  • mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)

  • mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)

  • mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)

  • mariadb: server crash at my_decimal::operator= (CVE-2022-27380)

  • mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)

  • mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)

  • mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)

  • mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)

  • mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)

  • mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)

  • mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)

  • mariadb: assertion failure in compare_order_elements (CVE-2022-27445)

  • mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)

  • mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)

  • mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)

  • mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)

  • mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)

  • mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)

  • mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)

  • mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)

  • mariadb: incorrect key in "dup value" error after long unique (CVE-2022-27457)

  • mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)

  • mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)

  • mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)

  • mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)

  • mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)

  • mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)

  • mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)

  • mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)

  • mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_649x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions9.6x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions9.4x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions9.2x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions9.0x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support9.6x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support9.4x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support9.2x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support9.0x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle9.6x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle9.4x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle9.2x86_64
Red Hat Enterprise Linux for Power, little endian9ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support9.6ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support9.4ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support9.2ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support9.0ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle9.6ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle9.4ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle9.2ppc64le
Red Hat Enterprise Linux for IBM z Systems9s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support9.6s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support9.4s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support9.2s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support9.0s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle9.6s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle9.4s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle9.2s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates9.6s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates9.4s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates9.2s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates9.0s390x
Red Hat Enterprise Linux for ARM 649aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support9.6aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support9.4aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support9.2aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support9.0aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle9.6aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle9.4aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle9.2aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates9.6aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates9.4aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates9.2aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates9.0aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions9.6ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions9.4ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions9.2ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions9.0ppc64le
Red Hat Enterprise Linux Server - AUS9.6x86_64
Red Hat Enterprise Linux Server - AUS9.4x86_64
Red Hat Enterprise Linux Server - AUS9.2x86_64
Red Hat CodeReady Linux Builder for x86_649x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support9.6x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support9.4x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support9.2x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support9.0x86_64
Red Hat CodeReady Linux Builder for Power, little endian9ppc64le
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support9.6ppc64le
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support9.4ppc64le
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support9.2ppc64le
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support9.0ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems9s390x
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support9.6s390x
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support9.4s390x
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support9.2s390x
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support9.0s390x
Red Hat CodeReady Linux Builder for ARM 649aarch64
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support9.6aarch64
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support9.4aarch64
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support9.2aarch64
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support9.0aarch64

Updated Packages

  • galera-debugsource-26.4.11-1.el9_0.x86_64.rpm
  • mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-server-10.5.16-2.el9_0.aarch64.rpm
  • galera-26.4.11-1.el9_0.x86_64.rpm
  • mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-server-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-server-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-server-galera-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-server-galera-10.5.16-2.el9_0.s390x.rpm
  • mariadb-common-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-embedded-10.5.16-2.el9_0.ppc64le.rpm
  • galera-debuginfo-26.4.11-1.el9_0.aarch64.rpm
  • mariadb-server-utils-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-test-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-server-galera-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-errmsg-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-embedded-devel-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-10.5.16-2.el9_0.src.rpm
  • mariadb-devel-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-gssapi-server-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-oqgraph-engine-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-server-galera-10.5.16-2.el9_0.x86_64.rpm
  • galera-26.4.11-1.el9_0.src.rpm
  • mariadb-gssapi-server-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-server-utils-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-pam-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-backup-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-embedded-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-debugsource-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-test-10.5.16-2.el9_0.ppc64le.rpm
  • galera-debuginfo-26.4.11-1.el9_0.ppc64le.rpm
  • mariadb-test-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-server-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-test-10.5.16-2.el9_0.s390x.rpm
  • galera-debugsource-26.4.11-1.el9_0.aarch64.rpm
  • mariadb-gssapi-server-10.5.16-2.el9_0.s390x.rpm
  • mariadb-backup-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-oqgraph-engine-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-debugsource-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-pam-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-test-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mysql-selinux-1.0.5-1.el9_0.src.rpm
  • mariadb-test-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-embedded-devel-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-common-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-common-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-pam-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-embedded-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • galera-26.4.11-1.el9_0.aarch64.rpm
  • mariadb-10.5.16-2.el9_0.s390x.rpm
  • mariadb-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-pam-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-server-10.5.16-2.el9_0.s390x.rpm
  • mariadb-server-utils-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-embedded-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-backup-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-backup-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-embedded-10.5.16-2.el9_0.s390x.rpm
  • galera-26.4.11-1.el9_0.s390x.rpm
  • galera-debuginfo-26.4.11-1.el9_0.x86_64.rpm
  • mariadb-devel-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-oqgraph-engine-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-server-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-backup-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-server-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-server-utils-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-test-10.5.16-2.el9_0.aarch64.rpm
  • galera-debugsource-26.4.11-1.el9_0.ppc64le.rpm
  • mariadb-test-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-embedded-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-oqgraph-engine-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-pam-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-server-utils-10.5.16-2.el9_0.s390x.rpm
  • mariadb-backup-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-pam-10.5.16-2.el9_0.s390x.rpm
  • mariadb-embedded-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-debuginfo-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-oqgraph-engine-10.5.16-2.el9_0.s390x.rpm
  • mariadb-server-utils-debuginfo-10.5.16-2.el9_0.x86_64.rpm
  • mysql-selinux-1.0.5-1.el9_0.noarch.rpm
  • mariadb-debugsource-10.5.16-2.el9_0.x86_64.rpm
  • galera-debuginfo-26.4.11-1.el9_0.s390x.rpm
  • mariadb-errmsg-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-gssapi-server-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-common-10.5.16-2.el9_0.s390x.rpm
  • mariadb-devel-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-debugsource-10.5.16-2.el9_0.s390x.rpm
  • mariadb-backup-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-embedded-devel-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-errmsg-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-pam-10.5.16-2.el9_0.x86_64.rpm
  • mariadb-embedded-devel-10.5.16-2.el9_0.s390x.rpm
  • mariadb-10.5.16-2.el9_0.aarch64.rpm
  • mariadb-pam-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-server-utils-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-debuginfo-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-server-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-backup-10.5.16-2.el9_0.s390x.rpm
  • mariadb-10.5.16-2.el9_0.ppc64le.rpm
  • mariadb-errmsg-10.5.16-2.el9_0.s390x.rpm
  • mariadb-server-utils-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-devel-10.5.16-2.el9_0.s390x.rpm
  • mariadb-embedded-10.5.16-2.el9_0.x86_64.rpm
  • galera-26.4.11-1.el9_0.ppc64le.rpm
  • mariadb-gssapi-server-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • mariadb-debuginfo-10.5.16-2.el9_0.s390x.rpm
  • galera-debugsource-26.4.11-1.el9_0.s390x.rpm

Fixes

CVEs

References

Additional information