Bug 27558 - MariaDB: new security issues
Summary: MariaDB: new security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-11-04 09:31 CET by Marc Krämer
Modified: 2020-11-08 15:16 CET (History)
5 users (show)

See Also:
Source RPM: mariadb
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Marc Krämer 2020-11-04 09:32:02 CET

Assignee: bugsquad => mageia

Comment 1 Marc Krämer 2020-11-04 11:11:43 CET 
Updated mariadb packages fix security vulnerabilities:

The latest release of mariadb fixes some undisclosed easily exploitable vulnerabilities [2,3,4,5].

Additionally some bugs are fixed [1]:
- Temporary tables can overwrite existing files (MDEV-23569)
- Crash on SELECT on a table with indexed virtual columns (MDEV-18366)
- Fixed a bug in the recovery of encrypted tables (MDEV-23456)
- Diskspace not reused for BLOB in data file (MDEV-23072)
- CREATE TEMPORARY TABLE .. LIKE (system versioned table) returns error if unique index is defined in the table (MDEV-23968)
- CREATE .. SELECT wrong result on join versioned table (MDEV-23799)

References:
[1] https://mariadb.com/kb/en/mariadb-10326-release-notes/
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14812
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14765
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14776
[5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14789

========================

Updated packages in core/updates_testing:
========================
mariadb-10.3.26-1.mga7
mysql-MariaDB-10.3.26-1.mga7
mariadb-feedback-10.3.26-1.mga7
mariadb-connect-10.3.26-1.mga7
mariadb-sphinx-10.3.26-1.mga7
mariadb-mroonga-10.3.26-1.mga7
mariadb-sequence-10.3.26-1.mga7
mariadb-spider-10.3.26-1.mga7
mariadb-extra-10.3.26-1.mga7
mariadb-obsolete-10.3.26-1.mga7
mariadb-core-10.3.26-1.mga7
mariadb-common-core-10.3.26-1.mga7
mariadb-common-10.3.26-1.mga7
mariadb-client-10.3.26-1.mga7
mariadb-bench-10.3.26-1.mga7
mariadb-pam-10.3.26-1.mga7
libmariadb3-10.3.26-1.mga7
libmariadb-devel-10.3.26-1.mga7
libmariadbd19-10.3.26-1.mga7
libmariadb-embedded-devel-10.3.26-1.mga7
mariadb-debugsource-10.3.26-1.mga7
mariadb-debuginfo-10.3.26-1.mga7
mariadb-feedback-debuginfo-10.3.26-1.mga7
mariadb-connect-debuginfo-10.3.26-1.mga7
mariadb-sphinx-debuginfo-10.3.26-1.mga7
mariadb-mroonga-debuginfo-10.3.26-1.mga7
mariadb-sequence-debuginfo-10.3.26-1.mga7
mariadb-spider-debuginfo-10.3.26-1.mga7
mariadb-extra-debuginfo-10.3.26-1.mga7
mariadb-obsolete-debuginfo-10.3.26-1.mga7
mariadb-core-debuginfo-10.3.26-1.mga7
mariadb-common-debuginfo-10.3.26-1.mga7
mariadb-client-debuginfo-10.3.26-1.mga7
mariadb-bench-debuginfo-10.3.26-1.mga7
mariadb-pam-10.3.26-1.mga7
libmariadb3-10.3.26-1.mga7
libmariadb-devel-10.3.26-1.mga7
libmariadbd19-10.3.26-1.mga7
libmariadb-embedded-devel-10.3.26-1.mga7
mariadb-debugsource-10.3.26-1.mga7
mariadb-debuginfo-10.3.26-1.mga7
mariadb-feedback-debuginfo-10.3.26-1.mga7
mariadb-connect-debuginfo-10.3.26-1.mga7
mariadb-sphinx-debuginfo-10.3.26-1.mga7
mariadb-mroonga-debuginfo-10.3.26-1.mga7
mariadb-sequence-debuginfo-10.3.26-1.mga7
mariadb-spider-debuginfo-10.3.26-1.mga7
mariadb-extra-debuginfo-10.3.26-1.mga7
mariadb-obsolete-debuginfo-10.3.26-1.mga7
mariadb-core-debuginfo-10.3.26-1.mga7
mariadb-common-debuginfo-10.3.26-1.mga7
mariadb-client-debuginfo-10.3.26-1.mga7
mariadb-bench-debuginfo-10.3.26-1.mga7
mariadb-pam-debuginfo-10.3.26-1.mga7
libmariadb3-debuginfo-10.3.26-1.mga7
libmariadbd19-debuginfo-10.3.26-1.mga7
libmariadb-embedded-devel-debuginfo-10.3.26-1.mga7


SRPM:
mariadb-10.3.26-1.mga7.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Herman Viaene 2020-11-06 12:08:56 CET 
MGA7-64 MATE on Peaq C1011
No installation issues
# systemctl start httpd

# systemctl start mysqld

# mysql_secure_installation 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!
and more .....

Then start phpmyadmin, rcreate a new database, create a table with an autovalue (primery index), a varachar with unique index, a plain varchar and a timestamp column.
Inserted two rows, all OK

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 3 PC LX 2020-11-06 20:58:16 CET 
Installed and tested without issues.


System: Mageia 7, x86_64, Intel CPU.


Tested using:
- mysql CLI;
- MySQL Workbench;
- phpMyAdmin PHP script;
- PHP scripts using PDO/mysql.
- Qt5 apps using the mysql plugin;


No regressions noticed.


$ uname -a
Linux marte 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep -i mariadb | sort
lib64mariadb3-10.3.26-1.mga7
mariadb-10.3.26-1.mga7
mariadb-client-10.3.26-1.mga7
mariadb-common-10.3.26-1.mga7
mariadb-common-core-10.3.26-1.mga7
mariadb-core-10.3.26-1.mga7
mariadb-extra-10.3.26-1.mga7
$ systemctl status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-11-06 19:53:10 WET; 4min 32s ago
  Process: 9766 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
 Main PID: 9780 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 32 (limit: 4684)
   Memory: 108.1M
   CGroup: /system.slice/mysqld.service
           └─9780 /usr/sbin/mysqld

nov 06 19:53:10 marte mysqld[9780]: 2020-11-06 19:53:10 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
nov 06 19:53:10 marte mysqld[9780]: 2020-11-06 19:53:10 0 [Note] InnoDB: 10.3.26 started; log sequence number 300801896; transaction id 897372
nov 06 19:53:10 marte mysqld[9780]: 2020-11-06 19:53:10 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
nov 06 19:53:10 marte mysqld[9780]: 201106 19:53:10 server_audit: MariaDB Audit Plugin version 1.4.10 STARTED.
nov 06 19:53:10 marte mysqld[9780]: 201106 19:53:10 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2020-11-06 19:53:10 0 [Note] Reading of all Master_info entries su>
nov 06 19:53:10 marte mysqld[9780]: 2020-11-06 19:53:10 0 [Note] Added new Master_info '' to hash table
nov 06 19:53:10 marte mysqld[9780]: 2020-11-06 19:53:10 0 [Note] /usr/sbin/mysqld: ready for connections.
nov 06 19:53:10 marte mysqld[9780]: Version: '10.3.26-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 0  Mageia MariaDB Server
nov 06 19:53:10 marte systemd[1]: Started MySQL database server.
nov 06 19:53:10 marte mysqld[9780]: 2020-11-06 19:53:10 0 [Note] InnoDB: Buffer pool(s) load completed at 201106 19:53:10

CC: (none) => mageia

Comment 4 Thomas Andrews 2020-11-07 22:37:53 CET 
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Aurelien Oudelet 2020-11-08 11:38:15 CET 
Advisory pushed to SVN.

Keywords: (none) => advisory
CC: (none) => ouaurelien

Comment 6 Mageia Robot 2020-11-08 15:16:00 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0404.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.