| Summary: | <dev-db/mariadb-{10.2.22-r3,10.3.23-r3,10.4.13-r3,10.5.6}: remote code execution via the WSREP protocol (CVE-2020-15180) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | mysql-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lists.askmonty.org/pipermail/announce/2020-October/000236.html | ||
| Whiteboard: | B1 [glsa+ cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sam James
2020-10-07 21:04:16 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eac865fddbb514bcbc2b97d71ab093aa410c94d5 commit eac865fddbb514bcbc2b97d71ab093aa410c94d5 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 22:28:42 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:12 +0000 dev-db/mariadb: security cleanup Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/Manifest | 8 - dev-db/mariadb/mariadb-10.1.38-r2.ebuild | 892 ------------------------- dev-db/mariadb/mariadb-10.1.45-r1.ebuild | 925 -------------------------- dev-db/mariadb/mariadb-10.1.46.ebuild | 925 -------------------------- dev-db/mariadb/mariadb-10.2.33.ebuild | 1017 ----------------------------- dev-db/mariadb/mariadb-10.3.24.ebuild | 1008 ----------------------------- dev-db/mariadb/mariadb-10.4.14.ebuild | 1038 ------------------------------ dev-db/mariadb/mariadb-10.5.5.ebuild | 1033 ----------------------------- 8 files changed, 6846 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e17f1375adf19494cc302d8527294cac08bbf40a commit e17f1375adf19494cc302d8527294cac08bbf40a Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 22:25:33 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:11 +0000 dev-db/mariadb: bump to v10.1.47 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.1.47.ebuild | 925 ++++++++++++++++++++++++++++++++++ 2 files changed, 926 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efbf5b509c6b7c22106f4590c13890a301eb6f52 commit efbf5b509c6b7c22106f4590c13890a301eb6f52 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 22:23:35 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:11 +0000 dev-db/mariadb: 10.2.x rev bump for CVE-2020-15180 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/{mariadb-10.2.32-r2.ebuild => mariadb-10.2.32-r3.ebuild} | 1 + 1 file changed, 1 insertion(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4afbaca16bd9642ba51f70ed82f0ec68458cb7e5 commit 4afbaca16bd9642ba51f70ed82f0ec68458cb7e5 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 22:18:25 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:10 +0000 dev-db/mariadb: bump to v10.2.34 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.2.34.ebuild | 1017 +++++++++++++++++++++++++++++++++ 2 files changed, 1018 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4 commit 0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 22:16:25 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:09 +0000 dev-db/mariadb: 10.3.x rev bump for CVE-2020-15180 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../files/mariadb-10.3-CVE-2020-15180.patch | 75 ++++++++++++++++++++++ ...10.3.23-r2.ebuild => mariadb-10.3.23-r3.ebuild} | 1 + 2 files changed, 76 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad3f6e09be0deca23fde8252b28cad875e887bbc commit ad3f6e09be0deca23fde8252b28cad875e887bbc Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 22:11:35 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:09 +0000 dev-db/mariadb: bump to v10.3.25 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.3.25.ebuild | 1008 +++++++++++++++++++++++++++++++++ 2 files changed, 1009 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90ad011695b84e10ea33b8914f645181735c1376 commit 90ad011695b84e10ea33b8914f645181735c1376 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 21:30:40 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:08 +0000 dev-db/mariadb: 10.4.x rev bump for CVE-2020-15180 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../files/mariadb-10.4-CVE-2020-15180.patch | 62 ++++++++++++++++++++++ ...10.4.13-r2.ebuild => mariadb-10.4.13-r3.ebuild} | 1 + 2 files changed, 63 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fec4b7f088c27ec110fd5249287b900a72c5c5e commit 2fec4b7f088c27ec110fd5249287b900a72c5c5e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 21:28:25 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:08 +0000 dev-db/mariadb: bump to v10.4.15 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.4.15.ebuild | 1038 +++++++++++++++++++++++++++++++++ 2 files changed, 1039 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed64ced45d1d4b7a87feece9dd7bf97576f2bff5 commit ed64ced45d1d4b7a87feece9dd7bf97576f2bff5 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-07 21:26:26 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-07 22:30:07 +0000 dev-db/mariadb: bump to v10.5.6 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.5.6.ebuild | 1033 ++++++++++++++++++++++++++++++++++ 2 files changed, 1034 insertions(+) This issue was resolved and addressed in GLSA 202011-14 at https://security.gentoo.org/glsa/202011-14 by GLSA coordinator Sam James (sam_c). |