-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4527
          mariadb:10.3 security, bug fix, and enhancement update
                             23 December 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mariadb:10.3
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Modify Arbitrary Files   -- Existing Account      
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15180 CVE-2020-14812 CVE-2020-14789
                   CVE-2020-14776 CVE-2020-14765 CVE-2020-13249
                   CVE-2020-2922 CVE-2020-2814 CVE-2020-2812
                   CVE-2020-2780 CVE-2020-2760 CVE-2020-2752
                   CVE-2020-2574 CVE-2019-2974 CVE-2019-2938
                   CVE-2019-2805 CVE-2019-2758 CVE-2019-2740
                   CVE-2019-2739 CVE-2019-2737 CVE-2019-2628
                   CVE-2019-2627 CVE-2019-2614 CVE-2019-2537
                   CVE-2019-2510  

Reference:         ASB-2020.0176
                   ESB-2020.4521
                   ESB-2020.4427
                   ESB-2020.4330
                   ESB-2020.4309

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:5663
   https://access.redhat.com/errata/RHSA-2020:5654
   https://access.redhat.com/errata/RHSA-2020:5665

Comment: This bulletin contains three (3) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb:10.3 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:5663-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5663
Issue date:        2020-12-22
CVE Names:         CVE-2019-2510 CVE-2019-2537 CVE-2019-2614 
                   CVE-2019-2627 CVE-2019-2628 CVE-2019-2737 
                   CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 
                   CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 
                   CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 
                   CVE-2020-2780 CVE-2020-2812 CVE-2020-2814 
                   CVE-2020-2922 CVE-2020-13249 CVE-2020-14765 
                   CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 
                   CVE-2020-15180 
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. 

The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089)

Security Fix(es):

* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2537)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2740)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2805)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)

* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899012)

* Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899020)

* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899025)

* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899080)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1666751 - CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
1666763 - CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
1702977 - CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
1731997 - CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
1731999 - CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
1732000 - CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
1732008 - CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
1732025 - CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
1899012 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.0.0.z]
1899020 - Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.0.0.z]
1899025 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.0.0.z]
1899085 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.0.0.z]
1899089 - Update Galera to the appropriate version (25.3.31) [rhel-8.0.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.0):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.src.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.s390x.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2510
https://access.redhat.com/security/cve/CVE-2019-2537
https://access.redhat.com/security/cve/CVE-2019-2614
https://access.redhat.com/security/cve/CVE-2019-2627
https://access.redhat.com/security/cve/CVE-2019-2628
https://access.redhat.com/security/cve/CVE-2019-2737
https://access.redhat.com/security/cve/CVE-2019-2739
https://access.redhat.com/security/cve/CVE-2019-2740
https://access.redhat.com/security/cve/CVE-2019-2758
https://access.redhat.com/security/cve/CVE-2019-2805
https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-14765
https://access.redhat.com/security/cve/CVE-2020-14776
https://access.redhat.com/security/cve/CVE-2020-14789
https://access.redhat.com/security/cve/CVE-2020-14812
https://access.redhat.com/security/cve/CVE-2020-15180
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX+G7Q9zjgjWX9erEAQihGg//fqnucevXfanM4Q3eyIiCwbIXh4w5cSBi
3q0ab1l9PPFJCp//EFYcyV3tcFlgzoFHkjMJxJNefp76SJZqBB0C9yIu51iachsK
Q07286DflCgPfoFWRPAHPovuWcnhn0+r8SbvsrbHgynN+hCa5FBtZGEPO9poZ8oa
AGydnXVa7JodjrpnMI9gwcDa0F1O8W5Kzs9jR5murTQ/8HkJvmBvpv/miwxpKZ8t
L2p26We5UFA4o6pFwMWtwf9ePKZ8P98LsqA3o/UGB2QcKppL324ewdYyu3t798UH
ABj/rXqI+KaiyvzEVJvesH+v54PnFH7ubS1ZbZEi7o2L/9qCvyjypv4h9Co4u6Jr
kFlOFstpCvlhzzGHUYIhQQznHzK7VUk49tjBNmgvjMY+leDY0lUbJ0b7bYOgFQC4
1+aOQ23c66SffTiO3iuPSggq80+P5YA+gE7K7yiBOPJB63LTtoUnEuSHHkLh3oqV
JSZllj5TzEFD+j6PqpW1bCCnwAjkPSpOWC8mIweRftzAmD+H8YHntnOhc17sj61y
LDDz7zi2SpsTmKTqA1uj4hjOSKqpgxs0piGx7eLzs+ToHmUobTVrHpSiHgpVaQVz
bQL3JeHQ7GLXNmo1tCso15xialecp9p96VxVHllfBRfFFdf/MTyfLtXZ7MdQyTFK
E8zkWCo32N4=
=yV7w
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb:10.3 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:5654-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5654
Issue date:        2020-12-22
CVE Names:         CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 
                   CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 
                   CVE-2020-2812 CVE-2020-2814 CVE-2020-13249 
                   CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 
                   CVE-2020-14812 CVE-2020-15180 
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. 

The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899083, BZ#1899087)

Security Fix(es):

* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)

* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899010)

* Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899018)

* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899022)

* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899078)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
1899010 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.2.0.z]
1899018 - Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.2.0.z]
1899022 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.2.0.z]
1899083 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.2.0.z]
1899087 - Update Galera to the appropriate version (25.3.31) [rhel-8.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.src.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.aarch64.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.ppc64le.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.s390x.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm
galera-debuginfo-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm
galera-debugsource-25.3.31-1.module+el8.2.0+8857+d5b3039b.x86_64.rpm
mariadb-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-backup-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-common-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-debugsource-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-embedded-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-errmsg-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-galera-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-utils-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-test-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.2.0+9158+b3fb2ef4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-14765
https://access.redhat.com/security/cve/CVE-2020-14776
https://access.redhat.com/security/cve/CVE-2020-14789
https://access.redhat.com/security/cve/CVE-2020-14812
https://access.redhat.com/security/cve/CVE-2020-15180
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX+G2GtzjgjWX9erEAQiykRAAnPL1Ldlmp5k+2eVHIiiVGIPfn0xGWm8y
r1pDjGcRkP8i0SZ71Q4U96Rbm5XXhPmq9W8YKl+pVusAEj58rcopbdbMgXp5MEPs
vyz9SS7Mmzcy0sSjRb1r9/wQub2E08KXTFiN6jCja74IzlqcFyRCCLwLydI2bFes
7uYDxMIstL5Mf55JyavzpnoJf9Xt1gDgx1pnfi8SczY1A4/fSd+4ACo0L8xcUzsi
VNtHy5aAANJIlvwb6+dwungDKvUItTUrZZkFnhjFUH1/975QaDRIKSBpiOxYFr46
gnGII6N3e5SNBdxB2GYDQaaX3If6aj55iz1fdHJwf7U+nHDp6i9owP4W6Hmg45ph
+WWW+GzNtmfi4EePeNhers52RqPuz9gkXmGGiRPM5FSU/WztkT8jYXnPVAngGIrO
ZnQllm64WB9zr0+2mYjjsq9MG/OX3whsjMPNQTK/QjhmG2xbGWv38ZtkVw6F7xeq
5pEKs7Fs7o+qxk/G2GALdi1hvIThGKpOpaB4DFfEZqH8R4eJDKDsuct7JzqaftRf
Y5kj41ZZBMjJnKGpj/SoB5pKikUDOoA6UIBVwR1iKzGayHUBIAUmnbAIiwaeyNs3
xaVc5QkbtDQp6fLlGXa74Q4NAqzXKAsoeOFYHx88J7fZxNa5FA6mMzp12VeZnvLk
HFNzDiPN+bk=
=o+T0
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mariadb:10.3 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:5665-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5665
Issue date:        2020-12-22
CVE Names:         CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 
                   CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 
                   CVE-2020-2812 CVE-2020-2814 CVE-2020-13249 
                   CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 
                   CVE-2020-14812 CVE-2020-15180 
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. 

The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899084, BZ#1899088)

Security Fix(es):

* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)

* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899011)

* Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899019)

* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899024)

* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899079)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
1899011 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.1.0.z]
1899019 - Queries with entity_id IN ('1', '2', â\x{128}¦, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.1.0.z]
1899024 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.1.0.z]
1899084 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.1.0.z]
1899088 - Update Galera to the appropriate version (25.3.31) [rhel-8.1.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.src.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.aarch64.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.ppc64le.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.s390x.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm
galera-debuginfo-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm
galera-debugsource-25.3.31-1.module+el8.1.0+8860+1543d51b.x86_64.rpm
mariadb-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-backup-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-common-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-debugsource-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-embedded-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-errmsg-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-gssapi-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-oqgraph-engine-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-galera-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-utils-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-test-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm
mariadb-test-debuginfo-10.3.27-3.module+el8.1.0+9159+f0191ef0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-14765
https://access.redhat.com/security/cve/CVE-2020-14776
https://access.redhat.com/security/cve/CVE-2020-14789
https://access.redhat.com/security/cve/CVE-2020-14812
https://access.redhat.com/security/cve/CVE-2020-15180
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX+G7ftzjgjWX9erEAQietQ//ZajvZddJMw/Ddc5k91PZHfFiqrTBCumr
cRHSVNd6jDQjre2/10Yd/b79lCekW/hlOtiZ1/oXX/2fFpFTckDACteWcS2FV1fe
1Rh5IGZxrWGoRMXvjYovsYzPlUgFjq2lRPwhwCpceolgLhscAV6H7hPGFl16VnYO
2S23036YsQ6s8VlzxgyofB5UeQvaTH6WWbnbmz9C4kSwn1/vJJNBbcOaQePXe8WM
q8hQyPSyn9PRLxhgseaPUfyiW4JL3mzOnUiAyj0LMYlrGQKThG/OnXVXVpaSoyUg
yf+oIAMH7VjOmgxmrTX/6RtpqSfACzsg4TSRYc48tBqQwsHeW/WsSphn/0xCvyM3
qJPHRJmiRldlBYTl2cMsZ6so1cKCtmwYTK/e5Xo/uC7kymajlFXnjUiSdpS3wH7C
Qf2UF4NHVnZ/qI1MAOJDTNdq9disJwV/9kCJuMBxKNOha5Mi5HdZoRCYs/RNiZmx
czqvg4iv3qncpTR2lgT43zjsyr2DmIznRfUmt7V1NmIEtRXzj/yIfTASGRJwOfGs
7bt/KxLUxyml69pRvzZcl4aFp0mkJMZAZUvqgctZyiklwJpTqpGHi8suUnwTUr3k
TAJ8lUIGd1mF0jv9N8q+uAgjaw897S232prcW00Kp9IHzap9ypAkyRZqdawARfdz
arZHhOEIcNE=
=kqyA
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX+KTIONLKJtyKPYoAQhxhw//ZGryi1ZFVPnd0Pron1L+ps/b/t+nY+dv
0plfb06Z4zm5YhjhuXKazWboPkC6/XGLml7DTnJGNSYDkBA4KFfhjoVI4MfgjKMS
4ZVLBtSoOFQbqkWIA0hFCmkIHaWMzaPrYg7kPOEn7pmswSqjRHHZyEoXdxeuIkOq
84sDses4PZ0p3q7jGM2jX5o05hogthTJcq2gnNl7sPBapUGdl1JpYA3FfqMcMQBq
daCkCOfSkMjH63YS36ZI5yxB9IOJU2/mHcL+P68nvvHxD7FI1Wo7eR/W+/ewMbgY
mj/WQDKVTxe7Ult5WK037+BDQgoK97AtySeTv/Ux/qFTwFSCqXEOfAbdFR4KfniF
NomxtTDGQ0lRyImYr9QXX1/fP0qfbelFGuDWWBHZUo+sYchm34gzwKRTkOA/qmbU
2VFsPjH7xswOdla7wSIyseUwJNcFbPgcxPxjUF4woYJJwUG5uSF6Co6BDcIgKgaP
KkSpNQlA/tAu3JdNW/mxTXZKSC9aggj01g4NSS8HxlAjUVmNRNFGcF2cu7MD5xbl
kCoqNL9aw7nQV/nuJsOKek46SQ403dRae9C9wJDMUImhFhE03PbPqETV3txChJor
DdwrNT6pswKhJZp9hi3Y4jaY9MMSTcktBPEmHMq/4Jv2I7wjt7IIVg4nInvKm76j
0uhlO2ueknk=
=dLP3
-----END PGP SIGNATURE-----