Moderate: mariadb:10.3 security and bug fix update

Topic

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34).

Security Fix(es):

• mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
• mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
• mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
• mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
• mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
• mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
• mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)
• mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
• mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
• mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
• mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
• mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• WSREP race condition causes crash in mariadb 10.3.28, fixed in 10.3.32 (BZ#2077509)
• mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2079855)
• Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2079858)
• Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) (BZ#2079859)
• MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" (BZ#2080159)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat Enterprise Linux Server - AUS 8.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.4 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
• Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

• BZ - 1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
• BZ - 1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
• BZ - 1981332 - mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command
• BZ - 1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
• BZ - 1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
• BZ - 2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
• BZ - 2049294 - CVE-2021-46658 mariadb: save_window_function_values triggers an abort during IN subquery
• BZ - 2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
• BZ - 2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
• BZ - 2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
• BZ - 2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash
• BZ - 2075001 - CVE-2022-27385 mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
• BZ - 2077509 - WSREP race condition causes crash in mariadb 10.3.28, fixed in 10.3.32 [rhel-8.4.0.z]
• BZ - 2079855 - mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhel-8.4.0.z]
• BZ - 2079858 - Galera doesn't work without 'procps-ng' package MariaDB-10.3 [rhel-8.4.0.z]
• BZ - 2079859 - Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) [rhel-8.4.0.z]
• BZ - 2080159 - MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" [rhel-8.4.0.z]
• BZ - 2081362 - Crash: WSREP: invalid state ROLLED_BACK (FATAL) [rhel-8.4.0.z]

CVEs

• CVE-2021-2154
• CVE-2021-2166
• CVE-2021-2372
• CVE-2021-2389
• CVE-2021-35604
• CVE-2021-46657
• CVE-2021-46658
• CVE-2021-46662
• CVE-2021-46666
• CVE-2021-46667
• CVE-2022-27385

References

• https://access.redhat.com/security/updates/classification/#moderate