USN-5305-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-5305-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5305-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5305-1
Upstream
Related
Published
2022-02-28T12:28:20.489159Z
Modified
2025-10-13T04:35:48Z
Summary
mariadb-10.3, mariadb-10.5 vulnerabilities
Details

Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues.

MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

References

Affected packages

Ubuntu:20.04:LTS / mariadb-10.3

Package

Name
mariadb-10.3
Purl
pkg:deb/ubuntu/mariadb-10.3@1:10.3.34-0ubuntu0.20.04.1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:10.3.34-0ubuntu0.20.04.1

Affected versions

1:10.*

1:10.3.17-1
1:10.3.18-1
1:10.3.19-1
1:10.3.21-2
1:10.3.22-1
1:10.3.22-1ubuntu1
1:10.3.25-0ubuntu0.20.04.1
1:10.3.29-0ubuntu0.20.04.1
1:10.3.30-0ubuntu0.20.04.1
1:10.3.31-0ubuntu0.20.04.1
1:10.3.32-0ubuntu0.20.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "libmariadb-dev",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "libmariadb-dev-compat",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "libmariadb3",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "libmariadbclient-dev",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "libmariadbd-dev",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "libmariadbd19",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-backup",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-client",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-client-10.3",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-client-core-10.3",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-common",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-connect",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-cracklib-password-check",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-gssapi-client",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-gssapi-server",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-mroonga",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-oqgraph",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-rocksdb",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-spider",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-plugin-tokudb",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-server",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-server-10.3",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-server-core-10.3",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-test",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        },
        {
            "binary_name": "mariadb-test-data",
            "binary_version": "1:10.3.34-0ubuntu0.20.04.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:20.04:LTS",
    "cves": [
        {
            "id": "CVE-2021-46659",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2021-46661",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2021-46663",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2021-46664",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2021-46665",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2021-46668",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-24048",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-24050",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-24051",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-24052",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}