Bug 30460 - MariaDB: Security Issues update to 10.5.16
Summary: MariaDB: Security Issues update to 10.5.16
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-05-21 10:34 CEST by Marc Krämer
Modified: 2022-06-03 19:16 CEST (History)
5 users (show)

See Also:
Source RPM: mariadb
CVE: CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2022-05-21 10:34:18 CEST 
the latest release has a bunch of security issues fixed and some major fixes in optimizer and replication
Marc Krämer 2022-05-21 10:34:52 CEST

CVE: (none) => CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449

Comment 1 Marc Krämer 2022-05-22 12:30:52 CEST 
Updated mariadb package to latest release:

Some security vulenarbilities have been fixed.

Some bigger bugs in optimizer and replication engine have been found and fixed.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449
https://mariadb.com/kb/en/mariadb-10516-release-notes/
========================

Updated packages in core/updates_testing
========================
mariadb-client-10.5.16-1.mga8
mariadb-client-debuginfo-10.5.16-1.mga8
mariadb-core-10.5.16-1.mga8
lib64mariadbd19-10.5.16-1.mga8
lib64mariadb-embedded-devel-10.5.16-1.mga8
mariadb-bench-debuginfo-10.5.16-1.mga8
mariadb-common-10.5.16-1.mga8
mariadb-mroonga-debuginfo-10.5.16-1.mga8
mariadb-debuginfo-10.5.16-1.mga8
mariadb-spider-debuginfo-10.5.16-1.mga8
mariadb-connect-debuginfo-10.5.16-1.mga8
mariadb-connect-10.5.16-1.mga8
mariadb-spider-10.5.16-1.mga8
mariadb-extra-debuginfo-10.5.16-1.mga8
mariadb-sphinx-debuginfo-10.5.16-1.mga8
lib64mariadb3-debuginfo-10.5.16-1.mga8
mariadb-feedback-debuginfo-10.5.16-1.mga8
mariadb-10.5.16-1.mga8
mariadb-obsolete-debuginfo-10.5.16-1.mga8
lib64mariadb3-10.5.16-1.mga8
mariadb-common-core-10.5.16-1.mga8
mariadb-sequence-debuginfo-10.5.16-1.mga8
mariadb-extra-10.5.16-1.mga8
lib64mariadb-devel-10.5.16-1.mga8
mariadb-sphinx-10.5.16-1.mga8
mariadb-obsolete-10.5.16-1.mga8
mariadb-pam-debuginfo-10.5.16-1.mga8
mariadb-pam-10.5.16-1.mga8
mariadb-sequence-10.5.16-1.mga8
mariadb-feedback-10.5.16-1.mga8
mysql-MariaDB-10.5.16-1.mga8
lib64mariadb-devel-debuginfo-10.5.16-1.mga8
mariadb-mroonga-10.5.16-1.mga8
mariadb-rocks-10.5.16-1.mga8
lib64mariadbd19-debuginfo-10.5.16-1.mga8
mariadb-debugsource-10.5.16-1.mga8
mariadb-core-debuginfo-10.5.16-1.mga8
mariadb-common-debuginfo-10.5.16-1.mga8
mariadb-bench-10.5.16-1.mga8
lib64mariadb-embedded-devel-debuginfo-10.5.16-1.mga8
mariadb-rocks-debuginfo-10.5.16-1.mga8

SRPM:
mariadb-10.5.16-1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Ulrich Beckmann 2022-05-26 17:26:27 CEST 
Tested with Kontact/KMail/Akonadi under KDE Plasma amd64.

2022-05-26 11:11:03 0 [Note] /usr/sbin/mysqld: ready for connections.
Version: '10.5.16-MariaDB'  socket: '/run/user/1000/akonadi/mysql.socket'  port: 0  Mageia MariaDB Server
2022-05-26 11:11:21 0 [Note] InnoDB: Buffer pool(s) load completed at 220526 11:11:21

Invoked as user
$ akonadictl status, ok
$ akonadictl fsck, ok

$ mysql_upgrade -u akonadi --socket=/run/user/1000/akonadi/mysql.socket, ok

No regression found,

Ulrich

CC: (none) => bequimao.de

Comment 3 Herman Viaene 2022-06-01 14:39:58 CEST 
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
At CLI:
# systemctl start mysqld
# systemctl -l status mysqld
* mysqld.service - MySQL database server
     Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-06-01 14:24:53 CEST; 2s ago
    Process: 189572 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
   Main PID: 189586 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 48 (limit: 9395)
     Memory: 47.0M
        CPU: 150ms
     CGroup: /system.slice/mysqld.service
             `-189586 /usr/sbin/mysqld
then also started httpd and used phpmyadmin to delete a previous test database, create a new one, create a table (with a serial PK and timestamp field) in it and insert two rows in the table.
All worked perfectly.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2022-06-01 15:10:01 CEST 
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-06-02 22:47:35 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2022-06-03 19:16:22 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0215.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.