[CVE-2021-46661] MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). URL: https://jira.mariadb.org/browse/MDEV-25766 [CVE-2021-46662] MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. URL: https://jira.mariadb.org/browse/MDEV-25637 [CVE-2021-46663] MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. URL: https://jira.mariadb.org/browse/MDEV-26351 [CVE-2021-46664] MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. (closely related to CVE-2021-46665) https://jira.mariadb.org/browse/MDEV-25761 [CVE-2021-46665] MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. URL: https://jira.mariadb.org/browse/MDEV-25636 [CVE-2021-46666] MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. URL: https://jira.mariadb.org/browse/MDEV-25635 [CVE-2021-46667] MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. URL: https://jira.mariadb.org/browse/MDEV-26350 [CVE-2021-46668] MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. URL: https://jira.mariadb.org/browse/MDEV-25787 [CVE-2021-46669] MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. URL: https://jira.mariadb.org/browse/MDEV-25638
CVE-2022-24052 (https://mariadb.com/kb/en/security/): This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. CVE-2022-24048 (https://www.zerodayinitiative.com/advisories/ZDI-22-363/): This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. CVE-2022-24050 (https://www.zerodayinitiative.com/advisories/ZDI-22-364/): This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. CVE-2022-24051 (https://mariadb.com/kb/en/security/): This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. Seems we need bumps to 10.6.6, 10.5.14, 10.4.23, 10.3.33, and 10.2.42.
Bumping to 10.6.6 isn't enough, for the following we would need 10.6.7. - CVE-2021-46665 - CVE-2021-46664 - CVE-2021-46661 - CVE-2021-46668 - CVE-2021-46663 For such a high profile, high usage application we really should be on the ball more.
The previous comment also applies to 10.4.24, 10.3.34 and 10.2.43 too, the versions mentioned by John earlier do not provide protection.
(In reply to Michiel Hazelhof from comment #2) > Bumping to 10.6.6 isn't enough, for the following we would need 10.6.7. > > - CVE-2021-46665 > - CVE-2021-46664 > - CVE-2021-46661 > - CVE-2021-46668 > - CVE-2021-46663 > > For such a high profile, high usage application we really should be on the > ball more. Thanks! Feel free to submit a PR
(In reply to John Helmert III from comment #4) > (In reply to Michiel Hazelhof from comment #2) > > Bumping to 10.6.6 isn't enough, for the following we would need 10.6.7. > > > > - CVE-2021-46665 > > - CVE-2021-46664 > > - CVE-2021-46661 > > - CVE-2021-46668 > > - CVE-2021-46663 > > > > For such a high profile, high usage application we really should be on the > > ball more. > > Thanks! Feel free to submit a PR Ah, I see. The maintainer already nacked a PR on Github. I wish they'd keep the rest of us in the loop.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d0f80602bd1122a3638d8d74857502d7ed975b9 commit 1d0f80602bd1122a3638d8d74857502d7ed975b9 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-12 20:40:19 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2022-05-12 20:40:19 +0000 dev-db/mariadb: bump to 10.5.15 Closes: https://github.com/gentoo/gentoo/pull/24852 Bug: https://bugs.gentoo.org/832490 Acked-by: Robin H. Johnson <robbat2@gentoo.org> Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: David Seifert <soap@gentoo.org> dev-db/mariadb/Manifest | 2 + dev-db/mariadb/mariadb-10.5.15.ebuild | 1323 +++++++++++++++++++++++++++++++++ 2 files changed, 1325 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f22921d74ad881d241ecee3f20f8254abbbdef7 commit 3f22921d74ad881d241ecee3f20f8254abbbdef7 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-31 20:01:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:39 +0000 dev-db/mariadb: bump to 10.6.8 Bug: https://bugs.gentoo.org/832490 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25707 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 2 + dev-db/mariadb/mariadb-10.6.8.ebuild | 1316 ++++++++++++++++++++++++++++++++++ 2 files changed, 1318 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5e96bd91204dc7f536640ebabdd88e713a277c3 commit a5e96bd91204dc7f536640ebabdd88e713a277c3 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-31 18:54:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:32 +0000 dev-db/mariadb: bump to 10.5.16 Bug: https://bugs.gentoo.org/832490 Closes: https://bugs.gentoo.org/843992 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25705 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.5.16.ebuild | 1312 +++++++++++++++++++++++++++++++++ 2 files changed, 1313 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5ac359b6a7722e6165639e4acd89cf38e0c4194 commit e5ac359b6a7722e6165639e4acd89cf38e0c4194 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-31 18:49:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:24 +0000 dev-db/mariadb: bump to 10.4.25 Bug: https://bugs.gentoo.org/832490 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25704 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 2 + dev-db/mariadb/mariadb-10.4.25.ebuild | 1305 +++++++++++++++++++++++++++++++++ 2 files changed, 1307 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92e9fbf72178359ea32c18224c39c4f0c072e0c8 commit 92e9fbf72178359ea32c18224c39c4f0c072e0c8 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-31 18:39:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:15 +0000 dev-db/mariadb: bump to 10.3.35 Bug: https://bugs.gentoo.org/832490 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25554 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.3.35.ebuild | 1284 +++++++++++++++++++++++++++++++++ 2 files changed, 1285 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0025eace3007f2f213b7c920d1f0a300f69907d commit f0025eace3007f2f213b7c920d1f0a300f69907d Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-18 21:06:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:14 +0000 dev-db/mariadb: bump to 10.3.34 Bug: https://bugs.gentoo.org/832490 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 2 + dev-db/mariadb/mariadb-10.3.34.ebuild | 1284 +++++++++++++++++++++++++++++++++ 2 files changed, 1286 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23206621f995162acdf73df1c3ac49f32ed3679b commit 23206621f995162acdf73df1c3ac49f32ed3679b Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-31 18:34:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:01 +0000 dev-db/mariadb: bump to 10.2.44 Bug: https://bugs.gentoo.org/832490 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25529 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 1 + dev-db/mariadb/mariadb-10.2.44.ebuild | 1292 +++++++++++++++++++++++++++++++++ 2 files changed, 1293 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d87587fb8a874172aaf5d69afeb24707e6095d2f commit d87587fb8a874172aaf5d69afeb24707e6095d2f Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-05-16 21:01:35 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:10:00 +0000 dev-db/mariadb: bump to 10.2.43 Bug: https://bugs.gentoo.org/832490 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 2 + dev-db/mariadb/mariadb-10.2.43.ebuild | 1292 +++++++++++++++++++++++++++++++++ 2 files changed, 1294 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=b69f175bb86c550d8cad22e4c391edbf3ccd7c16 commit b69f175bb86c550d8cad22e4c391edbf3ccd7c16 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 08:40:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 08:40:18 +0000 [ GLSA 202405-25 ] MariaDB: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/699874 Bug: https://bugs.gentoo.org/822759 Bug: https://bugs.gentoo.org/832490 Bug: https://bugs.gentoo.org/838244 Bug: https://bugs.gentoo.org/847526 Bug: https://bugs.gentoo.org/856484 Bug: https://bugs.gentoo.org/891781 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-25.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+)