An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1619 Final 1.0 1.0 2022-04-29 Initial 2022-04-29 2022-04-29 openEuler SA Tool V1.0 2022-04-29 mariadb security update An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities. Security Fix(es): MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.(CVE-2022-24052) An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High mariadb https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1619 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24052 https://nvd.nist.gov/vuln/detail/CVE-2022-24052 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS mariadb-common-10.3.34-1.oe1.aarch64.rpm mariadb-server-10.3.34-1.oe1.aarch64.rpm mariadb-10.3.34-1.oe1.aarch64.rpm mariadb-devel-10.3.34-1.oe1.aarch64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm mariadb-backup-10.3.34-1.oe1.aarch64.rpm mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-10.3.34-1.oe1.aarch64.rpm mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm mariadb-test-10.3.34-1.oe1.aarch64.rpm mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm mariadb-common-10.3.34-1.oe1.aarch64.rpm mariadb-server-10.3.34-1.oe1.aarch64.rpm mariadb-10.3.34-1.oe1.aarch64.rpm mariadb-devel-10.3.34-1.oe1.aarch64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm mariadb-backup-10.3.34-1.oe1.aarch64.rpm mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-10.3.34-1.oe1.aarch64.rpm mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm mariadb-test-10.3.34-1.oe1.aarch64.rpm mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm mariadb-common-10.3.34-1.oe1.aarch64.rpm mariadb-server-10.3.34-1.oe1.aarch64.rpm mariadb-10.3.34-1.oe1.aarch64.rpm mariadb-devel-10.3.34-1.oe1.aarch64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm mariadb-backup-10.3.34-1.oe1.aarch64.rpm mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-10.3.34-1.oe1.aarch64.rpm mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm mariadb-test-10.3.34-1.oe1.aarch64.rpm mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm mariadb-10.5.15-2.oe2203.aarch64.rpm mariadb-config-10.5.15-2.oe2203.aarch64.rpm mariadb-common-10.5.15-2.oe2203.aarch64.rpm mariadb-embedded-devel-10.5.15-2.oe2203.aarch64.rpm mariadb-test-10.5.15-2.oe2203.aarch64.rpm mariadb-server-10.5.15-2.oe2203.aarch64.rpm mariadb-devel-10.5.15-2.oe2203.aarch64.rpm mariadb-server-galera-10.5.15-2.oe2203.aarch64.rpm mariadb-embedded-10.5.15-2.oe2203.aarch64.rpm mariadb-backup-10.5.15-2.oe2203.aarch64.rpm mariadb-gssapi-server-10.5.15-2.oe2203.aarch64.rpm mariadb-errmsg-10.5.15-2.oe2203.aarch64.rpm mariadb-debugsource-10.5.15-2.oe2203.aarch64.rpm mariadb-debuginfo-10.5.15-2.oe2203.aarch64.rpm mariadb-oqgraph-engine-10.5.15-2.oe2203.aarch64.rpm mariadb-pam-10.5.15-2.oe2203.aarch64.rpm mariadb-rocksdb-engine-10.5.15-2.oe2203.aarch64.rpm mariadb-server-utils-10.5.15-2.oe2203.aarch64.rpm mariadb-10.3.34-1.oe1.src.rpm mariadb-10.3.34-1.oe1.src.rpm mariadb-10.3.34-1.oe1.src.rpm mariadb-10.5.15-2.oe2203.src.rpm mariadb-devel-10.3.34-1.oe1.x86_64.rpm mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm mariadb-test-10.3.34-1.oe1.x86_64.rpm mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-10.3.34-1.oe1.x86_64.rpm mariadb-backup-10.3.34-1.oe1.x86_64.rpm mariadb-10.3.34-1.oe1.x86_64.rpm mariadb-common-10.3.34-1.oe1.x86_64.rpm mariadb-server-10.3.34-1.oe1.x86_64.rpm mariadb-devel-10.3.34-1.oe1.x86_64.rpm mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm mariadb-test-10.3.34-1.oe1.x86_64.rpm mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-10.3.34-1.oe1.x86_64.rpm mariadb-backup-10.3.34-1.oe1.x86_64.rpm mariadb-10.3.34-1.oe1.x86_64.rpm mariadb-common-10.3.34-1.oe1.x86_64.rpm mariadb-server-10.3.34-1.oe1.x86_64.rpm mariadb-devel-10.3.34-1.oe1.x86_64.rpm mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm mariadb-test-10.3.34-1.oe1.x86_64.rpm mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-10.3.34-1.oe1.x86_64.rpm mariadb-backup-10.3.34-1.oe1.x86_64.rpm mariadb-10.3.34-1.oe1.x86_64.rpm mariadb-common-10.3.34-1.oe1.x86_64.rpm mariadb-server-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.5.15-2.oe2203.x86_64.rpm mariadb-common-10.5.15-2.oe2203.x86_64.rpm mariadb-backup-10.5.15-2.oe2203.x86_64.rpm mariadb-debugsource-10.5.15-2.oe2203.x86_64.rpm mariadb-debuginfo-10.5.15-2.oe2203.x86_64.rpm mariadb-devel-10.5.15-2.oe2203.x86_64.rpm mariadb-errmsg-10.5.15-2.oe2203.x86_64.rpm mariadb-embedded-10.5.15-2.oe2203.x86_64.rpm mariadb-oqgraph-engine-10.5.15-2.oe2203.x86_64.rpm mariadb-embedded-devel-10.5.15-2.oe2203.x86_64.rpm mariadb-config-10.5.15-2.oe2203.x86_64.rpm mariadb-server-galera-10.5.15-2.oe2203.x86_64.rpm mariadb-server-10.5.15-2.oe2203.x86_64.rpm mariadb-test-10.5.15-2.oe2203.x86_64.rpm mariadb-10.5.15-2.oe2203.x86_64.rpm mariadb-pam-10.5.15-2.oe2203.x86_64.rpm mariadb-server-utils-10.5.15-2.oe2203.x86_64.rpm MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. 2022-04-29 CVE-2022-24052 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H mariadb security update 2022-04-29 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1619