UbuntuUpdates.org

Package "mariadb-10.6"

Name: mariadb-10.6

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • MariaDB database development files
  • MariaDB Connector/C, compatibility symlinks
  • MariaDB database client library
  • MariaDB embedded database, development files

Latest version: 1:10.6.11-0ubuntu0.22.04.1
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "mariadb-10.6" in Jammy

Repository Area Version
updates universe 1:10.6.11-0ubuntu0.22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:10.6.11-0ubuntu0.22.04.1 2022-11-23 17:06:22 UTC

  mariadb-10.6 (1:10.6.11-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.6.11 includes fixes for security
    vulnerabilities from previous releases as listed below (LP: #1996452)
  * New upstream version 10.6.10. Includes several important fixes for
    issues that regressed in previous release. See details in:
    https://mariadb.org/regressions-in-recent-mariadb-server-releases/
  * New upstream version 10.6.9. Includes security fixes for
    - CVE-2018-25032
    - CVE-2022-32081
    - CVE-2022-32082
    - CVE-2022-32084
    - CVE-2022-32089
    - CVE-2022-32091
  * New upstream version 10.6.8. Includes security fixes for
    - CVE-2021-46669
    - CVE-2022-27376
    - CVE-2022-27377
    - CVE-2022-27378
    - CVE-2022-27379
    - CVE-2022-27380
    - CVE-2022-27381
    - CVE-2022-27382
    - CVE-2022-27383
    - CVE-2022-27384
    - CVE-2022-27386
    - CVE-2022-27387
    - CVE-2022-27444
    - CVE-2022-27445
    - CVE-2022-27446
    - CVE-2022-27447
    - CVE-2022-27448
    - CVE-2022-27449
    - CVE-2022-27451
    - CVE-2022-27452
    - CVE-2022-27455
    - CVE-2022-27456
    - CVE-2022-27457
    - CVE-2022-27458
    - CVE-2022-32085
    - CVE-2022-32086
    - CVE-2022-32087
    - CVE-2022-32088
  * Clean away several patches:
    - Remove Mroonga patch that didn't help make it build in a reproducible way.
      The patch does not hurt, but cleaning away all excess cruft is a vice.
    - Remove multiple patches that all got merged upstream or that were
      themselves backported existing upstream commits.
    - Remove the OpenSSL 30 patches that all got merged upstream in
      https://github.com/MariaDB/server/pull/2036
  * Add Bulgarian and Chinese translations for error messages
  * Include new wsrep_sst_backup in mariadb-server-10.6 package

 -- Otto Kekäläinen <email address hidden> Sat, 12 Nov 2022 23:48:47 -0800

1996452 CVE-2022-32091 et al affect MariaDB in Ubuntu
CVE-2018-25032 zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2022-32081 MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
CVE-2022-32082 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
CVE-2022-32084 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32089 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32091 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptor
CVE-2021-46669 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVE-2022-27376 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially c
CVE-2022-27377 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via special
CVE-2022-27378 An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service
CVE-2022-27379 An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial
CVE-2022-27380 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (D
CVE-2022-27381 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) v
CVE-2022-27382 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
CVE-2022-27383 MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially craf
CVE-2022-27384 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Deni
CVE-2022-27386 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
CVE-2022-27387 MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially
CVE-2022-27444 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
CVE-2022-27445 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
CVE-2022-27446 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
CVE-2022-27447 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27448 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27449 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2022-27451 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
CVE-2022-27452 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27455 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
CVE-2022-27456 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27457 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVE-2022-27458 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-32085 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32086 MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32087 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVE-2022-32088 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/fil



About   -   Send Feedback to @ubuntu_updates