ELSA-2021-1242

Опубликовано: 27 апр. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-1242: mariadb:10.3 and mariadb-devel:10.3 security update (IMPORTANT)

galera [25.3.32-1]

Rebase to 25.3.32

mariadb [3:10.3.28-1]

Rebase to 10.3.28

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module mariadb:10.3 is enabled

Judy

1.0.5-18.0.1.module+el8.3.0+9616+7a81225f

galera

25.3.32-1.module+el8.3.0+20131+15c9d707

mariadb

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-backup

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-common

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-devel

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-embedded

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-embedded-devel

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-errmsg

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-gssapi-server

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-oqgraph-engine

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-server

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-server-galera

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-server-utils

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-test

10.3.28-1.module+el8.3.0+20131+15c9d707

Module mariadb-devel:10.3 is enabled

Judy-devel

1.0.5-18.0.1.module+el8.3.0+9616+7a81225f

asio-devel

1.10.8-7.module+el8.1.0+5402+691bd77e

Oracle Linux x86_64

Module mariadb:10.3 is enabled

Judy

1.0.5-18.0.1.module+el8.3.0+9616+7a81225f

galera

25.3.32-1.module+el8.3.0+20131+15c9d707

mariadb

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-backup

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-common

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-devel

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-embedded

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-embedded-devel

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-errmsg

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-gssapi-server

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-oqgraph-engine

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-server

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-server-galera

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-server-utils

10.3.28-1.module+el8.3.0+20131+15c9d707

mariadb-test

10.3.28-1.module+el8.3.0+20131+15c9d707

Module mariadb-devel:10.3 is enabled

Judy-devel

1.0.5-18.0.1.module+el8.3.0+9616+7a81225f

asio-devel

1.10.8-7.module+el8.1.0+5402+691bd77e

Связанные CVE

CVE-2021-27928

Ссылки на источники

Связанные уязвимости

CVE-2021-27928

CVSS3: 7.2

ubuntu

больше 4 лет назад

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.