Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5759: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery
  • CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
  • CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
  • CVE-2021-46664: mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
  • CVE-2021-46665: mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
  • CVE-2021-46668: mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
  • CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
  • CVE-2022-24048: mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
  • CVE-2022-24050: mariadb: lack of validating the existence of an object prior to performing operations on the object
  • CVE-2022-24051: mariadb: lack of proper validation of a user-supplied string before using it as a format specifier
  • CVE-2022-24052: mariadb: CONNECT storage engine heap-based buffer overflow
  • CVE-2022-27376: mariadb: assertion failure in Item_args::walk_arg
  • CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blob
  • CVE-2022-27378: mariadb: server crash in create_tmp_table::finalize
  • CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixed
  • CVE-2022-27380: mariadb: server crash at my_decimal::operator=
  • CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statements
  • CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order
  • CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
  • CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_tracker
  • CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
  • CVE-2022-27387: mariadb: assertion failures in decimal_bin_size
  • CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equality
  • CVE-2022-27445: mariadb: assertion failure in compare_order_elements
  • CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equality
  • CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_buffer
  • CVE-2022-27448: mariadb: crash in multi-update and implicit grouping
  • CVE-2022-27449: mariadb: assertion failure in sql/item_func.cc
  • CVE-2022-27451: mariadb: crash via window function in expression in ORDER BY
  • CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.cc
  • CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
  • CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
  • CVE-2022-27457: mariadb: incorrect key in “dup value” error after long unique
  • CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_buffer
  • CVE-2022-31622: mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
  • CVE-2022-31623: mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
  • CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_tracker
  • CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
  • CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
  • CVE-2022-32087: mariadb: server crash in Item_args::walk_args
  • CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
Red Hat Security Data
#sql#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#buffer_overflow#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

发布:

2022-07-28

已更新:

2022-07-28

RHSA-2022:5759 - Security Advisory

  • 概述
  • 更新的软件包

概述

Moderate: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update

类型/严重性

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version: rh-mariadb105-galera (26.4.11), rh-mariadb105-mariadb (10.5.16).

Security Fix(es):

  • mariadb: convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669)
  • mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)
  • mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050)
  • mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051)
  • mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)
  • mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)
  • mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)
  • mariadb: crash in create_tmp_table::finalize (CVE-2022-27378)
  • mariadb: crash in arg_comparator::compare_real_fixed (CVE-2022-27379)
  • mariadb: crash at my_decimal::operator= (CVE-2022-27380)
  • mariadb: crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)
  • mariadb: assertion failure via Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382)
  • mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)
  • mariadb: crash via Item_subselect::init_expr_cache_tracker (CVE-2022-27384)
  • mariadb: crashe in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)
  • mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)
  • mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)
  • mariadb: assertion failure in compare_order_elements (CVE-2022-27445)
  • mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)
  • mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)
  • mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)
  • mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)
  • mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)
  • mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)
  • mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)
  • mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)
  • mariadb: incorrect key in “dup value” error after long unique (CVE-2022-27457)
  • mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)
  • mariadb: improper locking in ds_compress.cc (CVE-2022-31622)
  • mariadb: improper locking in ds_compress.cc (CVE-2022-31623)
  • mariadb: crash at init_expr_cache_tracker (CVE-2022-32083)
  • mariadb: crash in cleanup/Item::cleanup_processor (CVE-2022-32085)
  • mariadb: crash in fix_outer_field for INSERT SELECT (CVE-2022-32086)
  • mariadb: crash in Item_args::walk_args (CVE-2022-32087)
  • mariadb: segmentation fault in get_loops/report_use/filesort (CVE-2022-32088)
  • mariadb: crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)
  • mariadb: crash via an unused common table expression (CTE) (CVE-2021-46661)
  • mariadb: ha_maria::extra crash via certain SELECT statements (CVE-2021-46663)
  • mariadb: crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)
  • mariadb: sql_parse.cc crash because of used_tables expectations (CVE-2021-46665)
  • mariadb: application crash via long SELECT DISTINCT statements (CVE-2021-46668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Don’t use less parallelism if not necessary (BZ#2101776)
  • [Tracker] Rebase to Galera 26.4.11 (BZ#2101783)

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

受影响的产品

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

修复

  • BZ - 2049302 - CVE-2021-46659 mariadb: Crash executing query with VIEW, aggregate and subquery
  • BZ - 2050017 - CVE-2021-46661 mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
  • BZ - 2050022 - CVE-2021-46663 mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
  • BZ - 2050024 - CVE-2021-46664 mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
  • BZ - 2050026 - CVE-2021-46665 mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
  • BZ - 2050032 - CVE-2021-46668 mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
  • BZ - 2050034 - CVE-2021-46669 mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
  • BZ - 2068211 - CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow
  • BZ - 2068233 - CVE-2022-24051 mariadb: lack of proper validation of a user-supplied string before using it as a format specifier
  • BZ - 2068234 - CVE-2022-24048 mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
  • BZ - 2069833 - CVE-2022-24050 mariadb: lack of validating the existence of an object prior to performing operations on the object
  • BZ - 2074817 - CVE-2022-27376 mariadb: assertion failure in Item_args::walk_arg
  • BZ - 2074947 - CVE-2022-27377 mariadb: use-after-poison when complex conversion is involved in blob
  • BZ - 2074949 - CVE-2022-27378 mariadb: server crash in create_tmp_table::finalize
  • BZ - 2074951 - CVE-2022-27379 mariadb: server crash in component arg_comparator::compare_real_fixed
  • BZ - 2074966 - CVE-2022-27380 mariadb: server crash at my_decimal::operator=
  • BZ - 2074981 - CVE-2022-27381 mariadb: server crash at Field::set_default via specially crafted SQL statements
  • BZ - 2074987 - CVE-2022-27382 mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order
  • BZ - 2074996 - CVE-2022-27383 mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
  • BZ - 2074999 - CVE-2022-27384 mariadb: crash via component Item_subselect::init_expr_cache_tracker
  • BZ - 2075005 - CVE-2022-27386 mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
  • BZ - 2075006 - CVE-2022-27387 mariadb: assertion failures in decimal_bin_size
  • BZ - 2075691 - CVE-2022-27445 mariadb: assertion failure in compare_order_elements
  • BZ - 2075692 - CVE-2022-27446 mariadb: crash when using HAVING with IS NULL predicate in an equality
  • BZ - 2075693 - CVE-2022-27447 mariadb: use-after-poison in Binary_string::free_buffer
  • BZ - 2075694 - CVE-2022-27448 mariadb: crash in multi-update and implicit grouping
  • BZ - 2075695 - CVE-2022-27449 mariadb: assertion failure in sql/item_func.cc
  • BZ - 2075696 - CVE-2022-27444 mariadb: crash when using HAVING with NOT EXIST predicate in an equality
  • BZ - 2075697 - CVE-2022-27456 mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
  • BZ - 2075699 - CVE-2022-27457 mariadb: incorrect key in “dup value” error after long unique
  • BZ - 2075700 - CVE-2022-27458 mariadb: use-after-poison in Binary_string::free_buffer
  • BZ - 2075701 - CVE-2022-27455 mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
  • BZ - 2076144 - CVE-2022-27451 mariadb: crash via window function in expression in ORDER BY
  • BZ - 2076145 - CVE-2022-27452 mariadb: assertion failure in sql/item_cmpfunc.cc
  • BZ - 2092354 - CVE-2022-31622 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
  • BZ - 2092360 - CVE-2022-31623 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
  • BZ - 2101776 - Don’t use less parallelism if not necessary [rhscl-3.8.z]
  • BZ - 2101777 - DROP TABLE doesn’t raise error while dropping non-existing table [rhscl-3.8.z]
  • BZ - 2101782 - [Tracker] Rebase to MariaDB 10.5.16 [rhscl-3.8.z]
  • BZ - 2101783 - [Tracker] Rebase to Galera 26.4.11 [rhscl-3.8.z]
  • BZ - 2104425 - CVE-2022-32083 mariadb: server crash at Item_subselect::init_expr_cache_tracker
  • BZ - 2104431 - CVE-2022-32085 mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
  • BZ - 2104433 - CVE-2022-32086 mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
  • BZ - 2104434 - CVE-2022-32087 mariadb: server crash in Item_args::walk_args
  • BZ - 2106008 - CVE-2022-32088 mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

CVE

  • CVE-2021-46659
  • CVE-2021-46661
  • CVE-2021-46663
  • CVE-2021-46664
  • CVE-2021-46665
  • CVE-2021-46668
  • CVE-2021-46669
  • CVE-2022-24048
  • CVE-2022-24050
  • CVE-2022-24051
  • CVE-2022-24052
  • CVE-2022-27376
  • CVE-2022-27377
  • CVE-2022-27378
  • CVE-2022-27379
  • CVE-2022-27380
  • CVE-2022-27381
  • CVE-2022-27382
  • CVE-2022-27383
  • CVE-2022-27384
  • CVE-2022-27386
  • CVE-2022-27387
  • CVE-2022-27444
  • CVE-2022-27445
  • CVE-2022-27446
  • CVE-2022-27447
  • CVE-2022-27448
  • CVE-2022-27449
  • CVE-2022-27451
  • CVE-2022-27452
  • CVE-2022-27455
  • CVE-2022-27456
  • CVE-2022-27457
  • CVE-2022-27458
  • CVE-2022-31622
  • CVE-2022-31623
  • CVE-2022-32083
  • CVE-2022-32085
  • CVE-2022-32086
  • CVE-2022-32087
  • CVE-2022-32088

参考

  • https://access.redhat.com/security/updates/classification/#moderate

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM

rh-mariadb105-galera-26.4.11-1.el7.src.rpm

SHA-256: f2e38d3ad3391c6747b13fc228ae1204ee4a01d8b11f3062d833d9ec42a1bafa

rh-mariadb105-mariadb-10.5.16-2.el7.src.rpm

SHA-256: 05d202f3d5598b8b267ff6d56da7d80319367bd5e2c2568fb6d077ef04d4241b

x86_64

rh-mariadb105-galera-26.4.11-1.el7.x86_64.rpm

SHA-256: 36731324857e05d09e4d8610a70c87e0767117af048b685e71bdcf0377cca301

rh-mariadb105-galera-debuginfo-26.4.11-1.el7.x86_64.rpm

SHA-256: 59dc40e539dc81978941f306130cef98f9ee9da795012b102ac40cc712f64e4e

rh-mariadb105-mariadb-10.5.16-2.el7.x86_64.rpm

SHA-256: 94b85e2b22a94ed06e20571474f4291a4b2ecbbd93a831ec88cccc4792e516d1

rh-mariadb105-mariadb-backup-10.5.16-2.el7.x86_64.rpm

SHA-256: a232bedb10de1e7b9958e64fb4a001fe40fb54b106e2b1a549321ba916c3d8d9

rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: 2abfa9719c49b7bc1bb524750cf520ecf50cef06b9a2b2ba9ca1f537bec19357

rh-mariadb105-mariadb-common-10.5.16-2.el7.x86_64.rpm

SHA-256: 84e80e985b7b02a83315ce004188021b6bec7049f856db935bf4bb23d07a52af

rh-mariadb105-mariadb-config-10.5.16-2.el7.x86_64.rpm

SHA-256: 865e3fe305f8090d9d691782c65042637e08bec2736bc57cdbc080e866776111

rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: cff217c7c8fa8137b2080d5bb06d892680995718dde160223523e24ac3a7ac1f

rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7.x86_64.rpm

SHA-256: 457c9c53e278b576059560ebd46959937de6edaeacb61236b943fb489f4e3490

rh-mariadb105-mariadb-debuginfo-10.5.16-2.el7.x86_64.rpm

SHA-256: af72ed19df8095b984c4cff5fa1e21e46d2806941b65935584ff353dad3b3d61

rh-mariadb105-mariadb-devel-10.5.16-2.el7.x86_64.rpm

SHA-256: d4dc130a879d04bed2f0e55d8ecc6fd59256a04a1f46a9ad78d21619ad95a83e

rh-mariadb105-mariadb-errmsg-10.5.16-2.el7.x86_64.rpm

SHA-256: fc84855d7f090115344d8e7abf4082e207f36653556557c74ce084f99964325b

rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7.x86_64.rpm

SHA-256: d1a76ac0b64d18f1ac74a9c2f163bac513d87ac882a689b05e8af5415a47ceeb

rh-mariadb105-mariadb-libs-10.5.16-2.el7.x86_64.rpm

SHA-256: e9a269ef074ebd2359a55cf53d1048d673b3a8c453cd68e2723fb129ffe605e3

rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7.x86_64.rpm

SHA-256: 1c063c3f0f1e766adfc214ff7c054c560f31f606db89865d2dcfd02046926928

rh-mariadb105-mariadb-pam-10.5.16-2.el7.x86_64.rpm

SHA-256: 34b4df168e3e76641111d3c4d0715013ba8cdceb524840efad04773d00b2fb2b

rh-mariadb105-mariadb-server-10.5.16-2.el7.x86_64.rpm

SHA-256: 50a970f41b3c832321e983cf90212106e64a82ce9531f10638f1505d5b27f872

rh-mariadb105-mariadb-server-galera-10.5.16-2.el7.x86_64.rpm

SHA-256: d57d8c83affb662bead8d89d29ace30890e66d2a9ad56f0f620c76d8484b2e10

rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: 9e0c98028f2da3fd8b8f91018296b25182d9b05577f51a1a8c67c37d471e05dd

rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: bd8f98acb646cf102f3645e0952887e195520577e0cb69d57d6074e8a5e42e3e

rh-mariadb105-mariadb-server-utils-10.5.16-2.el7.x86_64.rpm

SHA-256: f17b90862f96b0052d97c4ba4a474afc8da1071c8cd775584a3c54372fe62e9d

rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: 52de60a89575345582eae8c57e7f15753e1af907e7ef0aabab6ebb7d90389f82

rh-mariadb105-mariadb-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: be233b74045467ad21579378276735d1d4b156cfc26c3ad16ac958e412e2f34d

rh-mariadb105-mariadb-test-10.5.16-2.el7.x86_64.rpm

SHA-256: c3d043f50c282c0c70697b1b0aa92c3574ffdd1aa192012f78679852bd082d9c

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM

rh-mariadb105-galera-26.4.11-1.el7.src.rpm

SHA-256: f2e38d3ad3391c6747b13fc228ae1204ee4a01d8b11f3062d833d9ec42a1bafa

rh-mariadb105-mariadb-10.5.16-2.el7.src.rpm

SHA-256: 05d202f3d5598b8b267ff6d56da7d80319367bd5e2c2568fb6d077ef04d4241b

s390x

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM

rh-mariadb105-galera-26.4.11-1.el7.src.rpm

SHA-256: f2e38d3ad3391c6747b13fc228ae1204ee4a01d8b11f3062d833d9ec42a1bafa

rh-mariadb105-mariadb-10.5.16-2.el7.src.rpm

SHA-256: 05d202f3d5598b8b267ff6d56da7d80319367bd5e2c2568fb6d077ef04d4241b

x86_64

rh-mariadb105-galera-26.4.11-1.el7.x86_64.rpm

SHA-256: 36731324857e05d09e4d8610a70c87e0767117af048b685e71bdcf0377cca301

rh-mariadb105-galera-debuginfo-26.4.11-1.el7.x86_64.rpm

SHA-256: 59dc40e539dc81978941f306130cef98f9ee9da795012b102ac40cc712f64e4e

rh-mariadb105-mariadb-10.5.16-2.el7.x86_64.rpm

SHA-256: 94b85e2b22a94ed06e20571474f4291a4b2ecbbd93a831ec88cccc4792e516d1

rh-mariadb105-mariadb-backup-10.5.16-2.el7.x86_64.rpm

SHA-256: a232bedb10de1e7b9958e64fb4a001fe40fb54b106e2b1a549321ba916c3d8d9

rh-mariadb105-mariadb-backup-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: 2abfa9719c49b7bc1bb524750cf520ecf50cef06b9a2b2ba9ca1f537bec19357

rh-mariadb105-mariadb-common-10.5.16-2.el7.x86_64.rpm

SHA-256: 84e80e985b7b02a83315ce004188021b6bec7049f856db935bf4bb23d07a52af

rh-mariadb105-mariadb-config-10.5.16-2.el7.x86_64.rpm

SHA-256: 865e3fe305f8090d9d691782c65042637e08bec2736bc57cdbc080e866776111

rh-mariadb105-mariadb-config-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: cff217c7c8fa8137b2080d5bb06d892680995718dde160223523e24ac3a7ac1f

rh-mariadb105-mariadb-connect-engine-10.5.16-2.el7.x86_64.rpm

SHA-256: 457c9c53e278b576059560ebd46959937de6edaeacb61236b943fb489f4e3490

rh-mariadb105-mariadb-debuginfo-10.5.16-2.el7.x86_64.rpm

SHA-256: af72ed19df8095b984c4cff5fa1e21e46d2806941b65935584ff353dad3b3d61

rh-mariadb105-mariadb-devel-10.5.16-2.el7.x86_64.rpm

SHA-256: d4dc130a879d04bed2f0e55d8ecc6fd59256a04a1f46a9ad78d21619ad95a83e

rh-mariadb105-mariadb-errmsg-10.5.16-2.el7.x86_64.rpm

SHA-256: fc84855d7f090115344d8e7abf4082e207f36653556557c74ce084f99964325b

rh-mariadb105-mariadb-gssapi-server-10.5.16-2.el7.x86_64.rpm

SHA-256: d1a76ac0b64d18f1ac74a9c2f163bac513d87ac882a689b05e8af5415a47ceeb

rh-mariadb105-mariadb-libs-10.5.16-2.el7.x86_64.rpm

SHA-256: e9a269ef074ebd2359a55cf53d1048d673b3a8c453cd68e2723fb129ffe605e3

rh-mariadb105-mariadb-oqgraph-engine-10.5.16-2.el7.x86_64.rpm

SHA-256: 1c063c3f0f1e766adfc214ff7c054c560f31f606db89865d2dcfd02046926928

rh-mariadb105-mariadb-pam-10.5.16-2.el7.x86_64.rpm

SHA-256: 34b4df168e3e76641111d3c4d0715013ba8cdceb524840efad04773d00b2fb2b

rh-mariadb105-mariadb-server-10.5.16-2.el7.x86_64.rpm

SHA-256: 50a970f41b3c832321e983cf90212106e64a82ce9531f10638f1505d5b27f872

rh-mariadb105-mariadb-server-galera-10.5.16-2.el7.x86_64.rpm

SHA-256: d57d8c83affb662bead8d89d29ace30890e66d2a9ad56f0f620c76d8484b2e10

rh-mariadb105-mariadb-server-galera-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: 9e0c98028f2da3fd8b8f91018296b25182d9b05577f51a1a8c67c37d471e05dd

rh-mariadb105-mariadb-server-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: bd8f98acb646cf102f3645e0952887e195520577e0cb69d57d6074e8a5e42e3e

rh-mariadb105-mariadb-server-utils-10.5.16-2.el7.x86_64.rpm

SHA-256: f17b90862f96b0052d97c4ba4a474afc8da1071c8cd775584a3c54372fe62e9d

rh-mariadb105-mariadb-server-utils-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: 52de60a89575345582eae8c57e7f15753e1af907e7ef0aabab6ebb7d90389f82

rh-mariadb105-mariadb-syspaths-10.5.16-2.el7.x86_64.rpm

SHA-256: be233b74045467ad21579378276735d1d4b156cfc26c3ad16ac958e412e2f34d

rh-mariadb105-mariadb-test-10.5.16-2.el7.x86_64.rpm

SHA-256: c3d043f50c282c0c70697b1b0aa92c3574ffdd1aa192012f78679852bd082d9c

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Related news

Gentoo Linux Security Advisory 202405-25

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Ubuntu Security Notice USN-5739-1

Ubuntu Security Notice 5739-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Red Hat Security Advisory 2022-6443-01

Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

RHSA-2022:6443: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

RHSA-2022:6306: Red Hat Security Advisory: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:5948: Red Hat Security Advisory: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via cert...

RHSA-2022:5826: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

CVE-2022-32088: [MDEV-26419] A SEGV in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

CVE-2022-32086: [MDEV-26412] Server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

CVE-2022-32087: [MDEV-26437] Server crashes in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

CVE-2022-32085: [MDEV-26407] Server crashes in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

CVE-2022-31622: [MDEV-26561] An improper locking bug due to the unreleased lock

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVE-2022-31623: MDEV-26561 Fix a bug due to unreleased lock by ryancaicse · Pull Request #1938 · MariaDB/server

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVE-2022-27446: [MDEV-28082] Crash when using HAVING with IS NULL predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

CVE-2022-27445: [MDEV-28081] MariaDB SEGV issue - Jira

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

CVE-2022-27449: [MDEV-28089] MariaDB SEGV issue - Jira

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

CVE-2022-27456: [MDEV-28093] MariaDB UAP issue - Jira

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

CVE-2022-27451: [MDEV-28094] Window function in expression in ORDER BY

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

CVE-2022-27455: [MDEV-28097] use-after-free when WHERE has subquery with an outer reference in HAVING

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

CVE-2022-27444: [MDEV-28080] Crash when using HAVING with NOT EXIST predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

CVE-2022-27452: [MDEV-28090] MariaDB SEGV issue - Jira

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

CVE-2022-27457: [MDEV-28098] incorrect key in "dup value" error after long unique

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

CVE-2022-27448: [MDEV-28095] crash in multi-update and implicit grouping

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

CVE-2022-27458: [MDEV-28099] MariaDB UAP issue - Jira

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.

CVE-2022-27386: [MDEV-26406] A SEGV in sql/sql_class.cc

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

CVE-2022-27386: [MDEV-26406] A SEGV in sql/sql_class.cc

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

CVE-2022-27384: [MDEV-26047] MariaDB server crash at Item_subselect::init_expr_cache_tracker

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27383: [MDEV-26323] use-after-poison issue of MariaDB server

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

CVE-2022-27381: [MDEV-26061] MariaDB server crash at Field::set_default

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27380: [MDEV-26280] MariaDB server crash at my_decimal::operator=

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27379: [MDEV-26353] MariaDB server crash in Arg_comparator::compare_real_fixed

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27378: [MDEV-26423] MariaDB server crash in Create_tmp_table::finalize

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVE-2022-27376: [MDEV-26354] MariaDB server crash in Field::set_default - ASAN use after free in Item_args::walk_arg

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

CVE-2022-27377: [MDEV-26281] ASAN use-after-poison when complex conversion is involved in blob

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

CVE-2022-27382: [MDEV-26402] A SEGV in Item_field::used_tables/update_depend_map_for_order or Assertion `fixed == 1'

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

CVE-2022-27387: [MDEV-26422] ASAN: global-buffer-overflow in decimal_bin_size on SELECT

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24050: ZDI-22-364

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24048: ZDI-22-363

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2021-46664: [MDEV-25761] Assertion `aggr != __null' failed in sub_select_postjoin_aggr

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.

CVE-2021-46663: [MDEV-26351] segfault - (MARIA_HA *) 0x0 in ha_maria::extra

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.

CVE-2021-46668: [MDEV-25787] Bug report: crash on SELECT DISTINCT thousands_blob_fields

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

CVE-2021-46661: [MDEV-25766] Unused CTE lead to a crash in find_field_in_tables/find_order_in_list

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).

CVE-2021-46669: [MDEV-25638] Assertion `!result' failed in convert_const_to_int

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

CVE-2021-46665: [MDEV-25636] Bug report: abortion in sql/sql_parse.cc:6294

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

CVE-2021-46659: [MDEV-25631] Crash executing query with VIEW, aggregate and subquery

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.