Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2022:1557
HistoryApr 26, 2022 - 1:50 p.m.

Moderate: mariadb:10.5 security, bug fix, and enhancement update

2022-04-2613:50:46
errata.almalinux.org
54
mariadb
security
bug fix
upgrade
cve
vulnerability
galera
patch
cpu
crash
overflow

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.319

Percentile

97.0%

JSON

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)

Security Fix(es):

  • mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)

  • mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)

  • mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)

  • mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)

  • mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)

  • mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)

  • mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)

  • mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)

  • mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)

  • mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)

  • mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)

  • Galera doesn’t work without ‘procps-ng’ package MariaDB-10.5 (BZ#2050542)

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64mariadb-devel< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-devel-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-server-galera< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-server-galera-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-common< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-common-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-server< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-server-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-pam< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-pam-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-gssapi-server< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-gssapi-server-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64judy< 1.0.5-18.module_el8.5.0+2637+d11efe18Judy-1.0.5-18.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-test< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-test-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-backup< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-backup-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
almalinux8x86_64mariadb-errmsg< 10.5.13-1.module_el8.5.0+2637+d11efe18mariadb-errmsg-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm
Rows per page:
1-10 of 481

Related

nessus 60
oraclelinux 2
almalinux 1
osv 15
redhat 5
rocky 2
fedora 5
openvas 44
photon 3
mageia 2
archlinux 1
suse 6
ubuntu 1
rosalinux 1
altlinux 1
ubuntucve 4
cvelist 5
gentoo 1
alpinelinux 2
redhatcve 4
mariadbunix 4
prion 3
veracode 4
debiancve 4
nvd 5
cnvd 3
cbl_mariner 6
cve 4
vulnrichment 1
nessus
nessus
Oracle Linux 8 : mariadb:10.3 (ELSA-2022-1556)
2022-04-27 00:00:00
Oracle Linux 8 : mariadb:10.5 (ELSA-2022-1557)
2022-05-03 00:00:00
CentOS 8 : mariadb:10.5 (CESA-2022:1557)
2022-04-28 00:00:00
oraclelinux
oraclelinux
mariadb:10.5 security, bug fix, and enhancement update
2022-05-03 00:00:00
mariadb:10.3 security and bug fix update
2022-04-28 00:00:00
almalinux
almalinux
Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
osv
osv
Moderate: mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
redhat
redhat
(RHSA-2022:4818) Moderate: mariadb:10.3 security and bug fix update
2022-05-31 09:59:46
(RHSA-2022:1556) Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
(RHSA-2022:1557) Moderate: mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
rocky
rocky
mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
fedora
fedora
[SECURITY] Fedora 35 Update: mariadb-10.5.13-1.fc35
2021-12-11 01:33:38
[SECURITY] Fedora 34 Update: mariadb-10.5.13-1.fc34
2021-12-11 01:40:22
[SECURITY] Fedora 34 Update: mariadb-10.5.10-1.fc34
2021-05-14 17:51:45
openvas
openvas
Fedora: Security Advisory for mariadb (FEDORA-2021-acef1dc8cf)
2021-12-11 00:00:00
Fedora: Security Advisory for mariadb (FEDORA-2021-72d5918529)
2021-12-11 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2023-1274)
2023-01-31 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0439
2022-02-11 00:00:00
Important Photon OS Security Update - PHSA-2022-0469
2022-02-09 00:00:00
Critical Photon OS Security Update - PHSA-2022-0361
2022-02-09 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2021-05-12 12:56:40
Updated mariadb packages fix security vulnerabilities
2021-08-14 17:00:09
archlinux
archlinux
[ASA-202105-14] mariadb: denial of service
2021-05-19 00:00:00
suse
suse
Security update for mariadb (moderate)
2021-08-25 00:00:00
Security update for mariadb (moderate)
2021-09-03 00:00:00
Security update for mariadb (moderate)
2021-08-25 00:00:00
ubuntu
ubuntu
MariaDB vulnerabilities
2021-08-13 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2252
2023-10-21 15:06:32
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.4.20-alt1
2021-07-14 00:00:00
ubuntucve
ubuntucve
CVE-2021-46658
2022-01-29 00:00:00
CVE-2021-46667
2022-02-01 00:00:00
CVE-2021-46666
2022-02-01 00:00:00
cvelist
cvelist
CVE-2021-46658
2022-01-29 22:34:16
CVE-2021-46666
2022-02-01 01:47:03
CVE-2021-46667
2022-02-01 01:46:48
gentoo
gentoo
MariaDB: Multiple vulnerabilities
2021-05-26 00:00:00
alpinelinux
alpinelinux
CVE-2021-46662
2022-02-01 02:15:06
CVE-2021-46667
2022-02-01 02:15:07
redhatcve
redhatcve
CVE-2021-46666
2022-02-03 05:15:20
CVE-2021-46662
2022-02-03 05:15:05
CVE-2021-46667
2022-02-03 05:15:22
mariadbunix
mariadbunix
CVE-2021-46662
2022-02-01 02:15:00
CVE-2021-46667
2022-02-01 02:15:07
CVE-2021-46657
2022-01-29 23:15:00
prion
prion
Code injection
2022-02-01 02:15:00
Design/Logic Flaw
2022-02-01 02:15:00
Design/Logic Flaw
2022-01-29 23:15:00
veracode
veracode
Denial Of Service (DoS)
2022-06-02 22:49:24
Integer Overflow
2022-03-19 09:01:40
Denial Of Service (DoS)
2022-03-19 08:39:10
debiancve
debiancve
CVE-2021-46662
2022-02-01 02:15:06
CVE-2021-46666
2022-02-01 02:15:07
CVE-2021-46667
2022-02-01 02:15:07
nvd
nvd
CVE-2021-46666
2022-02-01 02:15:07
CVE-2021-46657
2022-01-29 23:15:07
CVE-2021-46667
2022-02-01 02:15:07
cnvd
cnvd
MariaDB Denial of Service Vulnerability (CNVD-2022-65010)
2022-02-10 00:00:00
MariaDB Denial of Service Vulnerability (CNVD-2022-65012)
2022-02-10 00:00:00
Oracle MySQL Server has an unspecified vulnerability (CNVD-2021-81783)
2021-10-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-46666 affecting package mariadb 10.3.28-2
2022-02-25 01:46:09
CVE-2021-46662 affecting package mariadb 10.3.32-1
2022-03-10 23:47:43
CVE-2021-46662 affecting package mariadb for versions less than 10.6.7-1
2022-04-09 06:52:52
cve
cve
CVE-2021-46667
2022-02-01 02:15:07
CVE-2021-46662
2022-02-01 02:15:06
CVE-2021-46666
2022-02-01 02:15:07
vulnrichment
vulnrichment
CVE-2021-35604
2021-10-20 10:50:44

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.319

Percentile

97.0%

JSON
Related for ALSA-2022:1557
nessus60oraclelinux2almalinux1osv15redhat5rocky2fedora5openvas44photon3mageia2archlinux1suse6ubuntu1rosalinux1altlinux1ubuntucve4cvelist5gentoo1alpinelinux2redhatcve4mariadbunix4prion3veracode4debiancve4nvd5cnvd3cbl_mariner6cve4vulnrichment1