SUSE-SU-2022:3391-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3391-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3391-1
Related
Published
2022-09-26T13:06:16Z
Modified
2022-09-26T13:06:16Z
Summary
Security update for mariadb
Details

This update for mariadb fixes the following issues:

Update to 10.5.17:

  • CVE-2022-32082: Fixed assertion failure at table->getrefcount() == 0 in dict0dict.cc (bsc#1201162).
  • CVE-2022-32089: Fixed segmentation fault via the component stselectlexunit::excludelevel (bsc#1201169).
  • CVE-2022-32081: Fixed use-after-poison in prepareinplaceadd_virtual at /storage/innobase/handler/handler0alter.cc (bsc#1201161).
  • CVE-2022-32091: Fixed use-after-poison in _interceptormemset at /libsanitizer/sanitizercommon/sanitizercommon_interceptors.inc (bsc#1201170).
  • CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164).

  • CVE-2022-38791: Fixed deadlock in compresswrite in extra/mariabackup/dscompress.cc (bsc#1202863).

  • CVE-2022-32088: Fixed segmentation fault via the component Exectimetracker::getloops/Filesorttracker::report_use/filesort (bsc#1201168).

  • CVE-2022-32087: Fixed segmentation fault via the component Itemargs::walkargs (bsc#1201167).
  • CVE-2022-32086: Fixed segmentation fault via the component Itemfield::fixouter_field (bsc#1201166).
  • CVE-2022-32085: Fixed segmentation fault via the component Itemfuncin::cleanup/Item::cleanup_processor (bsc#1201165).
  • CVE-2022-32083: Fixed segmentation fault via the component Itemsubselect::initexprcachetracker (bsc#1201163).

Bugfixes:

  • Fixed mysql-systemd-helper being unaware of custom group (bsc#1200105).
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP3 / mariadb

Package

Name
mariadb
Purl
purl:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.5.17-150300.3.21.1

Ecosystem specific 

{
    "binaries": [
        {
            "mariadb-galera": "10.5.17-150300.3.21.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP3 / mariadb

Package

Name
mariadb
Purl
purl:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.5.17-150300.3.21.1

Ecosystem specific 

{
    "binaries": [
        {
            "libmariadbd-devel": "10.5.17-150300.3.21.1",
            "mariadb-errormessages": "10.5.17-150300.3.21.1",
            "mariadb": "10.5.17-150300.3.21.1",
            "mariadb-tools": "10.5.17-150300.3.21.1",
            "mariadb-client": "10.5.17-150300.3.21.1",
            "libmariadbd19": "10.5.17-150300.3.21.1"
        }
    ]
}

openSUSE:Leap 15.3 / mariadb

Package

Name
mariadb
Purl
purl:rpm/suse/mariadb&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.5.17-150300.3.21.1

Ecosystem specific 

{
    "binaries": [
        {
            "mariadb-errormessages": "10.5.17-150300.3.21.1",
            "mariadb-rpm-macros": "10.5.17-150300.3.21.1",
            "mariadb-tools": "10.5.17-150300.3.21.1",
            "libmariadbd19": "10.5.17-150300.3.21.1",
            "mariadb-bench": "10.5.17-150300.3.21.1",
            "mariadb-test": "10.5.17-150300.3.21.1",
            "libmariadbd-devel": "10.5.17-150300.3.21.1",
            "mariadb": "10.5.17-150300.3.21.1",
            "mariadb-client": "10.5.17-150300.3.21.1"
        }
    ]
}