UbuntuUpdates.org

Package "mariadb-server"

Name: mariadb-server

Description:

MariaDB database server (metapackage depending on the latest version)
Latest version: 1:10.5.15-0ubuntu0.21.10.1
Release: impish (21.10)
Level: security
Repository: universe
Head package: mariadb-10.5
Homepage: https://mariadb.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "mariadb-server"

All arch deb package
APT INSTALL

Other versions of "mariadb-server" in Impish

Repository Area Version
base universe 1:10.5.12-1build1
updates universe 1:10.5.15-0ubuntu0.21.10.1
proposed universe 1:10.3.27-1~exp1

Changelog

Version: 1:10.5.15-0ubuntu0.21.10.1 2022-02-28 14:07:19 UTC

  mariadb-10.5 (1:10.5.15-0ubuntu0.21.10.1) impish-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.5.15 includes fixes for the
    following security vulnerabilities (LP: #1961350):
    - CVE-2021-46661
    - CVE-2021-46663
    - CVE-2021-46664
    - CVE-2021-46665
    - CVE-2021-46668
  * New upstream version 10.5.14. Includes security fixes for
   - CVE-2021-46659
    - CVE-2022-24048
    - CVE-2022-24050
    - CVE-2022-24051
    - CVE-2022-24052
  * Notable upstream functional changes in 10.5.14:
    - New default value for innodb_change_buffering is 'none' instead of old
      value 'all' (MDEV-27734). This change should improve crash safety but
      might cause performance regressions on systems that use old spinning disks
      (HDD) where seek latency is higher.
    - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB)

 -- Otto Kekäläinen <email address hidden> Thu, 17 Feb 2022 18:27:55 -0800
Source diff to previous version
1961350 CVE-2022-24048 et al affect MariaDB in Ubuntu
CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource
CVE-2021-46659 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVE-2022-24048 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate
CVE-2022-24050 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on
CVE-2022-24051 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on
CVE-2022-24052 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate p

Version: 1:10.5.13-0ubuntu0.21.10.1 2021-12-06 14:06:23 UTC

  mariadb-10.5 (1:10.5.13-0ubuntu0.21.10.1) impish-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.5.13 includes fixes for the
    following security vulnerabilities (LP: #1951709):
    - CVE-2021-35604
  * Drop MIPS and libatomic patches applied now upstream

 -- Otto Kekäläinen <email address hidden> Sat, 20 Nov 2021 16:22:31 -0800
1951709 CVE-2021-35604 affects MariaDB in Ubuntu
CVE-2021-35604 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 a


About   -   Send Feedback to @ubuntu_updates