Bug 26167

Summary: mariadb possible new issue CVE-2020-7221
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: Marc Krämer <mageia>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mariadb-10.4.12-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2020-02-04 15:57:55 CET 
An issue in MariaDB has been announced today (February 4):
https://www.openwall.com/lists/oss-security/2020/02/04/1

The announcement says that upstream attempted to fix it in 10.4.12, but also suggested that some packaging changes may be needed to fully address the issue.

I don't know if the version in Mageia 7 also contains the affected auth_pam_tool.
Comment 1 Marc Krämer 2020-02-04 17:06:35 CET 
as far as I can tell mga7 is not affected. the script mysql_install_db does not contain the named dir/executeables.
in cauldron we have a separated package for the pam plugin, which is not installed by default.
Adressed issue in cauldron.

Status: NEW => RESOLVED
Resolution: (none) => FIXED