Bug 32574 - galera new security issue CVE-2023-22084
Summary: galera new security issue CVE-2023-22084
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-11-27 17:24 CET by Nicolas Salguero
Modified: 2023-12-04 10:31 CET (History)
6 users (show)

See Also:
Source RPM: galera-26.4.14-2.mga10.src.rpm
Status comment: Fixed upstream in 26.4.16


Description Nicolas Salguero 2023-11-27 17:24:58 CET
Fedora has issue an advisory on November 25:

Mageia 9 is also affected.
Nicolas Salguero 2023-11-27 17:25:43 CET

Status comment: (none) => Fixed upstream in 26.4.16
Source RPM: (none) => galera-26.4.14-2.mga10.src.rpm
Whiteboard: (none) => MGA9TOO

Comment 1 Lewis Smith 2023-11-27 21:20:19 CET
I see DavidG has already put version: 26.4.16 in Cauldron.
Is it OK to assigning this to you for the M9 bit? (+ advisory)

Assignee: bugsquad => geiger.david68210

Comment 2 David GEIGER 2023-11-27 21:53:47 CET
Assigning to QA,

Packages in 9/Core/Updates_testing:


Version: Cauldron => 9
Assignee: geiger.david68210 => qa-bugs

Comment 3 Marja Van Waes 2023-11-28 14:04:22 CET
Advisory with SRPM from comment 2 added to SVN

CC: (none) => marja11
Whiteboard: MGA9TOO => (none)
Keywords: (none) => advisory

Comment 4 Len Lawrence 2023-11-28 20:26:25 CET
Mageia9, x86_64

A search online provides this description:
Galera Cluster is a synchronous multi-master database cluster, based on synchronous replication and MySQL and InnoDB. When Galera Cluster is in use, database reads and writes can be directed to any node. Any individual node can be lost without interruption in operations and without using complex failover procedures.

Certainly above my pay grade.  It is one of those packages which really needs to be tested by somebody with an interest in it.  It updates cleanly.  Shall pass it on tomorrow if nobody else wishes to test it.

CC: (none) => tarazed25

Comment 5 Herman Viaene 2023-11-30 16:05:46 CET
Had a look at https://mariadb.com/kb/en/getting-started-with-mariadb-galera-cluster/ but configuring this is !!!?????
There seemed to be an easy way to get something going, but
# galera_new_cluster
-bash: galera_new_cluster: command not found
In that status I agree with Len: if nobody shows up with more in-depth knowledge, let the update go.

CC: (none) => herman.viaene

Comment 6 Dave Hodgins 2023-11-30 19:36:24 CET
Mageia does not have mysql-wsrep

Without it, galera can only be used with third party software. In such a
case, it's normal to validate based on a clean install over the prior version.

CC: (none) => davidwhodgins

Comment 7 Thomas Andrews 2023-12-01 21:30:13 CET
Thanks, Dave. Good to see you still have our backs if we need it.

Len said he had a clean install. Herman didn't say, but without a clean install trying a command makes no sense, so he probably had one, too.

Giving this an OK, and validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK

Comment 8 Mageia Robot 2023-12-04 10:31:01 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.