Описание
Security update for mariadb
This update for mariadb fixes the following issues:
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-21427 (bsc#1199928)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27445 (bsc#1198629)
Список пакетов
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2022:2160-1
- E-Mail link for SUSE-SU-2022:2160-1
- SUSE Security Ratings
- SUSE Bug 1198603
- SUSE Bug 1198604
- SUSE Bug 1198606
- SUSE Bug 1198607
- SUSE Bug 1198610
- SUSE Bug 1198611
- SUSE Bug 1198612
- SUSE Bug 1198613
- SUSE Bug 1198629
- SUSE Bug 1199928
- SUSE CVE CVE-2021-46669 page
- SUSE CVE CVE-2022-21427 page
- SUSE CVE CVE-2022-27377 page
- SUSE CVE CVE-2022-27378 page
- SUSE CVE CVE-2022-27380 page
- SUSE CVE CVE-2022-27381 page
- SUSE CVE CVE-2022-27383 page
Описание
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
Затронутые продукты
Ссылки
- CVE-2021-46669
Описание
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Затронутые продукты
Ссылки
- CVE-2022-21427
- SUSE Bug 1198685
Описание
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27377
- SUSE Bug 1198603
Описание
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27378
- SUSE Bug 1198604
Описание
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27380
- SUSE Bug 1198606
Описание
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27381
- SUSE Bug 1198607
Описание
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27383
- SUSE Bug 1198610
Описание
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27384
- SUSE Bug 1198611
Описание
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
Затронутые продукты
Ссылки
- CVE-2022-27386
- SUSE Bug 1198612
Описание
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.
Затронутые продукты
Ссылки
- CVE-2022-27387
- SUSE Bug 1198613
Описание
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
Затронутые продукты
Ссылки
- CVE-2022-27445
- SUSE Bug 1198629