Headline
Ubuntu Security Notice USN-6600-1
Ubuntu Security Notice 6600-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
==========================================================================Ubuntu Security Notice USN-6600-1January 25, 2024mariadb, mariadb-10.3, mariadb-10.6 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in MariaDB.Software Description:- mariadb: MariaDB database- mariadb-10.6: MariaDB database- mariadb-10.3: MariaDB databaseDetails:Several security issues were discovered in MariaDB and this updateincludes new upstream MariaDB versions to fix these issues.MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10.CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTSand Ubuntu 22.04 LTS.In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: mariadb-server 1:10.11.6-0ubuntu0.23.10.2Ubuntu 22.04 LTS: mariadb-server 1:10.6.16-0ubuntu0.22.04.1Ubuntu 20.04 LTS: mariadb-server 1:10.3.39-0ubuntu0.20.04.2This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References: https://ubuntu.com/security/notices/USN-6600-1 CVE-2022-47015, CVE-2023-22084Package Information:https://launchpad.net/ubuntu/+source/mariadb/1:10.11.6-0ubuntu0.23.10.2https://launchpad.net/ubuntu/+source/mariadb-10.6/1:10.6.16-0ubuntu0.22.04.1https://launchpad.net/ubuntu/+source/mariadb-10.3/1:10.3.39-0ubuntu0.20.04.2Related news
Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.
Red Hat Security Advisory 2024-2619-03 - An update for rh-mysql80-mysql is now available for Red Hat Software Collections.
Red Hat Security Advisory 2024-1141-03 - An update for mysql is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.
Ubuntu Security Notice 6583-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.44 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information:
Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.
Ubuntu Security Notice 6459-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.35 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat Security Advisory 2023-5684-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2023-5683-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2023-5259-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.