UbuntuUpdates.org

Package "mariadb-server"

Name: mariadb-server

Description:

MariaDB database server (metapackage depending on the latest version)

Latest version: 1:10.6.18-0ubuntu0.22.04.1
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: mariadb-10.6
Homepage: https://mariadb.org/

Links


Download "mariadb-server"


Other versions of "mariadb-server" in Jammy

Repository Area Version
base universe 1:10.6.7-2ubuntu1
security universe 1:10.6.18-0ubuntu0.22.04.1

Changelog

Version: 1:10.6.18-0ubuntu0.22.04.1 2024-06-19 10:07:12 UTC

  mariadb-10.6 (1:10.6.18-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Update gdb.conf to be aligned with other branches and easier to maintain
  * Update upstream signing key
  * SECURITY UPDATE: New upstream version 10.6.18 includes fixes for regressions
    as noted at https://mariadb.com/kb/en/mariadb-10-6-18-release-notes/ and
    also fixes the following security vulnerabilities (LP: #2067125):
    - CVE-2024-21096
  * Remove libmariadb file no longer present in MariaDB Connector C v3.3
  * Fix failing build by including wsrep_sst_backup man page
  * Add patch to partially revert upstream c432c9ef (Closes: #1063738)

 -- Otto Kekäläinen <email address hidden> Sat, 25 May 2024 14:07:17 -0700

Source diff to previous version
2067125 CVE-2024-21096 et al affects MariaDB in Ubuntu
1063738 mariadb: FTBFS on armel, armhf, powerpc, x32, hppa: size of array compile_time_assert is negative
CVE-2024-21096 Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior

Version: 1:10.6.16-0ubuntu0.22.04.1 2024-01-25 19:12:34 UTC

  mariadb-10.6 (1:10.6.16-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.6.16includes fixes for the
    following security vulnerabilities (LP: #2045452):
    - CVE-2023-22084
  * Previous upstream version 10.6.13 included security fixes for:
    - CVE-2022-47015
  * Include new test plugin file and header file
  * Update libmariadb3.symbols to include new ABI changes in 3.3.5
    and fix DPKG_GENSYMBOLS_CHECK_LEVEL so it actually takes effect and in
    build will properly fail if there are unaccounted symbol changes in
    future upstream maintenance releases
  * For details, see https://mariadb.com/kb/en/mariadb-10-6-16-release-notes/
    and previous upstream release notes

 -- Otto Kekäläinen <email address hidden> Fri, 01 Dec 2023 19:44:37 -0800

Source diff to previous version
2045452 CVE-2022-47015 et al affects MariaDB in Ubuntu
CVE-2023-22084 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and
CVE-2022-47015 MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to derefere

Version: 1:10.6.12-0ubuntu0.22.04.1 2023-02-22 13:06:53 UTC

  mariadb-10.6 (1:10.6.12-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * New upstream version 10.6.12. Includes fix for a major
    performance/memory consumption issue (MDEV-29988) (LP: #2006882).
  * Move my_print_defaults to MariaDB client core package (LP: #1997880)

 -- Otto Kekäläinen <email address hidden> Thu, 09 Feb 2023 22:57:07 -0800

Source diff to previous version
2006882 MDEV-29988 affects MariaDB in Ubuntu
1997880 package mariadb-server-core-10.6 1:10.6.11-0ubuntu0.22.04.1 failed to install/upgrade: pr\u00f8ver \u00e5 skrive over \u00ab/usr/bin/my_print_default

Version: 1:10.6.11-0ubuntu0.22.04.1 2022-11-23 19:06:25 UTC

  mariadb-10.6 (1:10.6.11-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: New upstream version 10.6.11 includes fixes for security
    vulnerabilities from previous releases as listed below (LP: #1996452)
  * New upstream version 10.6.10. Includes several important fixes for
    issues that regressed in previous release. See details in:
    https://mariadb.org/regressions-in-recent-mariadb-server-releases/
  * New upstream version 10.6.9. Includes security fixes for
    - CVE-2018-25032
    - CVE-2022-32081
    - CVE-2022-32082
    - CVE-2022-32084
    - CVE-2022-32089
    - CVE-2022-32091
  * New upstream version 10.6.8. Includes security fixes for
    - CVE-2021-46669
    - CVE-2022-27376
    - CVE-2022-27377
    - CVE-2022-27378
    - CVE-2022-27379
    - CVE-2022-27380
    - CVE-2022-27381
    - CVE-2022-27382
    - CVE-2022-27383
    - CVE-2022-27384
    - CVE-2022-27386
    - CVE-2022-27387
    - CVE-2022-27444
    - CVE-2022-27445
    - CVE-2022-27446
    - CVE-2022-27447
    - CVE-2022-27448
    - CVE-2022-27449
    - CVE-2022-27451
    - CVE-2022-27452
    - CVE-2022-27455
    - CVE-2022-27456
    - CVE-2022-27457
    - CVE-2022-27458
    - CVE-2022-32085
    - CVE-2022-32086
    - CVE-2022-32087
    - CVE-2022-32088
  * Clean away several patches:
    - Remove Mroonga patch that didn't help make it build in a reproducible way.
      The patch does not hurt, but cleaning away all excess cruft is a vice.
    - Remove multiple patches that all got merged upstream or that were
      themselves backported existing upstream commits.
    - Remove the OpenSSL 30 patches that all got merged upstream in
      https://github.com/MariaDB/server/pull/2036
  * Add Bulgarian and Chinese translations for error messages
  * Include new wsrep_sst_backup in mariadb-server-10.6 package

 -- Otto Kekäläinen <email address hidden> Sat, 12 Nov 2022 23:48:47 -0800

Source diff to previous version
1996452 CVE-2022-32091 et al affect MariaDB in Ubuntu
CVE-2018-25032 zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2022-32081 MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
CVE-2022-32082 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
CVE-2022-32084 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32089 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32091 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptor
CVE-2021-46669 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVE-2022-27376 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially c
CVE-2022-27377 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via special
CVE-2022-27378 An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service
CVE-2022-27379 An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial
CVE-2022-27380 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (D
CVE-2022-27381 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) v
CVE-2022-27382 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
CVE-2022-27383 MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially craf
CVE-2022-27384 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Deni
CVE-2022-27386 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
CVE-2022-27387 MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially
CVE-2022-27444 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
CVE-2022-27445 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
CVE-2022-27446 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
CVE-2022-27447 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27448 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27449 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2022-27451 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
CVE-2022-27452 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27455 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
CVE-2022-27456 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27457 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVE-2022-27458 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-32085 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32086 MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32087 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVE-2022-32088 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/fil

Version: 1:10.6.7-2ubuntu1.1 2022-07-13 01:07:12 UTC

  mariadb-10.6 (1:10.6.7-2ubuntu1.1) jammy; urgency=medium

  * d/rules: disable LTO on Ubuntu so a low MEMLOCK_LIMIT can be
    properly caught and dealt with (LP: #1970634)

 -- Andreas Hasenack <email address hidden> Fri, 17 Jun 2022 10:03:50 -0300

1970634 FTBFS: mariadb fails to start due to low MEMLOCK limit



About   -   Send Feedback to @ubuntu_updates