Bug 31920 - MariaDB: 10.5.20 fixes security Issues
Summary: MariaDB: 10.5.20 fixes security Issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-05-13 14:56 CEST by Marc Krämer
Modified: 2023-05-22 17:32 CEST (History)
5 users (show)

See Also:
Source RPM: mariadb
CVE:
Status comment:


Attachments

Description Marc Krämer 2023-05-13 14:56:09 CEST
https://mariadb.com/kb/en/mariadb-10-5-20-release-notes/

CVE-2022-47015
Comment 1 Marc Krämer 2023-05-14 22:40:16 CEST
Updated mariadb package fix security vulnerability:

It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. [1]

Some more fixes have been added to [2]
- Backup
- InnoDB
- Replication

References:
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47015
[2] https://mariadb.com/kb/en/mariadb-10-5-20-release-notes/
========================

Updated packages in core/updates_testing:
========================
mariadb-client-10.5.20-1.mga8
mariadb-client-debuginfo-10.5.20-1.mga8
mariadb-core-10.5.20-1.mga8
lib64mariadbd19-10.5.20-1.mga8
lib64mariadb-embedded-devel-10.5.20-1.mga8
mariadb-connect-debuginfo-10.5.20-1.mga8
mariadb-common-10.5.20-1.mga8
mariadb-mroonga-debuginfo-10.5.20-1.mga8
mariadb-bench-debuginfo-10.5.20-1.mga8
mariadb-spider-debuginfo-10.5.20-1.mga8
mariadb-debuginfo-10.5.20-1.mga8
mariadb-connect-10.5.20-1.mga8
mariadb-extra-debuginfo-10.5.20-1.mga8
mariadb-spider-10.5.20-1.mga8
mariadb-sphinx-debuginfo-10.5.20-1.mga8
mariadb-feedback-debuginfo-10.5.20-1.mga8
mariadb-mroonga-10.5.20-1.mga8
lib64mariadb3-debuginfo-10.5.20-1.mga8
mariadb-10.5.20-1.mga8
mariadb-obsolete-debuginfo-10.5.20-1.mga8
mariadb-common-core-10.5.20-1.mga8
lib64mariadb3-10.5.20-1.mga8
mariadb-sequence-debuginfo-10.5.20-1.mga8
mariadb-sphinx-10.5.20-1.mga8
mariadb-extra-10.5.20-1.mga8
mariadb-pam-10.5.20-1.mga8
mariadb-rocks-10.5.20-1.mga8
mariadb-pam-debuginfo-10.5.20-1.mga8
mariadb-obsolete-10.5.20-1.mga8
mariadb-sequence-10.5.20-1.mga8
mariadb-feedback-10.5.20-1.mga8
mysql-MariaDB-10.5.20-1.mga8
lib64mariadb-devel-debuginfo-10.5.20-1.mga8
lib64mariadb-devel-10.5.20-1.mga8
mariadb-debugsource-10.5.20-1.mga8
lib64mariadbd19-debuginfo-10.5.20-1.mga8
mariadb-core-debuginfo-10.5.20-1.mga8
mariadb-common-debuginfo-10.5.20-1.mga8
mariadb-bench-10.5.20-1.mga8
lib64mariadb-embedded-devel-debuginfo-10.5.20-1.mga8
mariadb-rocks-debuginfo-10.5.20-1.mga8

SRPM:
mariadb-10.5.20-1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Herman Viaene 2023-05-15 14:09:33 CEST
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
At CLI:
# systemctl start httpd
[root@mach7 ~]# systemctl start mysqld
[root@mach7 ~]# systemctl -l status mysqld
● mysqld.service - MySQL database server
     Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2023-05-15 13:57:21 CEST; 25s ago
   Main PID: 4864 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 44 (limit: 4364)
     Memory: 60.9M
        CPU: 1.443s
     CGroup: /system.slice/mysqld.service
             └─4864 /usr/sbin/mysqld

May 15 13:57:18 mach7.hviaene.thuis mysqld[4864]: 2023-05-15 13:57:18 0 [Note] InnoDB: File './ibtmp1' size is now>
May 15 13:57:18 mach7.hviaene.thuis mysqld[4864]: 2023-05-15 13:57:18 0 [Note] InnoDB: 10.5.20 started; log sequen>
May 15 13:57:18 mach7.hviaene.thuis mysqld[4864]: 2023-05-15 13:57:18 0 [Note] InnoDB: Loading buffer pool(s) from>
May 15 13:57:19 mach7.hviaene.thuis mysqld[4864]: 230515 13:57:19 server_audit: MariaDB Audit Plugin version 1.4.1>
May 15 13:57:19 mach7.hviaene.thuis mysqld[4864]: 230515 13:57:19 server_audit: Query cache is enabled with the TA>
May 15 13:57:21 mach7.hviaene.thuis mysqld[4864]: 2023-05-15 13:57:21 0 [Note] Reading of all Master_info entries >
May 15 13:57:21 mach7.hviaene.thuis mysqld[4864]: 2023-05-15 13:57:21 0 [Note] Added new Master_info '' to hash ta>
May 15 13:57:21 mach7.hviaene.thuis mysqld[4864]: 2023-05-15 13:57:21 0 [Note] /usr/sbin/mysqld: ready for connect>
May 15 13:57:21 mach7.hviaene.thuis mysqld[4864]: Version: '10.5.20-MariaDB'  socket: '/var/lib/mysql/mysql.sock' >
May 15 13:57:21 mach7.hviaene.thuis systemd[1]: Started MySQL database server.


Removed some previous testing databases, created a new one named testmaria10520 and in that a table wit a PK, a unique index and a timestamp column. Populated the table with a few rows.
All works OK.

CC: (none) => herman.viaene

PC LX 2023-05-15 14:32:39 CEST

CC: (none) => mageia

Comment 3 PC LX 2023-05-21 01:18:13 CEST
Installed and tested without issues.

Tested for about a week. No issues or regressions found.

Tested:
- mysql CLI;
- phpMyAdmin;
- MySQL Workbench;
- PHP scripts using PDO/mysql;
- Qt6 apps using mysql plugin.
- systemd unix and TCP/IP socket activation.



System: Mageia 8, x86_64, AMD CPU.



$ uname -a
Linux jupiter 6.1.27-desktop-2.mga8 #1 SMP PREEMPT_DYNAMIC Mon May  8 20:42:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
# systemctl status mysqld.socket mysqld.service
● mysqld.socket - mysqld Server Socket
     Loaded: loaded (/usr/local/lib/systemd/system/mysqld.socket; enabled; vendor preset: disabled)
     Active: inactive (dead) since Sun 2023-05-21 00:14:22 WEST; 1min 48s ago
   Triggers: ● mysqld.service
     Listen: /run/mysqld/mysqld.socket (Stream)
             127.0.0.1:3306 (Stream)
        CPU: 334us

mai 21 00:14:10 jupiter systemd[1]: Listening on mysqld Server Socket.
mai 21 00:14:22 jupiter systemd[1]: mysqld.socket: Succeeded.
mai 21 00:14:22 jupiter systemd[1]: Closed mysqld Server Socket.

● mysqld.service - MySQL database server
     Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
     Active: active (running) since Sun 2023-05-21 00:14:23 WEST; 1min 48s ago
TriggeredBy: ● mysqld.socket
    Process: 33143 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
   Main PID: 33168 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 12 (limit: 37620)
     Memory: 76.0M
        CPU: 115ms
     CGroup: /system.slice/mysqld.service
             └─33168 /usr/sbin/mysqld

mai 21 00:14:23 jupiter mysqld[33168]: 2023-05-21  0:14:23 0 [Note] InnoDB: 10.5.20 started; log sequence number 51771109; transaction id 1576457
mai 21 00:14:23 jupiter mysqld[33168]: 2023-05-21  0:14:23 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
mai 21 00:14:23 jupiter mysqld[33168]: 230521  0:14:23 server_audit: MariaDB Audit Plugin version 1.4.14 STARTED.
mai 21 00:14:23 jupiter mysqld[33168]: 230521  0:14:23 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2023-05-21  0:14:23 0 [Note] Server socket created on IP: '127.0.0.1'.
mai 21 00:14:23 jupiter mysqld[33168]: 2023-05-21  0:14:23 0 [Note] Reading of all Master_info entries succeeded
mai 21 00:14:23 jupiter mysqld[33168]: 2023-05-21  0:14:23 0 [Note] Added new Master_info '' to hash table
mai 21 00:14:23 jupiter mysqld[33168]: 2023-05-21  0:14:23 0 [Note] /usr/sbin/mysqld: ready for connections.
mai 21 00:14:23 jupiter mysqld[33168]: Version: '10.5.20-MariaDB'  socket: '/run/mysqld/mysqld.socket'  port: 3306  Mageia MariaDB Server
mai 21 00:14:23 jupiter systemd[1]: Started MySQL database server.
mai 21 00:14:23 jupiter mysqld[33168]: 2023-05-21  0:14:23 0 [Note] InnoDB: Buffer pool(s) load completed at 230521  0:14:23

Whiteboard: (none) => MGA8-64-OK

Comment 4 PC LX 2023-05-21 01:19:35 CEST
List of installed packages.

# rpm -qa | grep mariadb | sort
lib64mariadb3-10.5.20-1.mga8
mariadb-10.5.20-1.mga8
mariadb-client-10.5.20-1.mga8
mariadb-common-10.5.20-1.mga8
mariadb-common-core-10.5.20-1.mga8
mariadb-core-10.5.20-1.mga8
mariadb-extra-10.5.20-1.mga8
Comment 5 Thomas Andrews 2023-05-21 16:57:44 CEST
Validating. Advisory information in comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-05-21 23:42:30 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2023-05-22 17:32:04 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0185.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.