- Issued:
- 2020-12-22
- Updated:
- 2020-12-22
RHSA-2020:5663 - Security Advisory
Synopsis
Important: mariadb:10.3 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089)
Security Fix(es):
- mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)
- mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)
- mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)
- mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)
- mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)
- mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
- mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
- mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)
- mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)
- mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)
- mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899012)
- Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899020)
- Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899025)
- There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899080)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.0 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.0 x86_64
Fixes
- BZ - 1666751 - CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
- BZ - 1666763 - CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
- BZ - 1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
- BZ - 1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
- BZ - 1702977 - CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
- BZ - 1731997 - CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
- BZ - 1731999 - CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
- BZ - 1732000 - CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
- BZ - 1732008 - CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
- BZ - 1732025 - CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
- BZ - 1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
- BZ - 1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
- BZ - 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
- BZ - 1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
- BZ - 1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
- BZ - 1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
- BZ - 1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
- BZ - 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
- BZ - 1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020)
- BZ - 1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
- BZ - 1890738 - CVE-2020-14765 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
- BZ - 1890743 - CVE-2020-14776 mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
- BZ - 1890747 - CVE-2020-14789 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
- BZ - 1890756 - CVE-2020-14812 mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
- BZ - 1894919 - CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
- BZ - 1899012 - FTBFS: -D_GLIBCXX_ASSERTIONS [rhel-8.0.0.z]
- BZ - 1899020 - Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 [rhel-8.0.0.z]
- BZ - 1899025 - Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap [rhel-8.0.0.z]
- BZ - 1899085 - Tracker: MariaDB rebase to the latest version (10.3.27) [rhel-8.0.0.z]
- BZ - 1899089 - Update Galera to the appropriate version (25.3.31) [rhel-8.0.0.z]
CVEs
- CVE-2019-2510
- CVE-2019-2537
- CVE-2019-2614
- CVE-2019-2627
- CVE-2019-2628
- CVE-2019-2737
- CVE-2019-2739
- CVE-2019-2740
- CVE-2019-2758
- CVE-2019-2805
- CVE-2019-2938
- CVE-2019-2974
- CVE-2020-2574
- CVE-2020-2752
- CVE-2020-2760
- CVE-2020-2780
- CVE-2020-2812
- CVE-2020-2814
- CVE-2020-2922
- CVE-2020-13249
- CVE-2020-14765
- CVE-2020-14776
- CVE-2020-14789
- CVE-2020-14812
- CVE-2020-15180
- CVE-2021-2007
- CVE-2021-2022
- CVE-2021-2144
- CVE-2021-2194
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.0
| SRPM | |
|---|---|
| Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm | SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d |
| galera-25.3.31-1.module+el8.0.0+9239+73817dd5.src.rpm | SHA-256: 175613e6ccd4a0f33efae00dae65123b35c737b31373caa55a02b140e395f81b |
| mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.src.rpm | SHA-256: 9d34e5face419ecb5c54072ebe0d29c408161c6409087108cc94d8e510625615 |
| ppc64le | |
| Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm | SHA-256: e784fa218dfe9e225caff5a29d988b7e5a0817dc2a67c59412f954482f8cacdf |
| Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm | SHA-256: 7d703e673d669a38b5242f6fe8e799f6aa07d0313f4dd6fd26d56fa849f2cc90 |
| Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm | SHA-256: 5ff324427bd56c8f408cadfd25f697d8e004f1222ba10f38fc81f9df40a1f9d2 |
| galera-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm | SHA-256: 966dc7a47f7dca8504198d6276ce09a8cfc38ffad3e23f66172261a5c5c1941f |
| galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm | SHA-256: 8e82ac861f25b9fd4c3b15481239fd152640d6c934c015804457ab55f4bb9cd3 |
| galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.ppc64le.rpm | SHA-256: a106a91bfe97c6a3b91bdfb2e214fa471e693788a27965ba6b1501bfdaeaa48c |
| mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 1b8b07f01baae4e34162579898b2bd35625cb35aed402c9c5a00472607ffecab |
| mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 802f80cc65fded68ead7630e0cff221da67145e3a19f2c6a94fb7dc3e53920d6 |
| mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 282b3001047580d0248e731375c50c7df8b6f73b769e159d330909916727c1f9 |
| mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 3df9b34fffa878667ee712b415dfed48f9da0028a61e6423f2942679d75d0aa4 |
| mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 69fd4ec78791248d07f2933eb676b93b4e4c079ac2099f42bb99dd1f58a3a120 |
| mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 14833da72b8efbceca2464e5e672d78c3227af3e2ea9b69944492a2618c82723 |
| mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 3d78cc2423ffb6c9214d1f2dd7183db800fbce7433fe5cb96e40a3e31fe12e60 |
| mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 94721b1071e8a21018803b31f92cb10edef81cb8efe0d41e24b813036da9d8f3 |
| mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 8cdba9835452d7d2ce1e190d943a9e00dedaa83526e586bfe8c47b6b1298c1d8 |
| mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 8066ffefc2bbbad69f47fc41f78a0b6aab835f191b8dae69ea3cc6a8dda0c4a3 |
| mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 0e5edb64984d2e09fefec7d15fd891baa0731c029471b1f2ef15fc9000127c84 |
| mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 3d839987b349c6ff7282d8063ec4664e4930d79bc88924d2c88dcb287f9b3c94 |
| mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 595e95cede9dffe0b95ac247f616ca8f43751e2377011d583ca15995b592376b |
| mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 366af7372aa657d70fe04a46e9ee15cffc1e2acb124174201d8a0abb74caf56a |
| mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 03109664290e23667a7146f7cddccceb60f034346bf364b13efb7dc6ef77a174 |
| mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: bd1e4bfa0c8641d3df01660d0e18449a3a3b5915a840fed6bd3bd13ecfd8441b |
| mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: c3840b8d4062a11db52d3923a109d5f79977f10fbbcd863857f80c973bc5fd7c |
| mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 765c19c3f62b680bf621a60ea1fb5e70e8dcdfc5951847e802d163485e7b222d |
| mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 69636962cea100cfd88fd0162ea196c8aca3506d29281fc17fd13ebce052e879 |
| mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: bce1c7eef92c715c5bd31e13e43a6bfb9697bd95a5a68fa8b041cdff9c24220e |
| mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 07b5cc77b2ad7fb925a4cd56de11974f1df18f0f8cbbe038cfeaa6a39e319848 |
| mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.ppc64le.rpm | SHA-256: 163cf899e80eee272a98891f0e49bbbd1d1333ac921982daec27b44f2ac6bd12 |
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.0
| SRPM | |
|---|---|
| Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm | SHA-256: bd2eba6fcd7c08e2e5397e7b702e8f7b6a4db0937eb74c5a086dfd8d855c5b9d |
| galera-25.3.31-1.module+el8.0.0+9239+73817dd5.src.rpm | SHA-256: 175613e6ccd4a0f33efae00dae65123b35c737b31373caa55a02b140e395f81b |
| mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.src.rpm | SHA-256: 9d34e5face419ecb5c54072ebe0d29c408161c6409087108cc94d8e510625615 |
| x86_64 | |
| Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm | SHA-256: 88a29f33354754a242d50476ca18bb99d2af3884742e4f31c276ebee7c69338a |
| Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm | SHA-256: f2ca433f1ce80240b1a4c7a66d967d877504b9d31264c774013f857ed2a05623 |
| Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm | SHA-256: 6d430b0e9a8de476437df76c6c876444cc0635c1d3ca27a157c7c13e16668f70 |
| galera-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm | SHA-256: 4c8d4aadb38305fd9773c0a1083253bd1bba72b880257629a167faf8d9d91ab8 |
| galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm | SHA-256: a5f63b72a466a1bec2c8aaa43d41470f4572f3795708dfb3de1f958b20ce5d33 |
| galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.x86_64.rpm | SHA-256: 8695861d04a99cd1de8c80f2690d61bd3897d8dac3475e161ff4cfd5bfc30d34 |
| mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 6337963ea4f4c54d7a0e9df4d5b7d65ca343687f0ab015460619e2d512c01611 |
| mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 07c30d212088ad188f86e39171c8737ae1aa03753de132111d73715018dd6d34 |
| mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: a7b67ddbe267109783c07cfa3b0042a9001dba68b49d74aa371d763d69973e35 |
| mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 90e147db00364b4e8666d7eae76ad9c33d608e271f7a350b52957c4653ec9426 |
| mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: a500b7b31b871b0734997f38c20a7c6de97c71cb7800ba61cd69ae867b7668e6 |
| mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: d3c3d8b2c1362c8951c0514d7e32c94453cc47c5b603e86d2b5e24a05f69217a |
| mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 627db210eabef0ce827eecc934883b7eb6d2af2a13865fc5e784bec604816003 |
| mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: a802860a725bd68e0ead255c7cf05d7c22c373b62e4389fe5181ec980c6fbcee |
| mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 0082970eeb443d9e4c6f153f9dcfb6ec596a4fa92c2a6d3bf126ca51515f5114 |
| mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 9c24ff49de8227c62cf141e2657a267429ebb3f98eb8b433fd266e5bfc341a96 |
| mariadb-errmsg-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 86b0ef1d66199988376c13cea7797e6b17c1af8e49b0c4ef03409915708cd155 |
| mariadb-gssapi-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 8be41e56f107aaae7c44b1de1b5af02fa99a969c3baf7b64d8e7afc7e3f0fc8c |
| mariadb-gssapi-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: c6965ca437d4fd47c128c3852c9f7e3c5c2a6b40c40e75be8ea8ea148cfd945c |
| mariadb-oqgraph-engine-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 5547d72898cdcd5f258f360bea9ac3c3687dc8ee5df64547f120fb79002fa8b8 |
| mariadb-oqgraph-engine-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: b92c1456e57fb905a07646a121d2453b737630e4c4eb05479a17e9de6ec87ec6 |
| mariadb-server-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 793b99bd1096ce4c765cb3068e96e504452187c08a251b6b6ae7b77284457174 |
| mariadb-server-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 150cfe5f8cecec1e1b92365b2369afdfdf92c156517d44a586a1e2822ac9f0f5 |
| mariadb-server-galera-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: bc16d76d3d7a2f718696e93fe100ec8f41a978ee3f9696bb005b1679731eff0c |
| mariadb-server-utils-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 73c635b69a86b002347288434d56c5b2e3a0cdd33d563ef1624ee22f566cb10c |
| mariadb-server-utils-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 5c74ebfb9c94adb7cce4156abd7d4fced4e64b8c10f45e6741f12d52ad47334c |
| mariadb-test-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 3a3414de5f978c774e36e9dac3f18df77f0b2818c038fff852e817490a225966 |
| mariadb-test-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.x86_64.rpm | SHA-256: 7af9b6d45f339daa5bcd5c7259f63e1ece14d0d430cab786e1d097b0f04c0db7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.