| Summary: | MariaDB: 10.5.17 fixes security Issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Marc Krämer <mageia> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, bequimao.de, davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | mariadb | CVE: | CVE-2022-32082 CVE-2022-32089 CVE-2022-32081 CVE-2018-25032 CVE-2022-32091 CVE-2022-32084 |
| Status comment: | |||
|
Description
Marc Krämer
2022-08-16 19:44:37 CEST
Updated mariadb to latest version in this branch 10.5.17: This update brings some improvements on replication and optimizer. It also fixes some bugs and brings some security fixes too. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084 https://mariadb.com/kb/en/mariadb-10517-release-notes/ ======================== Updated packages in core/updates_testing: ======================== mariadb-spider-10.5.17-1.mga8 mariadb-connect-10.5.17-1.mga8 mariadb-sphinx-debuginfo-10.5.17-1.mga8 lib64mariadb3-debuginfo-10.5.17-1.mga8 mariadb-feedback-debuginfo-10.5.17-1.mga8 mariadb-obsolete-debuginfo-10.5.17-1.mga8 mariadb-10.5.17-1.mga8 lib64mariadb3-10.5.17-1.mga8 mariadb-extra-debuginfo-10.5.17-1.mga8 mariadb-common-core-10.5.17-1.mga8 mariadb-sequence-debuginfo-10.5.17-1.mga8 mariadb-extra-10.5.17-1.mga8 mariadb-sphinx-10.5.17-1.mga8 mariadb-obsolete-10.5.17-1.mga8 mariadb-pam-10.5.17-1.mga8 mariadb-pam-debuginfo-10.5.17-1.mga8 mariadb-feedback-10.5.17-1.mga8 mariadb-sequence-10.5.17-1.mga8 lib64mariadb-devel-debuginfo-10.5.17-1.mga8 mysql-MariaDB-10.5.17-1.mga8 mariadb-spider-debuginfo-10.5.17-1.mga8 lib64mariadb-devel-10.5.17-1.mga8 mariadb-connect-debuginfo-10.5.17-1.mga8 mariadb-bench-debuginfo-10.5.17-1.mga8 mariadb-mroonga-10.5.17-1.mga8 mariadb-client-10.5.17-1.mga8 mariadb-mroonga-debuginfo-10.5.17-1.mga8 mariadb-rocks-10.5.17-1.mga8 mariadb-client-debuginfo-10.5.17-1.mga8 mariadb-core-10.5.17-1.mga8 lib64mariadbd19-10.5.17-1.mga8 lib64mariadb-embedded-devel-10.5.17-1.mga8 mariadb-common-10.5.17-1.mga8 mariadb-debuginfo-10.5.17-1.mga8 mariadb-debugsource-10.5.17-1.mga8 lib64mariadbd19-debuginfo-10.5.17-1.mga8 mariadb-core-debuginfo-10.5.17-1.mga8 mariadb-bench-10.5.17-1.mga8 mariadb-common-debuginfo-10.5.17-1.mga8 lib64mariadb-embedded-devel-debuginfo-10.5.17-1.mga8 mariadb-rocks-debuginfo-10.5.17-1.mga8 Source RPMs: mariadb-10.5.17-1.mga8.src.rpm CVE:
(none) =>
CVE-2022-32082 CVE-2022-32089 CVE-2022-32081 CVE-2018-25032 CVE-2022-32091 CVE-2022-32084
Ulrich Beckmann
2022-08-19 15:18:45 CEST
CC:
(none) =>
bequimao.de Tested with Kontact/KMail/Akonadi $ cat ~/.local/share/akonadi/db_data/mysql.err ... 2022-08-25 15:04:49 0 [Note] /usr/sbin/mysqld: ready for connections. Version: '10.5.17-MariaDB' socket: '/run/user/1000/akonadi/mysql.socket' port: 0 Mageia MariaDB Server 2022-08-25 15:05:06 0 [Note] InnoDB: Buffer pool(s) load completed at 220825 15:05:06 Invoked as user $ akonadictl status, ok $ akonadictl fsck, ok $ mysql_upgrade -u akonadi --socket=/run/user/1000/akonadi/mysql.socket ... There is no need to run mysql_upgrade No regression found. Ulrich Beckmann MGA8-64 Plasma on Acer Aspire 5253
No installation issues.
Made sure httpd is running, then
# systemctl start mysqld
# systemctl -l status mysqld
● mysqld.service - MySQL database server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2022-08-26 10:25:43 CEST; 9s ago
Process: 7024 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
Main PID: 7083 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 44 (limit: 4364)
Memory: 62.5M
CPU: 1.071s
CGroup: /system.slice/mysqld.service
└─7083 /usr/sbin/mysqld
Aug 26 10:25:42 mach7.hviaene.thuis mysqld[7083]: 2022-08-26 10:25:42 0 [Note] InnoDB: 10.5.17 started; log sequence number 66477; tr>
Aug 26 10:25:42 mach7.hviaene.thuis mysqld[7083]: 2022-08-26 10:25:42 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_>
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: 2022-08-26 10:25:43 0 [Note] CONNECT: Version 1.07.0002 March 22, 2021
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: 220826 10:25:43 server_audit: MariaDB Audit Plugin version 1.4.14 STARTED.
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: 220826 10:25:43 server_audit: Query cache is enabled with the TABLE events. Some ta>
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: 2022-08-26 10:25:43 0 [Note] Reading of all Master_info entries succeeded
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: 2022-08-26 10:25:43 0 [Note] Added new Master_info '' to hash table
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: 2022-08-26 10:25:43 0 [Note] /usr/sbin/mysqld: ready for connections.
Aug 26 10:25:43 mach7.hviaene.thuis mysqld[7083]: Version: '10.5.17-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 0 Mageia Ma>
Aug 26 10:25:43 mach7.hviaene.thuis systemd[1]: Started MySQL database server.
Used phpmyadmin to delete a previous test database, create a new one, create a table (with a serial PK and timestamp field) in it and insert two rows in the table.
All worked perfectly.Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in Comment 1. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-08-29 00:18:23 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0314.html Resolution:
(none) =>
FIXED |