28896 – MariaDB new security Issues: CVE-2021-2154 and CVE-2021-2166

Bug 28896 - MariaDB new security Issues: CVE-2021-2154 and CVE-2021-2166

Summary: MariaDB new security Issues: CVE-2021-2154 and CVE-2021-2166

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords:	advisory, validated_update

Duplicates (1):	28897 (view as bug list)
Depends on:
Blocks:

Reported:	2021-05-10 01:06 CEST by Marc Krämer
Modified:	2021-05-12 11:58 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	mariadb
CVE:	CVE-2021-2154, CVE-2021-2166
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2021-05-10 01:06:33 CEST

Some security issues were discovered in mariadb:
CVE-2021-2166
CVE-2021-2154

Comment 1 Marc Krämer 2021-05-10 01:13:54 CEST

Updated MariaDB packages fix security vulnerabilities:

Some severe exploitable vulnerabilities were discovered and fixed [2,3].

This is a regular update, which brings the usual improvements in innodb, galera, ... [1]

References:
[1] https://mariadb.com/kb/en/mariadb-10329-release-notes/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2154

========================

Updated packages in core/updates_testing:
========================
mariadb-10.3.29-1.mga7
mysql-MariaDB-10.3.29-1.mga7
mariadb-feedback-10.3.29-1.mga7
mariadb-connect-10.3.29-1.mga7
mariadb-sphinx-10.3.29-1.mga7
mariadb-mroonga-10.3.29-1.mga7
mariadb-sequence-10.3.29-1.mga7
mariadb-spider-10.3.29-1.mga7
mariadb-rocks-10.3.29-1.mga7
mariadb-extra-10.3.29-1.mga7
mariadb-obsolete-10.3.29-1.mga7
mariadb-core-10.3.29-1.mga7
mariadb-common-core-10.3.29-1.mga7
mariadb-common-10.3.29-1.mga7
mariadb-client-10.3.29-1.mga7
mariadb-bench-10.3.29-1.mga7
mariadb-pam-10.3.29-1.mga7
lib64mariadb3-10.3.29-1.mga7
lib64mariadb-devel-10.3.29-1.mga7
lib64mariadbd19-10.3.29-1.mga7
lib64mariadb-embedded-devel-10.3.29-1.mga7
mariadb-debugsource-10.3.29-1.mga7
mariadb-debuginfo-10.3.29-1.mga7
mariadb-feedback-debuginfo-10.3.29-1.mga7
mariadb-connect-debuginfo-10.3.29-1.mga7
mariadb-sphinx-debuginfo-10.3.29-1.mga7
mariadb-mroonga-debuginfo-10.3.29-1.mga7
mariadb-sequence-debuginfo-10.3.29-1.mga7
mariadb-spider-debuginfo-10.3.29-1.mga7
mariadb-rocks-debuginfo-10.3.29-1.mga7
mariadb-extra-debuginfo-10.3.29-1.mga7
mariadb-obsolete-debuginfo-10.3.29-1.mga7
mariadb-core-debuginfo-10.3.29-1.mga7
mariadb-common-debuginfo-10.3.29-1.mga7
mariadb-client-debuginfo-10.3.29-1.mga7
mariadb-bench-debuginfo-10.3.29-1.mga7
mariadb-pam-debuginfo-10.3.29-1.mga7
lib64mariadb3-debuginfo-10.3.29-1.mga7
lib64mariadbd19-debuginfo-10.3.29-1.mga7
lib64mariadb-embedded-devel-debuginfo-10.3.29-1.mga7

Source RPMs: 
mariadb-10.3.29-1.mga7.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Herman Viaene 2021-05-10 14:43:51 CEST

MGA7-64 Plasma on Lenovo B50
No installation issues.
Before installation:
# systemctl -l status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

After installation

# systemctl -l start mysqld
# systemctl -l status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2021-05-10 14:31:43 CEST; 4s ago
  Process: 16748 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
 Main PID: 16762 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 59 (limit: 4915)
   Memory: 87.1M
   CGroup: /system.slice/mysqld.service
           └─16762 /usr/sbin/mysqld

May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 2021-05-10 14:31:43 0 [Note] InnoDB: 10.3.29 started; log sequence number 11054198; transaction id 6671
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 2021-05-10 14:31:43 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 2021-05-10 14:31:43 0 [Note] CONNECT: Version 1.07.0002 March 22, 2021
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 210510 14:31:43 server_audit: MariaDB Audit Plugin version 1.4.13 STARTED.
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 210510 14:31:43 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2021-05->
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 2021-05-10 14:31:43 0 [Note] Added new Master_info '' to hash table
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: 2021-05-10 14:31:43 0 [Note] /usr/sbin/mysqld: ready for connections.
May 10 14:31:43 mach5.hviaene.thuis mysqld[16762]: Version: '10.3.29-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 0  Mageia MariaDB Server
May 10 14:31:43 mach5.hviaene.thuis systemd[1]: Started MySQL database server.
May 10 14:31:45 mach5.hviaene.thuis mysqld[16762]: 2021-05-10 14:31:45 0 [Note] InnoDB: Buffer pool(s) load completed at 210510 14:31:45

Used phpmyadmin to delete existing test database, create a new one, create a table with a seria column as PK, a name field as a unique index, another char field and a timestamp column. Inserted two records with proper values,all work OK.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 3 Aurelien Oudelet 2021-05-11 18:38:54 CEST

Validating. Advisory done.

CVE: (none) => CVE-2021-2154, CVE-2021-2166
CC: (none) => ouaurelien, sysadmin-bugs
Keywords: (none) => advisory, validated_update
Summary: MariaDB: Security Issues => MariaDB new security Issues: CVE-2021-2154 and CVE-2021-2166

Comment 4 Aurelien Oudelet 2021-05-11 18:44:50 CEST

*** Bug 28897 has been marked as a duplicate of this bug. ***

Comment 5 Aurelien Oudelet 2021-05-11 18:48:04 CEST

Advisory:
========================

Updated MariaDB packages fix security vulnerabilities:

Some severe exploitable vulnerabilities were discovered and fixed [2,3].

This is a regular update, which brings the usual improvements in innodb, galera, ... [1]

References:
[1] https://mariadb.com/kb/en/mariadb-10329-release-notes/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2154

========================

Updated packages in 7/core/updates_testing:
========================
mariadb-10.3.29-1.mga7
mysql-MariaDB-10.3.29-1.mga7
mariadb-feedback-10.3.29-1.mga7
mariadb-connect-10.3.29-1.mga7
mariadb-sphinx-10.3.29-1.mga7
mariadb-mroonga-10.3.29-1.mga7
mariadb-sequence-10.3.29-1.mga7
mariadb-spider-10.3.29-1.mga7
mariadb-rocks-10.3.29-1.mga7
mariadb-extra-10.3.29-1.mga7
mariadb-obsolete-10.3.29-1.mga7
mariadb-core-10.3.29-1.mga7
mariadb-common-core-10.3.29-1.mga7
mariadb-common-10.3.29-1.mga7
mariadb-client-10.3.29-1.mga7
mariadb-bench-10.3.29-1.mga7
mariadb-pam-10.3.29-1.mga7
lib(64)mariadb3-10.3.29-1.mga7
lib(64)mariadb-devel-10.3.29-1.mga7
lib(64)mariadbd19-10.3.29-1.mga7
lib(64)mariadb-embedded-devel-10.3.29-1.mga7
mariadb-debugsource-10.3.29-1.mga7
mariadb-debuginfo-10.3.29-1.mga7
mariadb-feedback-debuginfo-10.3.29-1.mga7
mariadb-connect-debuginfo-10.3.29-1.mga7
mariadb-sphinx-debuginfo-10.3.29-1.mga7
mariadb-mroonga-debuginfo-10.3.29-1.mga7
mariadb-sequence-debuginfo-10.3.29-1.mga7
mariadb-spider-debuginfo-10.3.29-1.mga7
mariadb-rocks-debuginfo-10.3.29-1.mga7
mariadb-extra-debuginfo-10.3.29-1.mga7
mariadb-obsolete-debuginfo-10.3.29-1.mga7
mariadb-core-debuginfo-10.3.29-1.mga7
mariadb-common-debuginfo-10.3.29-1.mga7
mariadb-client-debuginfo-10.3.29-1.mga7
mariadb-bench-debuginfo-10.3.29-1.mga7
mariadb-pam-debuginfo-10.3.29-1.mga7
lib(64)mariadb3-debuginfo-10.3.29-1.mga7
lib(64)mariadbd19-debuginfo-10.3.29-1.mga7
lib(64)mariadb-embedded-devel-debuginfo-10.3.29-1.mga7

Source RPMs: 
mariadb-10.3.29-1.mga7.src.rpm

========================

Updated packages in 8/core/updates_testing:
========================

mariadb-common-10.5.10-1.mga8
mariadb-debuginfo-10.5.10-1.mga8
mariadb-debugsource-10.5.10-1.mga8
mariadb-client-10.5.10-1.mga8
lib(64)mariadbd19-debuginfo-10.5.10-1.mga8
mariadb-client-debuginfo-10.5.10-1.mga8
lib(64)mariadb-embedded-devel-10.5.10-1.mga8
mariadb-core-debuginfo-10.5.10-1.mga8
mariadb-mroonga-debuginfo-10.5.10-1.mga8
mariadb-core-10.5.10-1.mga8
lib(64)mariadbd19-10.5.10-1.mga8
mariadb-spider-debuginfo-10.5.10-1.mga8
mariadb-connect-debuginfo-10.5.10-1.mga8
mariadb-bench-debuginfo-10.5.10-1.mga8
mariadb-mroonga-10.5.10-1.mga8
lib(64)mariadb-devel-10.5.10-1.mga8
mariadb-extra-debuginfo-10.5.10-1.mga8
mariadb-connect-10.5.10-1.mga8
mariadb-sphinx-debuginfo-10.5.10-1.mga8
mariadb-spider-10.5.10-1.mga8
lib(64)mariadb3-debuginfo-10.5.10-1.mga8
mariadb-feedback-debuginfo-10.5.10-1.mga8
mariadb-obsolete-debuginfo-10.5.10-1.mga8
mariadb-10.5.10-1.mga8
lib(64)mariadb3-10.5.10-1.mga8
mariadb-sequence-debuginfo-10.5.10-1.mga8
mariadb-common-core-10.5.10-1.mga8
mariadb-extra-10.5.10-1.mga8
mariadb-sphinx-10.5.10-1.mga8
mariadb-obsolete-10.5.10-1.mga8
mariadb-pam-debuginfo-10.5.10-1.mga8
mariadb-pam-10.5.10-1.mga8
mariadb-sequence-10.5.10-1.mga8
mariadb-feedback-10.5.10-1.mga8
mariadb-rocks-10.5.10-1.mga8
lib(64)mariadb-devel-debuginfo-10.5.10-1.mga8
mysql-MariaDB-10.5.10-1.mga8
mariadb-common-debuginfo-10.5.10-1.mga8
mariadb-bench-10.5.10-1.mga8
lib(64)mariadb-embedded-devel-debuginfo-10.5.10-1.mga8
mariadb-rocks-debuginfo-10.5.10-1.mga8


SRPM:
mariadb-10.5.10-1.mga8.src.rpm
========================


Validating MGA8-64-OK from Bug 28897.

Whiteboard: MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Version: 7 => 8

Comment 6 Mageia Robot 2021-05-12 11:58:06 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0211.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.