You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mariadb

Sigurnosni nedostaci programskog paketa mariadb

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: mariadb:10.3 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5663-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5663
Issue date: 2020-12-22
CVE Names: CVE-2019-2510 CVE-2019-2537 CVE-2019-2614
CVE-2019-2627 CVE-2019-2628 CVE-2019-2737
CVE-2019-2739 CVE-2019-2740 CVE-2019-2758
CVE-2019-2805 CVE-2019-2938 CVE-2019-2974
CVE-2020-2574 CVE-2020-2752 CVE-2020-2760
CVE-2020-2780 CVE-2020-2812 CVE-2020-2814
CVE-2020-2922 CVE-2020-13249 CVE-2020-14765
CVE-2020-14776 CVE-2020-14789 CVE-2020-14812
CVE-2020-15180
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.0) – aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089)

Security Fix(es):

* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2537)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2740)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2805)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)

* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899012)

* Queries with entity_id IN (‘1’, ‘2’, …, ‘70000’) run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899020)

* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899025)

* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899080)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1666751 – CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
1666763 – CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
1702969 – CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 – CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
1702977 – CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
1731997 – CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
1731999 – CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
1732000 – CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
1732008 – CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
1732025 – CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
1764680 – CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 – CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 – CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 – CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 – CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 – CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 – CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 – CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1835850 – CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 – CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1890738 – CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890743 – CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
1890747 – CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890756 – CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
1894919 – CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
1899012 – FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.0.0.z]
1899020 – Queries with entity_id IN (‘1’, ‘2’, …, ‘70000’) run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.0.0.z]
1899025 – Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.0.0.z]
1899085 – Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.0.0.z]
1899089 – Update Galera to the appropriate version (25.3.31) [rhel-8.0.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.0):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.src.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2510
https://access.redhat.com/security/cve/CVE-2019-2537
https://access.redhat.com/security/cve/CVE-2019-2614
https://access.redhat.com/security/cve/CVE-2019-2627
https://access.redhat.com/security/cve/CVE-2019-2628
https://access.redhat.com/security/cve/CVE-2019-2737
https://access.redhat.com/security/cve/CVE-2019-2739
https://access.redhat.com/security/cve/CVE-2019-2740
https://access.redhat.com/security/cve/CVE-2019-2758
https://access.redhat.com/security/cve/CVE-2019-2805
https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-14765
https://access.redhat.com/security/cve/CVE-2020-14776
https://access.redhat.com/security/cve/CVE-2020-14789
https://access.redhat.com/security/cve/CVE-2020-14812
https://access.redhat.com/security/cve/CVE-2020-15180
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX+G7Q9zjgjWX9erEAQihGg//fqnucevXfanM4Q3eyIiCwbIXh4w5cSBi
3q0ab1l9PPFJCp//EFYcyV3tcFlgzoFHkjMJxJNefp76SJZqBB0C9yIu51iachsK
Q07286DflCgPfoFWRPAHPovuWcnhn0+r8SbvsrbHgynN+hCa5FBtZGEPO9poZ8oa
AGydnXVa7JodjrpnMI9gwcDa0F1O8W5Kzs9jR5murTQ/8HkJvmBvpv/miwxpKZ8t
L2p26We5UFA4o6pFwMWtwf9ePKZ8P98LsqA3o/UGB2QcKppL324ewdYyu3t798UH
ABj/rXqI+KaiyvzEVJvesH+v54PnFH7ubS1ZbZEi7o2L/9qCvyjypv4h9Co4u6Jr
kFlOFstpCvlhzzGHUYIhQQznHzK7VUk49tjBNmgvjMY+leDY0lUbJ0b7bYOgFQC4
1+aOQ23c66SffTiO3iuPSggq80+P5YA+gE7K7yiBOPJB63LTtoUnEuSHHkLh3oqV
JSZllj5TzEFD+j6PqpW1bCCnwAjkPSpOWC8mIweRftzAmD+H8YHntnOhc17sj61y
LDDz7zi2SpsTmKTqA1uj4hjOSKqpgxs0piGx7eLzs+ToHmUobTVrHpSiHgpVaQVz
bQL3JeHQ7GLXNmo1tCso15xialecp9p96VxVHllfBRfFFdf/MTyfLtXZ7MdQyTFK
E8zkWCo32N4=
=yV7w
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: mariadb:10.3 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5665-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5665
Issue date: 2020-12-22
CVE Names: CVE-2019-2938 CVE-2019-2974 CVE-2020-2574
CVE-2020-2752 CVE-2020-2760 CVE-2020-2780
CVE-2020-2812 CVE-2020-2814 CVE-2020-13249
CVE-2020-14765 CVE-2020-14776 CVE-2020-14789
CVE-2020-14812 CVE-2020-15180
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899084, BZ#1899088)

Security Fix(es):

* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)

* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899011)

* Queries with entity_id IN (‘1’, ‘2’, …, ‘70000’) run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899019)

* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899024)

* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899079)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1764680 – CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 – CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 – CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 – CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 – CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 – CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 – CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 – CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 – CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1890738 – CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890743 – CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
1890747 – CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890756 – CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
1894919 – CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
1899011 – FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.1.0.z]
1899019 – Queries with entity_id IN (‘1’, ‘2’, …, ‘70000’) run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.1.0.z]
1899024 – Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.1.0.z]
1899084 – Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.1.0.z]
1899088 – Update Galera to the appropriate version (25.3.31) [rhel-8.1.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.src.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-14765
https://access.redhat.com/security/cve/CVE-2020-14776
https://access.redhat.com/security/cve/CVE-2020-14789
https://access.redhat.com/security/cve/CVE-2020-14812
https://access.redhat.com/security/cve/CVE-2020-15180
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX+G7ftzjgjWX9erEAQietQ//ZajvZddJMw/Ddc5k91PZHfFiqrTBCumr
cRHSVNd6jDQjre2/10Yd/b79lCekW/hlOtiZ1/oXX/2fFpFTckDACteWcS2FV1fe
1Rh5IGZxrWGoRMXvjYovsYzPlUgFjq2lRPwhwCpceolgLhscAV6H7hPGFl16VnYO
2S23036YsQ6s8VlzxgyofB5UeQvaTH6WWbnbmz9C4kSwn1/vJJNBbcOaQePXe8WM
q8hQyPSyn9PRLxhgseaPUfyiW4JL3mzOnUiAyj0LMYlrGQKThG/OnXVXVpaSoyUg
yf+oIAMH7VjOmgxmrTX/6RtpqSfACzsg4TSRYc48tBqQwsHeW/WsSphn/0xCvyM3
qJPHRJmiRldlBYTl2cMsZ6so1cKCtmwYTK/e5Xo/uC7kymajlFXnjUiSdpS3wH7C
Qf2UF4NHVnZ/qI1MAOJDTNdq9disJwV/9kCJuMBxKNOha5Mi5HdZoRCYs/RNiZmx
czqvg4iv3qncpTR2lgT43zjsyr2DmIznRfUmt7V1NmIEtRXzj/yIfTASGRJwOfGs
7bt/KxLUxyml69pRvzZcl4aFp0mkJMZAZUvqgctZyiklwJpTqpGHi8suUnwTUr3k
TAJ8lUIGd1mF0jv9N8q+uAgjaw897S232prcW00Kp9IHzap9ypAkyRZqdawARfdz
arZHhOEIcNE=
=kqyA
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: mariadb:10.3 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5654-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5654
Issue date: 2020-12-22
CVE Names: CVE-2019-2938 CVE-2019-2974 CVE-2020-2574
CVE-2020-2752 CVE-2020-2760 CVE-2020-2780
CVE-2020-2812 CVE-2020-2814 CVE-2020-13249
CVE-2020-14765 CVE-2020-14776 CVE-2020-14789
CVE-2020-14812 CVE-2020-15180
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899083, BZ#1899087)

Security Fix(es):

* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)

* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899010)

* Queries with entity_id IN (‘1’, ‘2’, …, ‘70000’) run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899018)

* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899022)

* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899078)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1764680 – CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 – CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 – CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 – CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 – CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 – CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 – CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 – CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 – CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1890738 – CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890743 – CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
1890747 – CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890756 – CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
1894919 – CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
1899010 – FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.2.0.z]
1899018 – Queries with entity_id IN (‘1’, ‘2’, …, ‘70000’) run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.2.0.z]
1899022 – Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.2.0.z]
1899083 – Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.2.0.z]
1899087 – Update Galera to the appropriate version (25.3.31) [rhel-8.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.src.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-14765
https://access.redhat.com/security/cve/CVE-2020-14776
https://access.redhat.com/security/cve/CVE-2020-14789
https://access.redhat.com/security/cve/CVE-2020-14812
https://access.redhat.com/security/cve/CVE-2020-15180
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX+G2GtzjgjWX9erEAQiykRAAnPL1Ldlmp5k+2eVHIiiVGIPfn0xGWm8y
r1pDjGcRkP8i0SZ71Q4U96Rbm5XXhPmq9W8YKl+pVusAEj58rcopbdbMgXp5MEPs
vyz9SS7Mmzcy0sSjRb1r9/wQub2E08KXTFiN6jCja74IzlqcFyRCCLwLydI2bFes
7uYDxMIstL5Mf55JyavzpnoJf9Xt1gDgx1pnfi8SczY1A4/fSd+4ACo0L8xcUzsi
VNtHy5aAANJIlvwb6+dwungDKvUItTUrZZkFnhjFUH1/975QaDRIKSBpiOxYFr46
gnGII6N3e5SNBdxB2GYDQaaX3If6aj55iz1fdHJwf7U+nHDp6i9owP4W6Hmg45ph
+WWW+GzNtmfi4EePeNhers52RqPuz9gkXmGGiRPM5FSU/WztkT8jYXnPVAngGIrO
ZnQllm64WB9zr0+2mYjjsq9MG/OX3whsjMPNQTK/QjhmG2xbGWv38ZtkVw6F7xeq
5pEKs7Fs7o+qxk/G2GALdi1hvIThGKpOpaB4DFfEZqH8R4eJDKDsuct7JzqaftRf
Y5kj41ZZBMjJnKGpj/SoB5pKikUDOoA6UIBVwR1iKzGayHUBIAUmnbAIiwaeyNs3
xaVc5QkbtDQp6fLlGXa74Q4NAqzXKAsoeOFYHx88J7fZxNa5FA6mMzp12VeZnvLk
HFNzDiPN+bk=
=o+T0
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close