SUSE-SU-2022:3225-1

Опубликовано: 09 сент. 2022

Источник: suse-cvrf

Описание

Security update for mariadb

This update for mariadb fixes the following issues:

Update to 10.4.26:

CVE-2022-32089 (bsc#1201169)
CVE-2022-32081 (bsc#1201161)
CVE-2022-32091 (bsc#1201170)
CVE-2022-32084 (bsc#1201164)
CVE-2018-25032 (bsc#1197459)
CVE-2022-32088 (bsc#1201168)
CVE-2022-32087 (bsc#1201167)
CVE-2022-32086 (bsc#1201166)
CVE-2022-32085 (bsc#1201165)
CVE-2022-32083 (bsc#1201163)

Bugfixes:

Update mysql-systemd-helper to be aware of custom group (bsc#1200105).

External references:

Список пакетов

SUSE Enterprise Storage 7

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Linux Enterprise Server 15 SP2-BCL

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Manager Proxy 4.1

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Manager Retail Branch Server 4.1

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

SUSE Manager Server 4.1

libmariadbd-devel-10.4.26-150200.3.31.1

libmariadbd19-10.4.26-150200.3.31.1

mariadb-10.4.26-150200.3.31.1

mariadb-client-10.4.26-150200.3.31.1

mariadb-errormessages-10.4.26-150200.3.31.1

mariadb-tools-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223225-1/
Link for SUSE-SU-2022:3225-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012197.html
E-Mail link for SUSE-SU-2022:3225-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1197459
SUSE Bug 1197459
https://bugzilla.suse.com/1200105
SUSE Bug 1200105
https://bugzilla.suse.com/1201161
SUSE Bug 1201161
https://bugzilla.suse.com/1201163
SUSE Bug 1201163
https://bugzilla.suse.com/1201164
SUSE Bug 1201164
https://bugzilla.suse.com/1201165
SUSE Bug 1201165
https://bugzilla.suse.com/1201166
SUSE Bug 1201166
https://bugzilla.suse.com/1201167
SUSE Bug 1201167
https://bugzilla.suse.com/1201168
SUSE Bug 1201168
https://bugzilla.suse.com/1201169
SUSE Bug 1201169
https://bugzilla.suse.com/1201170
SUSE Bug 1201170
https://www.suse.com/security/cve/CVE-2018-25032/
SUSE CVE CVE-2018-25032 page
https://www.suse.com/security/cve/CVE-2022-32081/
SUSE CVE CVE-2022-32081 page
https://www.suse.com/security/cve/CVE-2022-32083/
SUSE CVE CVE-2022-32083 page
https://www.suse.com/security/cve/CVE-2022-32084/
SUSE CVE CVE-2022-32084 page
https://www.suse.com/security/cve/CVE-2022-32085/
SUSE CVE CVE-2022-32085 page
https://www.suse.com/security/cve/CVE-2022-32086/
SUSE CVE CVE-2022-32086 page

Описание

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-25032.html
CVE-2018-25032
https://bugzilla.suse.com/1197459
SUSE Bug 1197459
https://bugzilla.suse.com/1197893
SUSE Bug 1197893
https://bugzilla.suse.com/1198667
SUSE Bug 1198667
https://bugzilla.suse.com/1199104
SUSE Bug 1199104
https://bugzilla.suse.com/1200049
SUSE Bug 1200049
https://bugzilla.suse.com/1201732
SUSE Bug 1201732
https://bugzilla.suse.com/1202688
SUSE Bug 1202688
https://bugzilla.suse.com/1224427
SUSE Bug 1224427

Описание

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32081.html
CVE-2022-32081
https://bugzilla.suse.com/1201161
SUSE Bug 1201161

Описание

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32083.html
CVE-2022-32083
https://bugzilla.suse.com/1201163
SUSE Bug 1201163

Описание

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32084.html
CVE-2022-32084
https://bugzilla.suse.com/1201164
SUSE Bug 1201164

Описание

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32085.html
CVE-2022-32085
https://bugzilla.suse.com/1201165
SUSE Bug 1201165

Описание

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32086.html
CVE-2022-32086
https://bugzilla.suse.com/1201166
SUSE Bug 1201166

Описание

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32087.html
CVE-2022-32087
https://bugzilla.suse.com/1201167
SUSE Bug 1201167

Описание

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32088.html
CVE-2022-32088
https://bugzilla.suse.com/1201168
SUSE Bug 1201168

Описание

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32089.html
CVE-2022-32089
https://bugzilla.suse.com/1201169
SUSE Bug 1201169

Описание

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

Затронутые продукты

SUSE Enterprise Storage 7:libmariadbd-devel-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:libmariadbd19-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-10.4.26-150200.3.31.1

SUSE Enterprise Storage 7:mariadb-client-10.4.26-150200.3.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32091.html
CVE-2022-32091
https://bugzilla.suse.com/1201170
SUSE Bug 1201170

SUSE-SU-2022:3225-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

Ссылки

Уязвимость: CVE-2018-25032

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32081

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32083

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32084

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32085

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32086

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32087

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32088

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32089

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32091

Описание

Затронутые продукты

Ссылки