UbuntuUpdates.org

Package "mariadb-plugin-gssapi-client"

Name: mariadb-plugin-gssapi-client

Description:

GSSAPI authentication plugin for MariaDB client
Latest version: 1:10.3.34-0ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: mariadb-10.3
Homepage: https://mariadb.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "mariadb-plugin-gssapi-client"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "mariadb-plugin-gssapi-client" in Focal

Repository Area Version
base universe 1:10.3.22-1ubuntu1
updates universe 1:10.3.34-0ubuntu0.20.04.1

Changelog

Version: 1:10.3.34-0ubuntu0.20.04.1 2022-02-28 14:07:14 UTC

  mariadb-10.3 (1:10.3.34-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.34 includes fixes for the
    following security vulnerabilities (LP: #1961350):
    - CVE-2021-46661
    - CVE-2021-46663
    - CVE-2021-46664
    - CVE-2021-46665
    - CVE-2021-46668
  * Previous upstream version 10.3.33 included security fixes for:
    - CVE-2021-46659
    - CVE-2022-24048
    - CVE-2022-24050
    - CVE-2022-24051
    - CVE-2022-24052
  * Previous upstream version 10.3.32 included security fixes for:
    - CVE-2021-46662
    - CVE-2021-46667
  * Upstream version 10.3.33 was skipped as upstream pulled the release within a
    couple of days of release due to severe regression
  * Notable upstream functional changes in 10.3.33:
    - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB)

 -- Otto Kekäläinen <email address hidden> Thu, 17 Feb 2022 18:15:59 -0800
Source diff to previous version
1961350 CVE-2022-24048 et al affect MariaDB in Ubuntu
CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource
CVE-2021-46659 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVE-2022-24048 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate
CVE-2022-24050 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on
CVE-2022-24051 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on
CVE-2022-24052 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate p
CVE-2021-46662 MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
CVE-2021-46667 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

Version: 1:10.3.32-0ubuntu0.20.04.1 2021-12-06 14:06:21 UTC

  mariadb-10.3 (1:10.3.32-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.32 includes fixes for the
    following security vulnerabilities (LP: #1951709):
    - CVE-2021-35604
  * Drop MIPS and libatomic patches applied now upstream
  * Upstream issue MDEV-25114 about Galera WSREP invalid state
    fixed (Closes: #989898)

 -- Otto Kekäläinen <email address hidden> Sat, 20 Nov 2021 16:08:18 -0800
Source diff to previous version
1951709 CVE-2021-35604 affects MariaDB in Ubuntu
989898 MariaDB crashes with "Crash: WSREP: invalid state ROLLED_BACK (FATAL)"
CVE-2021-35604 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 a

Version: 1:10.3.31-0ubuntu0.20.04.1 2021-08-12 23:06:18 UTC

  mariadb-10.3 (1:10.3.31-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.31 includes fixes for the
    following security vulnerabilities (LP: #1939188):
    - CVE-2021-2389
    - CVE-2021-2372

 -- Otto Kekäläinen <email address hidden> Fri, 06 Aug 2021 22:19:19 -0700
Source diff to previous version
1939188 CVE-2021-2389 \u0026 CVE-2021-2372 affect MariaDB in Ubuntu
CVE-2021-2389 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 a
CVE-2021-2372 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 a

Version: 1:10.3.30-0ubuntu0.20.04.1 2021-07-29 03:06:26 UTC

  mariadb-10.3 (1:10.3.30-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version 10.3.30 includes fixes for a critical bug that
    was compromising the results of some type of queries (subqueries with
    group by): https://jira.mariadb.org/browse/MDEV-25714 (LP: #1936727)
  * Fix Perl executable path in scripts (stop using 'env') (Closes: #991472)
    Upstream MariaDB has broken shebangs (#!/usr/bin/env perl) in several
    scripts, thus rendering them potentially loading the wrong Perl version
    and rendering the scripts unusable. Fixing the shebang recovers correct
    behaviour.

  [ Daniel Black ]
  * Add caching_sha2_password.so (Closes: #962597) (LP: #1913676)

 -- Otto Kekäläinen <email address hidden> Sat, 17 Jul 2021 15:59:58 -0700
Source diff to previous version
1936727 [SRU] MariaDB new release 10.3.30
1913676 libmariadb3 fails to include caching_sha2_password.so
991472 mariadb-client-10.3: mytop has wrong shebang line
962597 libmariadb3: Install caching_sha2_password.so

Version: 1:10.3.29-0ubuntu0.20.04.1 2021-05-11 20:06:30 UTC

  mariadb-10.3 (1:10.3.29-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.3.29 includes fixes for the
    following security vulnerabilities (LP: #1926926):
    - CVE-2021-2154
    - CVE-2021-2166
  * Previous release 10.3.28 included fixes for:
    - CVE-2021-27928
  * Previous release 10.3.26 included fixes for:
    - CVE-2020-14765
    - CVE-2020-14776
    - CVE-2020-14789
    - CVE-2020-14812
    - CVE-2020-28912
    - CVE-2021-2194
  * Previous release 10.3.24 included fixes for:
    - CVE-2021-2022
  * Drop patch obsoleted by test file removal in upstream (MDEV-22653)
  * Drop file removed upstream (MDEV-24586)
  * Update symbols to include new one from MariaDB Client 3.1.13

 -- Otto Kekäläinen <email address hidden> Sun, 09 May 2021 11:20:31 -0700
1926926 CVE-2021-27928 et al affects MariaDB in Ubuntu
CVE-2021-2154 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily
CVE-2021-2166 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0
CVE-2021-27928 A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percon
CVE-2020-14765 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31
CVE-2020-14776 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 a
CVE-2020-14789 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0
CVE-2020-14812 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.
CVE-2020-28912 With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to
CVE-2021-2194 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 a
CVE-2021-2022 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and


About   -   Send Feedback to @ubuntu_updates