Bug 26818 - mariadb new security issues CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814
Summary: mariadb new security issues CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-202...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-06-18 22:55 CEST by David Walser
Modified: 2020-07-07 13:14 CEST (History)
5 users (show)

See Also:
Source RPM: mariadb-10.3.22-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-06-18 22:55:48 CEST 
Fedora has issued an advisory on on June 16:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/

The issues are fixed upstream in 10.3.23 and 10.4.13.

Mageia 7 is also affected.
David Walser 2020-06-18 22:56:09 CEST

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Fixed upstream in 10.3.23 and 10.4.13

Marc Krämer 2020-06-19 02:15:50 CEST

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 1 David Walser 2020-06-19 02:18:14 CEST 
Marc, Cauldron hasn't been updated yet.  I see it's checked into SVN, but it hasn't been built.

Version: 7 => Cauldron
Whiteboard: (none) => MGA7TOO

Comment 2 Marc Krämer 2020-06-19 10:05:10 CEST 
sorry. there must have been a build issue and I was busy. Didn't check the repos.
Comment 3 Marc Krämer 2020-06-19 13:52:09 CEST 
ok, I know why... I didn't have the time to play this file removed, that added...
Comment 4 David Walser 2020-06-19 20:23:58 CEST 
Nice, it built.  Just needs an advisory.

https://mariadb.com/kb/en/mariadb-10323-release-notes/

mariadb-10.3.23-1.mga7
mysql-MariaDB-10.3.23-1.mga7
mariadb-feedback-10.3.23-1.mga7
mariadb-connect-10.3.23-1.mga7
mariadb-sphinx-10.3.23-1.mga7
mariadb-mroonga-10.3.23-1.mga7
mariadb-sequence-10.3.23-1.mga7
mariadb-spider-10.3.23-1.mga7
mariadb-extra-10.3.23-1.mga7
mariadb-obsolete-10.3.23-1.mga7
mariadb-core-10.3.23-1.mga7
mariadb-common-core-10.3.23-1.mga7
mariadb-common-10.3.23-1.mga7
mariadb-client-10.3.23-1.mga7
mariadb-bench-10.3.23-1.mga7
mariadb-pam-10.3.23-1.mga7
libmariadb3-10.3.23-1.mga7
libmariadb-devel-10.3.23-1.mga7
libmariadbd19-10.3.23-1.mga7
libmariadb-embedded-devel-10.3.23-1.mga7

from mariadb-10.3.23-1.mga7.src.rpm

Status comment: Fixed upstream in 10.3.23 and 10.4.13 => (none)
Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

David Walser 2020-06-19 20:24:16 CEST

Assignee: mageia => qa-bugs
CC: (none) => mageia

Comment 5 PC LX 2020-06-20 00:03:17 CEST 
Installed and tested without issues.


Tested with:
- mysql CLI;
- MySQL Workbench;
- Qt5 applications using the mysql plugin;
- phpMyAdmin PHP script;
- PHP using PDO/mysql;
- Several complex SQL scripts.

No regressions noticed.


$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep -i mariadb | sort
lib64mariadb3-10.3.23-1.mga7
mariadb-10.3.23-1.mga7
mariadb-client-10.3.23-1.mga7
mariadb-common-10.3.23-1.mga7
mariadb-common-core-10.3.23-1.mga7
mariadb-core-10.3.23-1.mga7
mariadb-extra-10.3.23-1.mga7
$ systemctl status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-06-19 22:32:39 WEST; 28min ago
  Process: 25191 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
 Main PID: 25205 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 34 (limit: 4697)
   Memory: 62.9M
   CGroup: /system.slice/mysqld.service
           └─25205 /usr/sbin/mysqld

jun 19 22:32:39 marte mysqld[25205]: 2020-06-19 22:32:39 0 [Note] InnoDB: 10.3.23 started; log sequence number 296879548; transaction id 895478
jun 19 22:32:39 marte mysqld[25205]: 2020-06-19 22:32:39 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
jun 19 22:32:39 marte mysqld[25205]: 200619 22:32:39 server_audit: MariaDB Audit Plugin version 1.4.8 STARTED.
jun 19 22:32:39 marte mysqld[25205]: 200619 22:32:39 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2020-06-19 22:32:39 0 [Note] Reading of all Master_info entries s>
jun 19 22:32:39 marte mysqld[25205]: 2020-06-19 22:32:39 0 [Note] Added new Master_info '' to hash table
jun 19 22:32:39 marte mysqld[25205]: 2020-06-19 22:32:39 0 [Note] /usr/sbin/mysqld: ready for connections.
jun 19 22:32:39 marte mysqld[25205]: Version: '10.3.23-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 0  Mageia MariaDB Server
jun 19 22:32:39 marte systemd[1]: Started MySQL database server.
jun 19 22:32:39 marte mysqld[25205]: 2020-06-19 22:32:39 0 [Note] InnoDB: Buffer pool(s) load completed at 200619 22:32:39

CC: (none) => mageia

Comment 6 Marc Krämer 2020-06-20 09:45:32 CEST 
thx David.
Comment 7 David Walser 2020-06-20 18:13:12 CEST 
Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Vulnerability in the MariaDB Client product of MariaDB (component: C API).
Difficult to exploit vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MariaDB Client. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MariaDB Client (CVE-2020-2752).

Vulnerability in the MariaDB Server product of MariaDB (component: InnoDB).
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MariaDB Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MariaDB Server as well as
unauthorized update, insert or delete access to some of MariaDB Server
accessible data (CVE-2020-2760).

Vulnerability in the MariaDB Server product of MariaDB (component: Server:
Stored Procedure). Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MariaDB
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MariaDB Server (CVE-2020-2812).

Vulnerability in the MariaDB Server product of MariaDB (component: InnoDB).
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MariaDB Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2020-2814).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2814
https://mariadb.com/kb/en/mariadb-10323-release-notes/

Whiteboard: (none) => MGA7-64-OK

Comment 8 Thomas Andrews 2020-06-21 14:54:36 CEST 
Validating. Advisory in Comment 7.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Nicolas Lécureuil 2020-07-07 12:29:27 CEST

CC: (none) => mageia
Keywords: (none) => advisory

Comment 9 Mageia Robot 2020-07-07 13:14:57 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0284.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.