UbuntuUpdates.org

Package "mariadb-10.3"

Name: mariadb-10.3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • MariaDB database development files
  • MariaDB Connector/C, compatibility symlinks
  • MariaDB database client library
  • MariaDB database development files (transitional package)

Latest version: 1:10.3.37-0ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe

Links



Other versions of "mariadb-10.3" in Focal

Repository Area Version
base universe 1:10.3.22-1ubuntu1
updates universe 1:10.3.37-0ubuntu0.20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:10.3.37-0ubuntu0.20.04.1 2022-11-23 17:06:21 UTC

  mariadb-10.3 (1:10.3.37-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.37 includes fixes for security
    vulnerabilities from previous releases as listed below (LP: #1996452)
  * Previous upstream version 10.3.36 included security fixes for:
    - CVE-2018-25032
    - CVE-2022-32084
    - CVE-2022-32091
  * Previous upstream version 10.3.35 included security fixes for:
    - CVE-2021-46669
    - CVE-2022-21427
    - CVE-2022-27376
    - CVE-2022-27377
    - CVE-2022-27378
    - CVE-2022-27379
    - CVE-2022-27380
    - CVE-2022-27381
    - CVE-2022-27383
    - CVE-2022-27384
    - CVE-2022-27386
    - CVE-2022-27387
    - CVE-2022-27445
    - CVE-2022-27447
    - CVE-2022-27448
    - CVE-2022-27449
    - CVE-2022-27452
    - CVE-2022-27456
    - CVE-2022-27458
    - CVE-2022-32083
    - CVE-2022-32085
    - CVE-2022-32087
    - CVE-2022-32088

 -- Otto Kekäläinen <email address hidden> Sat, 12 Nov 2022 22:11:54 -0800

Source diff to previous version
1996452 CVE-2022-32091 et al affect MariaDB in Ubuntu
CVE-2018-25032 zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2022-32084 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32091 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptor
CVE-2021-46669 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVE-2022-21427 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0
CVE-2022-27376 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially c
CVE-2022-27377 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via special
CVE-2022-27378 An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service
CVE-2022-27379 An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial
CVE-2022-27380 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (D
CVE-2022-27381 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) v
CVE-2022-27383 MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially craf
CVE-2022-27384 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Deni
CVE-2022-27386 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
CVE-2022-27387 MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially
CVE-2022-27445 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
CVE-2022-27447 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27448 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27449 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2022-27452 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27456 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27458 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-32083 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-32085 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32087 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVE-2022-32088 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/fil

Version: 1:10.3.34-0ubuntu0.20.04.1 2022-02-28 14:07:14 UTC

  mariadb-10.3 (1:10.3.34-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.34 includes fixes for the
    following security vulnerabilities (LP: #1961350):
    - CVE-2021-46661
    - CVE-2021-46663
    - CVE-2021-46664
    - CVE-2021-46665
    - CVE-2021-46668
  * Previous upstream version 10.3.33 included security fixes for:
    - CVE-2021-46659
    - CVE-2022-24048
    - CVE-2022-24050
    - CVE-2022-24051
    - CVE-2022-24052
  * Previous upstream version 10.3.32 included security fixes for:
    - CVE-2021-46662
    - CVE-2021-46667
  * Upstream version 10.3.33 was skipped as upstream pulled the release within a
    couple of days of release due to severe regression
  * Notable upstream functional changes in 10.3.33:
    - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB)

 -- Otto Kekäläinen <email address hidden> Thu, 17 Feb 2022 18:15:59 -0800

Source diff to previous version
1961350 CVE-2022-24048 et al affect MariaDB in Ubuntu
CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource
CVE-2021-46659 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVE-2022-24048 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate
CVE-2022-24050 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on
CVE-2022-24051 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on
CVE-2022-24052 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate p
CVE-2021-46662 MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
CVE-2021-46667 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

Version: 1:10.3.32-0ubuntu0.20.04.1 2021-12-06 14:06:21 UTC

  mariadb-10.3 (1:10.3.32-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.32 includes fixes for the
    following security vulnerabilities (LP: #1951709):
    - CVE-2021-35604
  * Drop MIPS and libatomic patches applied now upstream
  * Upstream issue MDEV-25114 about Galera WSREP invalid state
    fixed (Closes: #989898)

 -- Otto Kekäläinen <email address hidden> Sat, 20 Nov 2021 16:08:18 -0800

Source diff to previous version
1951709 CVE-2021-35604 affects MariaDB in Ubuntu
989898 MariaDB crashes with "Crash: WSREP: invalid state ROLLED_BACK (FATAL)"
CVE-2021-35604 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 a

Version: 1:10.3.31-0ubuntu0.20.04.1 2021-08-12 23:06:18 UTC

  mariadb-10.3 (1:10.3.31-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.31 includes fixes for the
    following security vulnerabilities (LP: #1939188):
    - CVE-2021-2389
    - CVE-2021-2372

 -- Otto Kekäläinen <email address hidden> Fri, 06 Aug 2021 22:19:19 -0700

Source diff to previous version
1939188 CVE-2021-2389 \u0026 CVE-2021-2372 affect MariaDB in Ubuntu
CVE-2021-2389 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 a
CVE-2021-2372 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 a

Version: 1:10.3.30-0ubuntu0.20.04.1 2021-07-29 03:06:26 UTC

  mariadb-10.3 (1:10.3.30-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version 10.3.30 includes fixes for a critical bug that
    was compromising the results of some type of queries (subqueries with
    group by): https://jira.mariadb.org/browse/MDEV-25714 (LP: #1936727)
  * Fix Perl executable path in scripts (stop using 'env') (Closes: #991472)
    Upstream MariaDB has broken shebangs (#!/usr/bin/env perl) in several
    scripts, thus rendering them potentially loading the wrong Perl version
    and rendering the scripts unusable. Fixing the shebang recovers correct
    behaviour.

  [ Daniel Black ]
  * Add caching_sha2_password.so (Closes: #962597) (LP: #1913676)

 -- Otto Kekäläinen <email address hidden> Sat, 17 Jul 2021 15:59:58 -0700

1936727 [SRU] MariaDB new release 10.3.30
1913676 libmariadb3 fails to include caching_sha2_password.so
991472 mariadb-client-10.3: mytop has wrong shebang line
962597 libmariadb3: Install caching_sha2_password.so



About   -   Send Feedback to @ubuntu_updates