Bug 28897 - MariaDB new security issues: CVE-2021-2154 and CVE-2021-2166 for Mageia 8
Summary: MariaDB new security issues: CVE-2021-2154 and CVE-2021-2166 for Mageia 8
Status: RESOLVED DUPLICATE of bug 28896
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-10 01:07 CEST by Marc Krämer
Modified: 2021-05-11 18:44 CEST (History)
1 user (show)

See Also:
Source RPM: mariadb
CVE: CVE-2021-2154, CVE-2021-2166
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2021-05-10 01:07:07 CEST 
Some security issues were discovered in mariadb:
CVE-2021-2166
CVE-2021-2154
Comment 1 Marc Krämer 2021-05-10 01:16:07 CEST 
Updated MariaDB packages fix security vulnerabilities:

Some severe exploitable vulnerabilities were discovered and fixed [2,3].

This is a regular update, which brings the usual improvements in innodb, galera, ... [1]

References:
[1] https://mariadb.com/kb/en/mariadb-10510-release-notes/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2154

========================

Updated packages in core/updates_testing:
========================

mariadb-common-10.5.10-1.mga8
mariadb-debuginfo-10.5.10-1.mga8
mariadb-debugsource-10.5.10-1.mga8
mariadb-client-10.5.10-1.mga8
lib64mariadbd19-debuginfo-10.5.10-1.mga8
mariadb-client-debuginfo-10.5.10-1.mga8
lib64mariadb-embedded-devel-10.5.10-1.mga8
mariadb-core-debuginfo-10.5.10-1.mga8
mariadb-mroonga-debuginfo-10.5.10-1.mga8
mariadb-core-10.5.10-1.mga8
lib64mariadbd19-10.5.10-1.mga8
mariadb-spider-debuginfo-10.5.10-1.mga8
mariadb-connect-debuginfo-10.5.10-1.mga8
mariadb-bench-debuginfo-10.5.10-1.mga8
mariadb-mroonga-10.5.10-1.mga8
lib64mariadb-devel-10.5.10-1.mga8
mariadb-extra-debuginfo-10.5.10-1.mga8
mariadb-connect-10.5.10-1.mga8
mariadb-sphinx-debuginfo-10.5.10-1.mga8
mariadb-spider-10.5.10-1.mga8
lib64mariadb3-debuginfo-10.5.10-1.mga8
mariadb-feedback-debuginfo-10.5.10-1.mga8
mariadb-obsolete-debuginfo-10.5.10-1.mga8
mariadb-10.5.10-1.mga8
lib64mariadb3-10.5.10-1.mga8
mariadb-sequence-debuginfo-10.5.10-1.mga8
mariadb-common-core-10.5.10-1.mga8
mariadb-extra-10.5.10-1.mga8
mariadb-sphinx-10.5.10-1.mga8
mariadb-obsolete-10.5.10-1.mga8
mariadb-pam-debuginfo-10.5.10-1.mga8
mariadb-pam-10.5.10-1.mga8
mariadb-sequence-10.5.10-1.mga8
mariadb-feedback-10.5.10-1.mga8
mariadb-rocks-10.5.10-1.mga8
lib64mariadb-devel-debuginfo-10.5.10-1.mga8
mysql-MariaDB-10.5.10-1.mga8
mariadb-common-debuginfo-10.5.10-1.mga8
mariadb-bench-10.5.10-1.mga8
lib64mariadb-embedded-devel-debuginfo-10.5.10-1.mga8
mariadb-rocks-debuginfo-10.5.10-1.mga8


SRPM:
mariadb-10.5.10-1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Aurelien Oudelet 2021-05-10 13:38:43 CEST 
$ inxi -Sxx
System:    Host: mageia.local Kernel: 5.10.35-desktop-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 
           Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8

No issue with Akonadi (KMail) which uses mariadb as DB backend.

MGA8-64-OK for me.

CC: (none) => ouaurelien

Comment 3 Aurelien Oudelet 2021-05-11 18:44:50 CEST 
Same OK test with Wordpress CMS.
Runs fine under this updates.

Side note to Mark, Bug 28896 and 28897 are same. Closing this.
We can handle in 28896.

*** This bug has been marked as a duplicate of bug 28896 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED
Summary: MariaDB: Security Issues => MariaDB new security issues: CVE-2021-2154 and CVE-2021-2166 for Mageia 8
CVE: (none) => CVE-2021-2154, CVE-2021-2166
Note You need to log in before you can comment on or make changes to this bug.