Bug 33230 - mariadb new security issue CVE-2024-21096
Summary: mariadb new security issue CVE-2024-21096
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-05-21 15:26 CEST by Nicolas Salguero
Modified: 2024-05-26 01:40 CEST (History)
4 users (show)

See Also:
Source RPM: mariadb-10.11.7-1.mga9.src.rpm
CVE: CVE-2024-21096
Status comment: Fixed upstream in 10.11.8


Attachments

Description Nicolas Salguero 2024-05-21 15:26:27 CEST
Slackware has issued an advisory on May 20:
https://lwn.net/Articles/974440/

The problem is fixed in version 10.11.8.
Nicolas Salguero 2024-05-21 15:27:03 CEST

Source RPM: (none) => mariadb-10.11.7-1.mga9.src.rpm
Status comment: (none) => Fixed upstream in 10.11.8
CVE: (none) => CVE-2024-21096

Comment 1 Lewis Smith 2024-05-21 20:26:08 CEST
Marc is the regular packager for MariaDB, so assigning this to you.

Assignee: bugsquad => mageia

Comment 2 Marc Krämer 2024-05-22 13:45:10 CEST
strange, must have missed the version announcement. But I was very busy.
Comment 3 Marc Krämer 2024-05-22 20:21:52 CEST
Updated MariaDB to fix a new security issue [1,2]

Addtional bugs were fixed [3] in the following components:
InnoDB
Spider
Aria
Backup
JSON
Optimization & Tuning
Plugins
Galera
Scripts & Clients
Server

For the deatails see the vendor site [3]

References:
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21096
[2] https://lwn.net/Articles/974440/
[3] https://mariadb.com/kb/en/mariadb-10-11-8-release-notes/
========================

Updated packages in core/updates_testing:
========================
mariadb-client-10.11.8-1.mga9
mariadb-client-debuginfo-10.11.8-1.mga9
lib64mariadbd19-10.11.8-1.mga9
mariadb-core-10.11.8-1.mga9
lib64mariadb-embedded-devel-10.11.8-1.mga9
mariadb-mroonga-debuginfo-10.11.8-1.mga9
lib64mariadb-devel-10.11.8-1.mga9
mariadb-common-10.11.8-1.mga9
mariadb-spider-debuginfo-10.11.8-1.mga9
mariadb-rocks-10.11.8-1.mga9
mariadb-mroonga-10.11.8-1.mga9
mariadb-bench-debuginfo-10.11.8-1.mga9
mariadb-debuginfo-10.11.8-1.mga9
mariadb-s3-engine-10.11.8-1.mga9
mariadb-feedback-debuginfo-10.11.8-1.mga9
mariadb-connect-debuginfo-10.11.8-1.mga9
mariadb-extra-debuginfo-10.11.8-1.mga9
mariadb-connect-10.11.8-1.mga9
mariadb-10.11.8-1.mga9
mariadb-spider-10.11.8-1.mga9
mariadb-sphinx-debuginfo-10.11.8-1.mga9
mariadb-s3-engine-debuginfo-10.11.8-1.mga9
lib64mariadb3-debuginfo-10.11.8-1.mga9
mariadb-obsolete-debuginfo-10.11.8-1.mga9
mariadb-common-core-10.11.8-1.mga9
lib64mariadb3-10.11.8-1.mga9
mariadb-sequence-debuginfo-10.11.8-1.mga9
mariadb-extra-10.11.8-1.mga9
mariadb-sphinx-10.11.8-1.mga9
mariadb-obsolete-10.11.8-1.mga9
mariadb-pam-debuginfo-10.11.8-1.mga9
mariadb-pam-10.11.8-1.mga9
mariadb-sequence-10.11.8-1.mga9
mysql-MariaDB-10.11.8-1.mga9
lib64mariadb-devel-debuginfo-10.11.8-1.mga9
mariadb-feedback-10.11.8-1.mga9
lib64mariadbd19-debuginfo-10.11.8-1.mga9
mariadb-debugsource-10.11.8-1.mga9
mariadb-core-debuginfo-10.11.8-1.mga9
mariadb-bench-10.11.8-1.mga9
mariadb-common-debuginfo-10.11.8-1.mga9
mariadb-rocks-debuginfo-10.11.8-1.mga9
lib64mariadb-embedded-devel-debuginfo-10.11.8-1.mga9

SRPM:
mariadb-10.11.8-1.mga9.src.rpm

Assignee: mageia => qa-bugs

katnatek 2024-05-23 23:34:51 CEST

Keywords: (none) => advisory

Comment 4 Herman Viaene 2024-05-24 14:12:23 CEST
MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues, omitting debuginfo's
# systemctl start httpd
# systemctl start mysqld
# systemctl -l status mysqld
● mysqld.service - MySQL database server
     Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; preset: disabled)
     Active: active (running) since Fri 2024-05-24 14:01:07 CEST; 20s ago
    Process: 21914 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
   Main PID: 21928 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 22 (limit: 4495)
     Memory: 101.8M
        CPU: 1.666s
     CGroup: /system.slice/mysqld.service
             └─21928 /usr/sbin/mysqld

May 24 14:00:46 mach4.hviaene.thuis mysqld[21928]: 2024-05-24 14:00:46 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physi>
May 24 14:00:46 mach4.hviaene.thuis mysqld[21928]: 2024-05-24 14:00:46 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
May 24 14:00:46 mach4.hviaene.thuis mysqld[21928]: 2024-05-24 14:00:46 0 [Note] InnoDB: log sequence number 72212; transaction id 48
May 24 14:00:46 mach4.hviaene.thuis mysqld[21928]: 2024-05-24 14:00:46 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_bu>
May 24 14:00:46 mach4.hviaene.thuis mysqld[21928]: 2024-05-24 14:00:46 0 [Note] InnoDB: Buffer pool(s) load completed at 240524 14:00:46
May 24 14:00:46 mach4.hviaene.thuis mysqld[21928]: 2024-05-24 14:00:46 0 [Note] CONNECT: Version 1.07.0002 March 22, 2021
May 24 14:00:47 mach4.hviaene.thuis mysqld[21928]: 240524 14:00:47 server_audit: MariaDB Audit Plugin version 1.4.14 STARTED.
May 24 14:01:07 mach4.hviaene.thuis mysqld[21928]: 240524 14:00:47 server_audit: Query cache is enabled with the TABLE events. Some tabl>
May 24 14:01:07 mach4.hviaene.thuis mysqld[21928]: Version: '10.11.8-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 0  Mageia Mari>
May 24 14:01:07 mach4.hviaene.thuis systemd[1]: Started mysqld.service.

Used phpmyadmin to delete an existing database, created a new one, created one new table with serial field as primary key, one varchar as unique key, one plain varchar, one timestamp with current_timestamp as default.
Table created OK, inserted some values, all OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 5 PC LX 2024-05-24 16:37:40 CEST
Installed and tested without issues.

Tested with:
- mysql CLI;
- dbeaver-ce;
- mysql workstation;
- PHP scripts (e.g. phpmyadmin, roundcubemail, nextcloud, wordpress);
- Qt6 applications using the QSqlMySql plugin driver;
- systemd restricted service for improved security (see override.conf file below).
All OK.



System: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.



$ uname -a
Linux marte 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep mariadb | sort
lib64mariadb3-10.11.8-1.mga9
mariadb-10.11.8-1.mga9
mariadb-client-10.11.8-1.mga9
mariadb-common-10.11.8-1.mga9
mariadb-common-core-10.11.8-1.mga9
mariadb-core-10.11.8-1.mga9
mariadb-extra-10.11.8-1.mga9
$ systemctl status mysqld.service 
● mysqld.service - MySQL database server
     Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/mysqld.service.d
             └─override.conf
     Active: active (running) since Fri 2024-05-24 08:00:03 WEST; 7h ago
    Process: 1972738 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
   Main PID: 1972752 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 20 (limit: 19042)
     Memory: 153.0M
        CPU: 12min 57.037s
     CGroup: /system.slice/mysqld.service
             └─1972752 /usr/sbin/mysqld
$ cat /etc/systemd/system/mysqld.service.d/override.conf
# If "skip-networking" is set in the configuration then "AF_INET AF_INET6"
# should be removed from RestrictAddressFamilies and PrivateNetwork=should
# be set to "yes".

[Service]

PrivateNetwork=yes
PrivateUsers=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed

UMask=0077
NoNewPrivileges=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RemoveIPC=yes

RestrictRealtime=yes
RestrictSUIDSGID=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~ @privileged @resources

ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
ProtectSystem=strict

AmbientCapabilities=
CapabilityBoundingSet=

StateDirectory=mysql
RuntimeDirectory=mysqld
LogsDirectory=mysqld

CC: (none) => mageia

Comment 6 katnatek 2024-05-25 20:22:37 CEST
Herman and/or PC LX test are considered good in previous rounds

CC: (none) => andrewsfarm

Comment 7 Thomas Andrews 2024-05-25 23:29:38 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2024-05-26 01:40:04 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0195.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.