An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1619
Final
1.0
1.0
2022-04-29
Initial
2022-04-29
2022-04-29
openEuler SA Tool V1.0
2022-04-29
mariadb security update
An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.
Security Fix(es):
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.(CVE-2022-24052)
An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
mariadb
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1619
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24052
https://nvd.nist.gov/vuln/detail/CVE-2022-24052
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
mariadb-common-10.3.34-1.oe1.aarch64.rpm
mariadb-server-10.3.34-1.oe1.aarch64.rpm
mariadb-10.3.34-1.oe1.aarch64.rpm
mariadb-devel-10.3.34-1.oe1.aarch64.rpm
mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm
mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm
mariadb-backup-10.3.34-1.oe1.aarch64.rpm
mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm
mariadb-embedded-10.3.34-1.oe1.aarch64.rpm
mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm
mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm
mariadb-test-10.3.34-1.oe1.aarch64.rpm
mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm
mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm
mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm
mariadb-common-10.3.34-1.oe1.aarch64.rpm
mariadb-server-10.3.34-1.oe1.aarch64.rpm
mariadb-10.3.34-1.oe1.aarch64.rpm
mariadb-devel-10.3.34-1.oe1.aarch64.rpm
mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm
mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm
mariadb-backup-10.3.34-1.oe1.aarch64.rpm
mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm
mariadb-embedded-10.3.34-1.oe1.aarch64.rpm
mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm
mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm
mariadb-test-10.3.34-1.oe1.aarch64.rpm
mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm
mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm
mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm
mariadb-common-10.3.34-1.oe1.aarch64.rpm
mariadb-server-10.3.34-1.oe1.aarch64.rpm
mariadb-10.3.34-1.oe1.aarch64.rpm
mariadb-devel-10.3.34-1.oe1.aarch64.rpm
mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm
mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm
mariadb-backup-10.3.34-1.oe1.aarch64.rpm
mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm
mariadb-embedded-10.3.34-1.oe1.aarch64.rpm
mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm
mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm
mariadb-test-10.3.34-1.oe1.aarch64.rpm
mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm
mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm
mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm
mariadb-10.5.15-2.oe2203.aarch64.rpm
mariadb-config-10.5.15-2.oe2203.aarch64.rpm
mariadb-common-10.5.15-2.oe2203.aarch64.rpm
mariadb-embedded-devel-10.5.15-2.oe2203.aarch64.rpm
mariadb-test-10.5.15-2.oe2203.aarch64.rpm
mariadb-server-10.5.15-2.oe2203.aarch64.rpm
mariadb-devel-10.5.15-2.oe2203.aarch64.rpm
mariadb-server-galera-10.5.15-2.oe2203.aarch64.rpm
mariadb-embedded-10.5.15-2.oe2203.aarch64.rpm
mariadb-backup-10.5.15-2.oe2203.aarch64.rpm
mariadb-gssapi-server-10.5.15-2.oe2203.aarch64.rpm
mariadb-errmsg-10.5.15-2.oe2203.aarch64.rpm
mariadb-debugsource-10.5.15-2.oe2203.aarch64.rpm
mariadb-debuginfo-10.5.15-2.oe2203.aarch64.rpm
mariadb-oqgraph-engine-10.5.15-2.oe2203.aarch64.rpm
mariadb-pam-10.5.15-2.oe2203.aarch64.rpm
mariadb-rocksdb-engine-10.5.15-2.oe2203.aarch64.rpm
mariadb-server-utils-10.5.15-2.oe2203.aarch64.rpm
mariadb-10.3.34-1.oe1.src.rpm
mariadb-10.3.34-1.oe1.src.rpm
mariadb-10.3.34-1.oe1.src.rpm
mariadb-10.5.15-2.oe2203.src.rpm
mariadb-devel-10.3.34-1.oe1.x86_64.rpm
mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm
mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm
mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm
mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm
mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm
mariadb-test-10.3.34-1.oe1.x86_64.rpm
mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm
mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm
mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm
mariadb-embedded-10.3.34-1.oe1.x86_64.rpm
mariadb-backup-10.3.34-1.oe1.x86_64.rpm
mariadb-10.3.34-1.oe1.x86_64.rpm
mariadb-common-10.3.34-1.oe1.x86_64.rpm
mariadb-server-10.3.34-1.oe1.x86_64.rpm
mariadb-devel-10.3.34-1.oe1.x86_64.rpm
mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm
mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm
mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm
mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm
mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm
mariadb-test-10.3.34-1.oe1.x86_64.rpm
mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm
mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm
mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm
mariadb-embedded-10.3.34-1.oe1.x86_64.rpm
mariadb-backup-10.3.34-1.oe1.x86_64.rpm
mariadb-10.3.34-1.oe1.x86_64.rpm
mariadb-common-10.3.34-1.oe1.x86_64.rpm
mariadb-server-10.3.34-1.oe1.x86_64.rpm
mariadb-devel-10.3.34-1.oe1.x86_64.rpm
mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm
mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm
mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm
mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm
mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm
mariadb-test-10.3.34-1.oe1.x86_64.rpm
mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm
mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm
mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm
mariadb-embedded-10.3.34-1.oe1.x86_64.rpm
mariadb-backup-10.3.34-1.oe1.x86_64.rpm
mariadb-10.3.34-1.oe1.x86_64.rpm
mariadb-common-10.3.34-1.oe1.x86_64.rpm
mariadb-server-10.3.34-1.oe1.x86_64.rpm
mariadb-gssapi-server-10.5.15-2.oe2203.x86_64.rpm
mariadb-common-10.5.15-2.oe2203.x86_64.rpm
mariadb-backup-10.5.15-2.oe2203.x86_64.rpm
mariadb-debugsource-10.5.15-2.oe2203.x86_64.rpm
mariadb-debuginfo-10.5.15-2.oe2203.x86_64.rpm
mariadb-devel-10.5.15-2.oe2203.x86_64.rpm
mariadb-errmsg-10.5.15-2.oe2203.x86_64.rpm
mariadb-embedded-10.5.15-2.oe2203.x86_64.rpm
mariadb-oqgraph-engine-10.5.15-2.oe2203.x86_64.rpm
mariadb-embedded-devel-10.5.15-2.oe2203.x86_64.rpm
mariadb-config-10.5.15-2.oe2203.x86_64.rpm
mariadb-server-galera-10.5.15-2.oe2203.x86_64.rpm
mariadb-server-10.5.15-2.oe2203.x86_64.rpm
mariadb-test-10.5.15-2.oe2203.x86_64.rpm
mariadb-10.5.15-2.oe2203.x86_64.rpm
mariadb-pam-10.5.15-2.oe2203.x86_64.rpm
mariadb-server-utils-10.5.15-2.oe2203.x86_64.rpm
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
2022-04-29
CVE-2022-24052
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mariadb security update
2022-04-29
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1619