Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2021-46659   CVE-2021-46661   CVE-2021-46663   CVE-2021-46664   CVE-2021-46665   CVE-2021-46668   CVE-2021-46669   CVE-2022-24048   CVE-2022-24050   CVE-2022-24051   CVE-2022-24052   CVE-2022-27376   CVE-2022-27377   CVE-2022-27378   CVE-2022-27379   CVE-2022-27380   CVE-2022-27381   CVE-2022-27382   CVE-2022-27383   CVE-2022-27384   CVE-2022-27386   CVE-2022-27387   CVE-2022-27444   CVE-2022-27445   CVE-2022-27446   CVE-2022-27447   CVE-2022-27448   CVE-2022-27449   CVE-2022-27451   CVE-2022-27452   CVE-2022-27455   CVE-2022-27456   CVE-2022-27457   CVE-2022-27458   CVE-2022-31622   CVE-2022-31623  

Source

Synopsis

Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5).

Security Fix(es):

  • mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)
  • mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)
  • mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)
  • mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)
  • mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052)
  • mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)
  • mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)
  • mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)
  • mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)
  • mariadb: server crash at my_decimal::operator= (CVE-2022-27380)
  • mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)
  • mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)
  • mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)
  • mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)
  • mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)
  • mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)
  • mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)
  • mariadb: assertion failure in compare_order_elements (CVE-2022-27445)
  • mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)
  • mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)
  • mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)
  • mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)
  • mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)
  • mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)
  • mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)
  • mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)
  • mariadb: incorrect key in "dup value" error after long unique (CVE-2022-27457)
  • mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)
  • mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622)
  • mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623)
  • mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)
  • mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661)
  • mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663)
  • mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)
  • mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665)
  • mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2049302 - CVE-2021-46659 mariadb: Crash executing query with VIEW, aggregate and subquery
  • BZ - 2050017 - CVE-2021-46661 mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
  • BZ - 2050022 - CVE-2021-46663 mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
  • BZ - 2050024 - CVE-2021-46664 mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
  • BZ - 2050026 - CVE-2021-46665 mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
  • BZ - 2050032 - CVE-2021-46668 mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
  • BZ - 2050034 - CVE-2021-46669 mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
  • BZ - 2068211 - CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow
  • BZ - 2068233 - CVE-2022-24051 mariadb: lack of proper validation of a user-supplied string before using it as a format specifier
  • BZ - 2068234 - CVE-2022-24048 mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
  • BZ - 2069833 - CVE-2022-24050 mariadb: lack of validating the existence of an object prior to performing operations on the object
  • BZ - 2074817 - CVE-2022-27376 mariadb: assertion failure in Item_args::walk_arg
  • BZ - 2074947 - CVE-2022-27377 mariadb: use-after-poison when complex conversion is involved in blob
  • BZ - 2074949 - CVE-2022-27378 mariadb: server crash in create_tmp_table::finalize
  • BZ - 2074951 - CVE-2022-27379 mariadb: server crash in component arg_comparator::compare_real_fixed
  • BZ - 2074966 - CVE-2022-27380 mariadb: server crash at my_decimal::operator=
  • BZ - 2074981 - CVE-2022-27381 mariadb: server crash at Field::set_default via specially crafted SQL statements
  • BZ - 2074987 - CVE-2022-27382 mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order
  • BZ - 2074996 - CVE-2022-27383 mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
  • BZ - 2074999 - CVE-2022-27384 mariadb: crash via component Item_subselect::init_expr_cache_tracker
  • BZ - 2075005 - CVE-2022-27386 mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
  • BZ - 2075006 - CVE-2022-27387 mariadb: assertion failures in decimal_bin_size
  • BZ - 2075691 - CVE-2022-27445 mariadb: assertion failure in compare_order_elements
  • BZ - 2075692 - CVE-2022-27446 mariadb: crash when using HAVING with IS NULL predicate in an equality
  • BZ - 2075693 - CVE-2022-27447 mariadb: use-after-poison in Binary_string::free_buffer
  • BZ - 2075694 - CVE-2022-27448 mariadb: crash in multi-update and implicit grouping
  • BZ - 2075695 - CVE-2022-27449 mariadb: assertion failure in sql/item_func.cc
  • BZ - 2075696 - CVE-2022-27444 mariadb: crash when using HAVING with NOT EXIST predicate in an equality
  • BZ - 2075697 - CVE-2022-27456 mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
  • BZ - 2075699 - CVE-2022-27457 mariadb: incorrect key in "dup value" error after long unique
  • BZ - 2075700 - CVE-2022-27458 mariadb: use-after-poison in Binary_string::free_buffer
  • BZ - 2075701 - CVE-2022-27455 mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
  • BZ - 2076144 - CVE-2022-27451 mariadb: crash via window function in expression in ORDER BY
  • BZ - 2076145 - CVE-2022-27452 mariadb: assertion failure in sql/item_cmpfunc.cc
  • BZ - 2092354 - CVE-2022-31622 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
  • BZ - 2092360 - CVE-2022-31623 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
  • BZ - 2096271 - SELinux is preventing wsrep_sst_rsync getattr of /usr/bin/hostname [rhel-9.0.0.z]
  • BZ - 2096274 - Query returns wrong result when using split optimization [rhel-9.0.0.z]
  • BZ - 2096276 - [Tracker] Rebase to MariaDB 10.5.16 [rhel-9.0.0.z]
  • BZ - 2096277 - [Tracker] Rebase to Galera 26.4.11 [rhel-9.0.0.z]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started