Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4527 mariadb:10.3 security, bug fix, and enhancement update 23 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mariadb:10.3 Publisher: Red Hat Operating System: Red Hat Impact/Access: Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-15180 CVE-2020-14812 CVE-2020-14789 CVE-2020-14776 CVE-2020-14765 CVE-2020-13249 CVE-2020-2922 CVE-2020-2814 CVE-2020-2812 CVE-2020-2780 CVE-2020-2760 CVE-2020-2752 CVE-2020-2574 CVE-2019-2974 CVE-2019-2938 CVE-2019-2805 CVE-2019-2758 CVE-2019-2740 CVE-2019-2739 CVE-2019-2737 CVE-2019-2628 CVE-2019-2627 CVE-2019-2614 CVE-2019-2537 CVE-2019-2510 Reference: ASB-2020.0176 ESB-2020.4521 ESB-2020.4427 ESB-2020.4330 ESB-2020.4309 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:5663 https://access.redhat.com/errata/RHSA-2020:5654 https://access.redhat.com/errata/RHSA-2020:5665 Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb:10.3 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5663-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5663 Issue date: 2020-12-22 CVE Names: CVE-2019-2510 CVE-2019-2537 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 CVE-2020-2812 CVE-2020-2814 CVE-2020-2922 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 ===================================================================== 1. Summary: An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089) Security Fix(es): * mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180) * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) * mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760) * mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812) * mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765) * mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776) * mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789) * mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899012) * Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899020) * Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899025) * There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899080) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1666751 - CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019) 1666763 - CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) 1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) 1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) 1702977 - CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019) 1731997 - CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) 1731999 - CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) 1732000 - CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019) 1732008 - CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019) 1732025 - CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) 1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020) 1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020) 1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) 1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020) 1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020) 1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server 1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) 1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020) 1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) 1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) 1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep 1899012 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.0.0.z] 1899020 - Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.0.0.z] 1899025 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.0.0.z] 1899085 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.0.0.z] 1899089 - Update Galera to the appropriate version (25.3.31) [rhel-8.0.0.z] 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): Source: Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm galera-25.3.31-1.module+el8.0.0+9239+73817dd5.src.rpm mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.src.rpm aarch64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm galera-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm ppc64le: Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm galera-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm s390x: Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm galera-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm x86_64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm galera-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-2510 https://access.redhat.com/security/cve/CVE-2019-2537 https://access.redhat.com/security/cve/CVE-2019-2614 https://access.redhat.com/security/cve/CVE-2019-2627 https://access.redhat.com/security/cve/CVE-2019-2628 https://access.redhat.com/security/cve/CVE-2019-2737 https://access.redhat.com/security/cve/CVE-2019-2739 https://access.redhat.com/security/cve/CVE-2019-2740 https://access.redhat.com/security/cve/CVE-2019-2758 https://access.redhat.com/security/cve/CVE-2019-2805 https://access.redhat.com/security/cve/CVE-2019-2938 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2760 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-2814 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-14765 https://access.redhat.com/security/cve/CVE-2020-14776 https://access.redhat.com/security/cve/CVE-2020-14789 https://access.redhat.com/security/cve/CVE-2020-14812 https://access.redhat.com/security/cve/CVE-2020-15180 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+G7Q9zjgjWX9erEAQihGg//fqnucevXfanM4Q3eyIiCwbIXh4w5cSBi 3q0ab1l9PPFJCp//EFYcyV3tcFlgzoFHkjMJxJNefp76SJZqBB0C9yIu51iachsK Q07286DflCgPfoFWRPAHPovuWcnhn0+r8SbvsrbHgynN+hCa5FBtZGEPO9poZ8oa AGydnXVa7JodjrpnMI9gwcDa0F1O8W5Kzs9jR5murTQ/8HkJvmBvpv/miwxpKZ8t L2p26We5UFA4o6pFwMWtwf9ePKZ8P98LsqA3o/UGB2QcKppL324ewdYyu3t798UH ABj/rXqI+KaiyvzEVJvesH+v54PnFH7ubS1ZbZEi7o2L/9qCvyjypv4h9Co4u6Jr kFlOFstpCvlhzzGHUYIhQQznHzK7VUk49tjBNmgvjMY+leDY0lUbJ0b7bYOgFQC4 1+aOQ23c66SffTiO3iuPSggq80+P5YA+gE7K7yiBOPJB63LTtoUnEuSHHkLh3oqV JSZllj5TzEFD+j6PqpW1bCCnwAjkPSpOWC8mIweRftzAmD+H8YHntnOhc17sj61y LDDz7zi2SpsTmKTqA1uj4hjOSKqpgxs0piGx7eLzs+ToHmUobTVrHpSiHgpVaQVz bQL3JeHQ7GLXNmo1tCso15xialecp9p96VxVHllfBRfFFdf/MTyfLtXZ7MdQyTFK E8zkWCo32N4= =yV7w - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb:10.3 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5654-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5654 Issue date: 2020-12-22 CVE Names: CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 ===================================================================== 1. Summary: An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899083, BZ#1899087) Security Fix(es): * mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180) * mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760) * mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812) * mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765) * mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776) * mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789) * mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899010) * Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899018) * Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899022) * There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899078) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020) 1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020) 1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) 1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020) 1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server 1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) 1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020) 1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) 1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) 1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep 1899010 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.2.0.z] 1899018 - Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.2.0.z] 1899022 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.2.0.z] 1899083 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.2.0.z] 1899087 - Update Galera to the appropriate version (25.3.31) [rhel-8.2.0.z] 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.src.rpm mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.src.rpm aarch64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm ppc64le: Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm s390x: Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm x86_64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-2938 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2760 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-2814 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-14765 https://access.redhat.com/security/cve/CVE-2020-14776 https://access.redhat.com/security/cve/CVE-2020-14789 https://access.redhat.com/security/cve/CVE-2020-14812 https://access.redhat.com/security/cve/CVE-2020-15180 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+G2GtzjgjWX9erEAQiykRAAnPL1Ldlmp5k+2eVHIiiVGIPfn0xGWm8y r1pDjGcRkP8i0SZ71Q4U96Rbm5XXhPmq9W8YKl+pVusAEj58rcopbdbMgXp5MEPs vyz9SS7Mmzcy0sSjRb1r9/wQub2E08KXTFiN6jCja74IzlqcFyRCCLwLydI2bFes 7uYDxMIstL5Mf55JyavzpnoJf9Xt1gDgx1pnfi8SczY1A4/fSd+4ACo0L8xcUzsi VNtHy5aAANJIlvwb6+dwungDKvUItTUrZZkFnhjFUH1/975QaDRIKSBpiOxYFr46 gnGII6N3e5SNBdxB2GYDQaaX3If6aj55iz1fdHJwf7U+nHDp6i9owP4W6Hmg45ph +WWW+GzNtmfi4EePeNhers52RqPuz9gkXmGGiRPM5FSU/WztkT8jYXnPVAngGIrO ZnQllm64WB9zr0+2mYjjsq9MG/OX3whsjMPNQTK/QjhmG2xbGWv38ZtkVw6F7xeq 5pEKs7Fs7o+qxk/G2GALdi1hvIThGKpOpaB4DFfEZqH8R4eJDKDsuct7JzqaftRf Y5kj41ZZBMjJnKGpj/SoB5pKikUDOoA6UIBVwR1iKzGayHUBIAUmnbAIiwaeyNs3 xaVc5QkbtDQp6fLlGXa74Q4NAqzXKAsoeOFYHx88J7fZxNa5FA6mMzp12VeZnvLk HFNzDiPN+bk= =o+T0 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb:10.3 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5665-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5665 Issue date: 2020-12-22 CVE Names: CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 ===================================================================== 1. Summary: An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899084, BZ#1899088) Security Fix(es): * mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180) * mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760) * mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812) * mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765) * mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776) * mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789) * mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899011) * Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899019) * Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899024) * There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899079) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020) 1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020) 1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) 1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020) 1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server 1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) 1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020) 1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) 1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) 1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep 1899011 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.1.0.z] 1899019 - Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.1.0.z] 1899024 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.1.0.z] 1899084 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.1.0.z] 1899088 - Update Galera to the appropriate version (25.3.31) [rhel-8.1.0.z] 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm galera-25.3.31-1.module+el8.1.0+8860+1543d51b.src.rpm mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.src.rpm aarch64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm galera-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm ppc64le: Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm galera-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm s390x: Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm galera-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm x86_64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm galera-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-2938 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2760 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-2814 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-14765 https://access.redhat.com/security/cve/CVE-2020-14776 https://access.redhat.com/security/cve/CVE-2020-14789 https://access.redhat.com/security/cve/CVE-2020-14812 https://access.redhat.com/security/cve/CVE-2020-15180 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+G7ftzjgjWX9erEAQietQ//ZajvZddJMw/Ddc5k91PZHfFiqrTBCumr cRHSVNd6jDQjre2/10Yd/b79lCekW/hlOtiZ1/oXX/2fFpFTckDACteWcS2FV1fe 1Rh5IGZxrWGoRMXvjYovsYzPlUgFjq2lRPwhwCpceolgLhscAV6H7hPGFl16VnYO 2S23036YsQ6s8VlzxgyofB5UeQvaTH6WWbnbmz9C4kSwn1/vJJNBbcOaQePXe8WM q8hQyPSyn9PRLxhgseaPUfyiW4JL3mzOnUiAyj0LMYlrGQKThG/OnXVXVpaSoyUg yf+oIAMH7VjOmgxmrTX/6RtpqSfACzsg4TSRYc48tBqQwsHeW/WsSphn/0xCvyM3 qJPHRJmiRldlBYTl2cMsZ6so1cKCtmwYTK/e5Xo/uC7kymajlFXnjUiSdpS3wH7C Qf2UF4NHVnZ/qI1MAOJDTNdq9disJwV/9kCJuMBxKNOha5Mi5HdZoRCYs/RNiZmx czqvg4iv3qncpTR2lgT43zjsyr2DmIznRfUmt7V1NmIEtRXzj/yIfTASGRJwOfGs 7bt/KxLUxyml69pRvzZcl4aFp0mkJMZAZUvqgctZyiklwJpTqpGHi8suUnwTUr3k TAJ8lUIGd1mF0jv9N8q+uAgjaw897S232prcW00Kp9IHzap9ypAkyRZqdawARfdz arZHhOEIcNE= =kqyA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX+KTIONLKJtyKPYoAQhxhw//ZGryi1ZFVPnd0Pron1L+ps/b/t+nY+dv 0plfb06Z4zm5YhjhuXKazWboPkC6/XGLml7DTnJGNSYDkBA4KFfhjoVI4MfgjKMS 4ZVLBtSoOFQbqkWIA0hFCmkIHaWMzaPrYg7kPOEn7pmswSqjRHHZyEoXdxeuIkOq 84sDses4PZ0p3q7jGM2jX5o05hogthTJcq2gnNl7sPBapUGdl1JpYA3FfqMcMQBq daCkCOfSkMjH63YS36ZI5yxB9IOJU2/mHcL+P68nvvHxD7FI1Wo7eR/W+/ewMbgY mj/WQDKVTxe7Ult5WK037+BDQgoK97AtySeTv/Ux/qFTwFSCqXEOfAbdFR4KfniF NomxtTDGQ0lRyImYr9QXX1/fP0qfbelFGuDWWBHZUo+sYchm34gzwKRTkOA/qmbU 2VFsPjH7xswOdla7wSIyseUwJNcFbPgcxPxjUF4woYJJwUG5uSF6Co6BDcIgKgaP KkSpNQlA/tAu3JdNW/mxTXZKSC9aggj01g4NSS8HxlAjUVmNRNFGcF2cu7MD5xbl kCoqNL9aw7nQV/nuJsOKek46SQ403dRae9C9wJDMUImhFhE03PbPqETV3txChJor DdwrNT6pswKhJZp9hi3Y4jaY9MMSTcktBPEmHMq/4Jv2I7wjt7IIVg4nInvKm76j 0uhlO2ueknk= =dLP3 -----END PGP SIGNATURE-----