- Issued:
- 2022-09-13
- Updated:
- 2022-09-13
RHSA-2022:6443 - Moderate: mariadb:10.3 security and bug fix update
Synopsis
Moderate: mariadb:10.3 security and bug fix update
Type/Severity
Security Advisory Moderate
Topic
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.35), galera (25.3.35).
Security Fix(es):
-
mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)
-
mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)
-
mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)
-
mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)
-
mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)
-
mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)
-
mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)
-
mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)
-
mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)
-
mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)
-
mariadb: server crash at my_decimal::operator= (CVE-2022-27380)
-
mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)
-
mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)
-
mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)
-
mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)
-
mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)
-
mariadb: assertion failure in compare_order_elements (CVE-2022-27445)
-
mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)
-
mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)
-
mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)
-
mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)
-
mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)
-
mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)
-
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)
-
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)
-
mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)
-
mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)
-
mariadb: server crash in Item_args::walk_args (CVE-2022-32087)
-
mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (CVE-2022-32088)
-
mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)
-
mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)
-
mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)
-
mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)
-
mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)
-
mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [Tracker] Rebase to Galera 25.3.35 for MariaDB-10.3 (BZ#2107075)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 | 8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Life Cycle | 8.10 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.6 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle | 8.10 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 8 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.8 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle | 8.10 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.6 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle | 8.10 | aarch64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.8 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.6 | ppc64le |
| Red Hat Enterprise Linux Server - TUS | 8.8 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 8.6 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.6 | x86_64 |
Updated Packages
- Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
- mariadb-gssapi-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-server-galera-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
- galera-debuginfo-25.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-embedded-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-backup-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
- mariadb-oqgraph-engine-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- galera-25.3.35-1.module+el8.6.0+15949+4ba4ec26.src.rpm
- mariadb-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-embedded-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- galera-debugsource-25.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-server-utils-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-embedded-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-10.3.35-1.module+el8.6.0+15949+4ba4ec26.src.rpm
- mariadb-errmsg-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-gssapi-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-server-utils-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-backup-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- galera-25.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-test-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-debugsource-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-common-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-test-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- mariadb-oqgraph-engine-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.aarch64.rpm
- Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
- mariadb-errmsg-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- galera-debugsource-25.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-common-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-server-utils-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-oqgraph-engine-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-gssapi-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-debugsource-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-gssapi-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
- mariadb-server-utils-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- galera-debuginfo-25.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- galera-25.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-backup-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-embedded-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-embedded-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
- mariadb-embedded-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-oqgraph-engine-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
- mariadb-backup-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-server-galera-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-test-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-test-10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64.rpm
- mariadb-server-utils-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-oqgraph-engine-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-gssapi-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-errmsg-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-embedded-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-backup-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-oqgraph-engine-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
- mariadb-backup-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-server-utils-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-server-galera-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-debugsource-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-test-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-test-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- galera-debuginfo-25.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
- mariadb-gssapi-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- galera-debugsource-25.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- galera-25.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-embedded-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-common-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- mariadb-embedded-10.3.35-1.module+el8.6.0+15949+4ba4ec26.s390x.rpm
- Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
- mariadb-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-server-utils-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
- mariadb-gssapi-server-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-test-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-backup-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-test-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-server-galera-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-backup-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-embedded-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- galera-25.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
- mariadb-embedded-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-errmsg-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-gssapi-server-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-server-utils-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-common-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- galera-debugsource-25.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- galera-debuginfo-25.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-embedded-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-oqgraph-engine-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-oqgraph-engine-debuginfo-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-devel-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- mariadb-debugsource-10.3.35-1.module+el8.6.0+15949+4ba4ec26.ppc64le.rpm
- Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Fixes
- This content is not included.BZ - 2049302
- This content is not included.BZ - 2050017
- This content is not included.BZ - 2050022
- This content is not included.BZ - 2050024
- This content is not included.BZ - 2050026
- This content is not included.BZ - 2050032
- This content is not included.BZ - 2050034
- This content is not included.BZ - 2068211
- This content is not included.BZ - 2068233
- This content is not included.BZ - 2068234
- This content is not included.BZ - 2069833
- This content is not included.BZ - 2074817
- This content is not included.BZ - 2074947
- This content is not included.BZ - 2074949
- This content is not included.BZ - 2074951
- This content is not included.BZ - 2074966
- This content is not included.BZ - 2074981
- This content is not included.BZ - 2074996
- This content is not included.BZ - 2074999
- This content is not included.BZ - 2075005
- This content is not included.BZ - 2075006
- This content is not included.BZ - 2075691
- This content is not included.BZ - 2075693
- This content is not included.BZ - 2075694
- This content is not included.BZ - 2075695
- This content is not included.BZ - 2075697
- This content is not included.BZ - 2075700
- This content is not included.BZ - 2076145
- This content is not included.BZ - 2082644
- This content is not included.BZ - 2092354
- This content is not included.BZ - 2092360
- This content is not included.BZ - 2104425
- This content is not included.BZ - 2104431
- This content is not included.BZ - 2104434
- This content is not included.BZ - 2106008
CVEs
- CVE-2021-46659
- CVE-2021-46661
- CVE-2021-46663
- CVE-2021-46664
- CVE-2021-46665
- CVE-2021-46668
- CVE-2021-46669
- CVE-2022-21427
- CVE-2022-21595
- CVE-2022-24048
- CVE-2022-24050
- CVE-2022-24051
- CVE-2022-24052
- CVE-2022-27376
- CVE-2022-27377
- CVE-2022-27378
- CVE-2022-27379
- CVE-2022-27380
- CVE-2022-27381
- CVE-2022-27383
- CVE-2022-27384
- CVE-2022-27386
- CVE-2022-27387
- CVE-2022-27445
- CVE-2022-27447
- CVE-2022-27448
- CVE-2022-27449
- CVE-2022-27452
- CVE-2022-27456
- CVE-2022-27458
- CVE-2022-31622
- CVE-2022-31623
- CVE-2022-32083
- CVE-2022-32085
- CVE-2022-32087
- CVE-2022-32088
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.