Bastien Roucariès authored Oct 29, 2024 and Otto Kekäläinen committed Nov 17, 2024

mariadb-10.1 (10.1.48-0+deb9u5) stretch-security; urgency=medium

  * Non-maintainer upload by the ELTS Security Team.
  * Fix CVE-2022-31621: A Denial of Service (Dos) was found.
    In extra/mariabackup/ds_xbstream.cc, when an error
    occurs (stream_ctxt->dest_file == NULL) while executing
    the method xbstream_open, the held lock is not released
    correctly, which allows local users to trigger a denial
    of service due to the deadlock.
  * Fix CVE-2022-31623: In extra/mariabackup/ds_compress.cc,
    when an error occurs (i.e., going to the err label) while executing
    the method create_worker_threads, the held lock thd->ctrl_mutex
    is not released correctly, which allows local users to trigger
    a denial of service (DoS) due to the deadlock.
  * Fix CVE-2022-31624: While executing
    the plugin/server_audit/server_audit.c method log_statement_ex,
    the held lock lock_bigbuffer is not released correctly,
    which allows local users to trigger a denial of service (DoS)
    due to the deadlock.
  * Fix CVE-2022-47015: MariaDB was affected by Denial of Service (DoS).
    It is possible for function spider_db_mbase::print_warnings to
    dereference a null pointer.
  * Fix CVE-2024-21096: A difficult to exploit
    vulnerability allows unauthenticated attacker with logon
    to the infrastructure where MariaDB Server
    executes to compromise MariaDB Server.
    Successful attacks of this vulnerability can result in
    unauthorized update, insert or delete access to some of
    MariaDB Server accessible data as well as unauthorized
    read access to a subset of MariaDB Server accessible
    data and unauthorized ability to cause a partial
    denial of service (partial DoS)

Bastien Roucariès authored Aug 28, 2024 and Otto Kekäläinen committed Nov 17, 2024

mariadb-10.1 (10.1.48-0+deb9u4) stretch-security; urgency=medium

  * Non-maintainer upload by the ELTS Security Team.

  [Roberto C. Sánchez]

  * Fix CVE-2021-46659: an application crash existed because MariaDB does
    not recognize that SELECT_LEX::nest_level is local to each VIEW

  [Bastien Roucariès]

  * Fix CVE-2022-21427: An Easily exploitable vulnerability allowed high
    privileged attacker with network access via multiple protocols
    to compromise MariaDB Server. Successful attacks of this vulnerability
    can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS). Certain UTF8 combining
    marks cause MariaDB to crash when doing Full-Text searches.
  * Fix CVE-2022-24048, CVE-2022-24051, CVE-2022-24052:
    MariaDB CONNECT Storage Engine Stack-based Buffer
    Overflow Privilege Escalation Vulnerability. This vulnerability allows
    local attackers to escalate privileges on affected installations
    of MariaDB. Authentication is required to exploit this vulnerability.
    The specific flaw exists within the processing of SQL queries.
    The issue results from the lack of proper validation of the length
    of user-supplied data prior to copying it to a fixed-length stack-based
    buffer. An attacker can leverage this vulnerability to escalate
    privileges and execute arbitrary code in the context of the
    service account.
    Concerned storage Engine were JSON, XML, MYSQL.
  * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free
    Privilege Escalation Vulnerability. This vulnerability allows local
    attackers to escalate privileges on affected installations of MariaDB.
    Authentication is required to exploit this vulnerability.
    The specific flaw exists within the processing of SQL queries.
    The issue results from the lack of validating the existence of an object
    prior to performing operations on the object.
    An attacker can leverage this vulnerability to escalate privileges and
    execute arbitrary code in the context of the service account.
  * CVE-2022-27380: An issue in the component my_decimal::operator=
    of MariaDB Server was discovered to allow attackers to cause
    a Denial of Service (DoS) via specially crafted SQL statements.
  * CVE-2022-27383:  An use-after-free was found in the component
    my_strcasecmp_8bit, which is exploited via specially crafted
    SQL statements.
  * Fix CVE-2022-27384, CVE-2022-32083 An issue in the component
    Item_subselect::init_expr_cache_tracker allow attackers to cause
    a Denial of Service (DoS) via specially crafted SQL statements.
  * Fix CVE-2022-27387: a global buffer overflow in the component
    decimal_bin_size was found, which is exploited via specially
    crafted SQL statements.
  * Fix CVE-2022-27448: There is an Assertion failure via
    'node->pcur->rel_pos == BTR_PCUR_ON'. This could lead to a
    crash in multi-update and implicit grouping
  * Fix CVE-2022-31622: Fix a Denial of Service. When an error occurs
    (pthread_create returns a nonzero value) while executing the
    method create_worker_threads, the held lock is not released
    correctly, which allows local users to trigger a denial
    of service due to the deadlock

Bastien Roucariès authored Sep 03, 2024 and Otto Kekäläinen committed Nov 17, 2024

mariadb-10.1 (10.1.48-0+deb9u3) stretch-security; urgency=medium

  * Non-maintainer upload by the ELTS Security Team.
  * Use ELTS CI.
  * Fix CVE-2021-2154: An Easily exploitable vulnerability allowed
    high privileged attacker with network access via multiple
    protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result
    in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS). The  UDF_INIT() function
    caused a crash.
  * Fix CVE-2021-2166: An Easily exploitable vulnerability allowed
    high privileged attacker with network access via multiple
    protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result
    in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS). Plugin variables in SET
    were not correctly locked.
  * Fix CVE-2021-2194: An Easily exploitable vulnerability allowed
    high privileged attacker with network access via multiple
    protocols to compromise MySQL Server. Successful attacks of
    this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS).
    In Full-text phrase search, MariaDB filter out row that
    do not contain all the tokens in the phrase.
    If MariaDB do not filter out doc_id that doesn't appear in all the
    token's doc_id lists then hit an assert.
  * Fix CVE-2021-2389: An Easily exploitable vulnerability allowed
    high privileged attacker with network access via multiple
    protocols to compromise MySQL Server. Successful attacks of
    this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS).
    Server throws OOM error when we execute twitter load with SELECTs
    for UPDATE + UPDATES, and SELECT queries on tables with full-text
    index.
  * Fix CVE-2021-46657: get_sort_by_table in MariaDB allowed an
    application crash via certain subquery uses of ORDER BY.
  * Fix CVE-2021-46661: MariaDB allowed an application crash
    in find_field_in_tables and find_order_in_list
    via an unused common table expression (CTE).
  * Fix CVE-2021-46663: MariaDB allowed a ha_maria::extra application
    crash via certain SELECT statements.
  * Fix CVE-2021-46664: MariaDB crashed in sub_select_postjoin_aggr
    for a NULL value of aggr.
  * Fix CVE-2021-46665: MariaDB crashed because of
    incorrect used_tables expectations.
  * Fix CVE-2021-46666: MariaDB crashed because of mishandling
    of a pushdown from a HAVING clause to a WHERE clause.
  * Fix CVE-2021-46667: MariadDB was vulnerable due to a sql_lex.cc
    integer overflow, leading to an application crash.
  * Fix CVE-2021-46668: MariaDB crashed via certain long
    SELECT DISTINCT statements that improperly interact with
    storage-engine resource limitations for temporary data structures.
  * Fix CVE-2021-46669: MariaDB allowed attackers to trigger a
    convert_const_to_int use-after-free when the BIGINT data type is used.

Update to upstream version '10.1.48'
with Debian dir 9206a6fb1951731a2dc8333d4e43f25d3165e7a5

The salsa-ci.yml contains references to files that when changed "upstream"
mandate changes downstream so that the pipelines will work again.

include:
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml

Update to upstream version '10.1.47'
with Debian dir 4f67c6446cb4f6cff0f77d32fab40887cdef02f7

Update to upstream version '10.1.45'
with Debian dir f3522750297ee14fc7d5f3fe329224a1518fdee2

Upstream version 10.1.44

Update to upstream version '10.1.43'
with Debian dir 28389ca77b08944a509cfe5ff31c476bd7929c73

Salsa-CI changed the path names of .ccache and thus MariaDB builds stopped
working as the file size of the artifact directory with .ccache included
was way over limits. These changes put the .ccache directory in the correct
place and slims down the amount of total artifacts.

This has no functional changes to the Gitlab-CI test run in MariaDB, this
is purely to satisfy the gitlab-ci.yml linter.

Update to upstream version '10.1.41'
with Debian dir ab22fd6ba200522d2bda2b45f0d98a2684b1cf39

- Update lintian stage with new Salsa-CI code
  Copied from
  salsa-ci-team/pipeline@aa99acdb

- Stop sending stats to non-responsive server prittiau.debian.net
  Fixes error:
   curl: (7) Failed to connect to prittiau.debian.net port 443:
   Connection timed out

Update to upstream version '10.1.40'
with Debian dir 15cc3e72f57cb6e256589bbd093000a8153d41c0

Update to upstream version '10.1.39'
with Debian dir b02cce09df65b5e8c30006c7cfbae4ad19f48522

Also skip unstable rpl tests, as is also done in mariadb-10.3 packaging.

By default the policy-rc.d exits with code 101 and prevents from services
inside Docker to start with the rationale that it is not needed as the
services will not run by default when a Docker container is started
anyway, but we want the mysql/mariadb service to run so that we can
simulate real install/upgrade scenarios.