Mageia alert MGASA-2022-0314 (mariadb)

From:
             
 
Mageia Updates <buildsystem-daemon@mageia.org>
To:
             
 
updates-announce@ml.mageia.org
Subject:
             
 
[updates-announce] MGASA-2022-0314: Updated mariadb packages fix security vulnerability
Date:
             
 
Mon, 29 Aug 2022 07:08:52 +0200
Message-ID:
             
 
<20220829050852.3F5849FB30@duvel.mageia.org>
Archive-link:
             
 
Article
MGASA-2022-0314 - Updated mariadb packages fix security vulnerability

Publication date: 29 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0314.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2018-25032,
     CVE-2022-32081,
     CVE-2022-32082,
     CVE-2022-32084,
     CVE-2022-32089,
     CVE-2022-32091

Description:
zlib before 1.2.12 allows memory corruption when deflating (i.e., when
compressing) if the input has many distant matches. (CVE-2018-25032)
A use-after-poison in prepare_inplace_add_virtual at
/storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)
An assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
(CVE-2022-32082)
Segmentation fault via the component sub_select. (CVE-2022-32084)
Segmentation fault via the component st_select_lex_unit::exclude_level.
(CVE-2022-32089)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30754
- https://mariadb.com/kb/en/mariadb-10517-release-notes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3...

SRPMS:
- 8/core/mariadb-10.5.17-1.mga8