Bug 29689

Summary: MariaDB: Security Issues update to 10.5.13
Product: Mageia Reporter: Marc Krämer <mageia>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: mariadb CVE:
Status comment:

Description Marc Krämer 2021-11-22 23:05:33 CET 
Update to mariadb 10.5.13 fixes security vulanaribility:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604
https://mariadb.com/kb/en/mariadb-10513-release-notes/
Comment 1 Marc Krämer 2021-11-30 09:50:25 CET 
Updated mariadb package to fix a security vulnerability:
Security issue in InnoDB component has been discovered and fixed [2].
Additionally a few bugs are fixed too [1].

References:
[1] https://mariadb.com/kb/en/mariadb-10513-release-notes/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604
========================

Updated packages in core/updates_testing:
========================
mariadb-client-10.5.13-2.mga8
mariadb-client-debuginfo-10.5.13-2.mga8
mariadb-core-10.5.13-2.mga8
lib64mariadbd19-10.5.13-2.mga8
lib64mariadb-embedded-devel-10.5.13-2.mga8
mariadb-common-10.5.13-2.mga8
mariadb-connect-debuginfo-10.5.13-2.mga8
mariadb-mroonga-debuginfo-10.5.13-2.mga8
mariadb-debuginfo-10.5.13-2.mga8
mariadb-spider-debuginfo-10.5.13-2.mga8
mariadb-bench-debuginfo-10.5.13-2.mga8
mariadb-connect-10.5.13-2.mga8
mariadb-extra-debuginfo-10.5.13-2.mga8
mariadb-sphinx-debuginfo-10.5.13-2.mga8
mariadb-spider-10.5.13-2.mga8
mariadb-feedback-debuginfo-10.5.13-2.mga8
lib64mariadb3-debuginfo-10.5.13-2.mga8
lib64mariadb-devel-10.5.13-2.mga8
mariadb-obsolete-debuginfo-10.5.13-2.mga8
mariadb-10.5.13-2.mga8
lib64mariadb3-10.5.13-2.mga8
mariadb-common-core-10.5.13-2.mga8
mariadb-sequence-debuginfo-10.5.13-2.mga8
mariadb-sphinx-10.5.13-2.mga8
mariadb-extra-10.5.13-2.mga8
mariadb-obsolete-10.5.13-2.mga8
mariadb-pam-10.5.13-2.mga8
mariadb-rocks-10.5.13-2.mga8
mariadb-pam-debuginfo-10.5.13-2.mga8
mariadb-feedback-10.5.13-2.mga8
lib64mariadb-devel-debuginfo-10.5.13-2.mga8
mariadb-sequence-10.5.13-2.mga8
mysql-MariaDB-10.5.13-2.mga8
mariadb-mroonga-10.5.13-2.mga8
mariadb-debugsource-10.5.13-2.mga8
lib64mariadbd19-debuginfo-10.5.13-2.mga8
mariadb-core-debuginfo-10.5.13-2.mga8
mariadb-bench-10.5.13-2.mga8
mariadb-common-debuginfo-10.5.13-2.mga8
lib64mariadb-embedded-devel-debuginfo-10.5.13-2.mga8
mariadb-rocks-debuginfo-10.5.13-2.mga8

SRPM:
mariadb-10.5.13-2.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Herman Viaene 2021-12-02 14:16:14 CET 
MGA8-64 Plasma on Lenovo B50
No installation issues. Omitted all debuginfo and debugsource packages.
Stopped mysqld before installation and then after:
# systemctl  start mysqld
[root@mach5 ~]# systemctl -l status mysqld
● mysqld.service - MySQL database server
     Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2021-12-02 13:55:05 CET; 4s ago
    Process: 7688 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
   Main PID: 7702 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 44 (limit: 9396)
     Memory: 61.7M
        CPU: 210ms
     CGroup: /system.slice/mysqld.service
             └─7702 /usr/sbin/mysqld

dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 2021-12-02 13:55:05 0 [Note] InnoDB: 10.5.13 started; log sequence number 6168852; transaction id 1849
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 2021-12-02 13:55:05 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 2021-12-02 13:55:05 0 [Note] InnoDB: Buffer pool(s) load completed at 211202 13:55:05
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 2021-12-02 13:55:05 0 [Note] CONNECT: Version 1.07.0002 March 22, 2021
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 211202 13:55:05 server_audit: MariaDB Audit Plugin version 1.4.13 STARTED.
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 211202 13:55:05 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2021-12-02 13:55:05 0 [Note] Reading of all Master_info>
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 2021-12-02 13:55:05 0 [Note] Added new Master_info '' to hash table
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: 2021-12-02 13:55:05 0 [Note] /usr/sbin/mysqld: ready for connections.
dec 02 13:55:05 mach5.hviaene.thuis mysqld[7702]: Version: '10.5.13-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 0  Mageia MariaDB Server
dec 02 13:55:05 mach5.hviaene.thuis systemd[1]: Started MySQL database server.

Made sure httpd is running and then used phpmyadmin to delete a previous testdatabase, create a new one, create a table with a primary and a unique index, filled up with some data, all worked OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 3 Thomas Andrews 2021-12-02 17:02:57 CET 
Validating. Advisory information in Comment 1.

CC: (none) => andrewsfarm
Keywords: (none) => validated_update

Thomas Backlund 2021-12-03 17:25:26 CET

Component: Release (media or process) => Security
QA Contact: (none) => security

Dave Hodgins 2021-12-03 17:33:33 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2021-12-03 19:46:53 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0536.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED