An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1587 Final 1.0 1.0 2022-03-19 Initial 2022-03-19 2022-03-19 openEuler SA Tool V1.0 2022-03-19 mariadb security update An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities. MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases. Security Fix(es): MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.(CVE-2021-46669) MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).(CVE-2021-46661) MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.(CVE-2021-46667) MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.(CVE-2021-46666) MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.(CVE-2021-46662) MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.(CVE-2021-46663) MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.(CVE-2021-46665) MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.(CVE-2021-46664) MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.(CVE-2021-46659) get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.(CVE-2021-46657) An update for mariadb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High mariadb https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46669 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46661 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46667 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46666 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46662 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46663 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46665 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46664 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46659 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46657 https://nvd.nist.gov/vuln/detail/CVE-2021-46669 https://nvd.nist.gov/vuln/detail/CVE-2021-46661 https://nvd.nist.gov/vuln/detail/CVE-2021-46667 https://nvd.nist.gov/vuln/detail/CVE-2021-46666 https://nvd.nist.gov/vuln/detail/CVE-2021-46662 https://nvd.nist.gov/vuln/detail/CVE-2021-46663 https://nvd.nist.gov/vuln/detail/CVE-2021-46665 https://nvd.nist.gov/vuln/detail/CVE-2021-46664 https://nvd.nist.gov/vuln/detail/CVE-2021-46659 https://nvd.nist.gov/vuln/detail/CVE-2021-46657 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm mariadb-backup-10.3.34-1.oe1.aarch64.rpm mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm mariadb-common-10.3.34-1.oe1.aarch64.rpm mariadb-10.3.34-1.oe1.aarch64.rpm mariadb-server-10.3.34-1.oe1.aarch64.rpm mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm mariadb-test-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-10.3.34-1.oe1.aarch64.rpm mariadb-devel-10.3.34-1.oe1.aarch64.rpm mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm mariadb-common-10.3.34-1.oe1.aarch64.rpm mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm mariadb-backup-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-10.3.34-1.oe1.aarch64.rpm mariadb-test-10.3.34-1.oe1.aarch64.rpm mariadb-server-10.3.34-1.oe1.aarch64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm mariadb-10.3.34-1.oe1.aarch64.rpm mariadb-devel-10.3.34-1.oe1.aarch64.rpm mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm mariadb-10.3.34-1.oe1.aarch64.rpm mariadb-cracklib-10.3.34-1.oe1.aarch64.rpm mariadb-common-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-devel-10.3.34-1.oe1.aarch64.rpm mariadb-test-10.3.34-1.oe1.aarch64.rpm mariadb-server-10.3.34-1.oe1.aarch64.rpm mariadb-devel-10.3.34-1.oe1.aarch64.rpm mariadb-server-galera-10.3.34-1.oe1.aarch64.rpm mariadb-embedded-10.3.34-1.oe1.aarch64.rpm mariadb-backup-10.3.34-1.oe1.aarch64.rpm mariadb-gssapi-server-10.3.34-1.oe1.aarch64.rpm mariadb-errmessage-10.3.34-1.oe1.aarch64.rpm mariadb-debugsource-10.3.34-1.oe1.aarch64.rpm mariadb-debuginfo-10.3.34-1.oe1.aarch64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.aarch64.rpm mariadb-10.5.15-2.oe2203.aarch64.rpm mariadb-config-10.5.15-2.oe2203.aarch64.rpm mariadb-common-10.5.15-2.oe2203.aarch64.rpm mariadb-embedded-devel-10.5.15-2.oe2203.aarch64.rpm mariadb-test-10.5.15-2.oe2203.aarch64.rpm mariadb-server-10.5.15-2.oe2203.aarch64.rpm mariadb-devel-10.5.15-2.oe2203.aarch64.rpm mariadb-server-galera-10.5.15-2.oe2203.aarch64.rpm mariadb-embedded-10.5.15-2.oe2203.aarch64.rpm mariadb-backup-10.5.15-2.oe2203.aarch64.rpm mariadb-gssapi-server-10.5.15-2.oe2203.aarch64.rpm mariadb-errmsg-10.5.15-2.oe2203.aarch64.rpm mariadb-debugsource-10.5.15-2.oe2203.aarch64.rpm mariadb-debuginfo-10.5.15-2.oe2203.aarch64.rpm mariadb-oqgraph-engine-10.5.15-2.oe2203.aarch64.rpm mariadb-pam-10.5.15-2.oe2203.aarch64.rpm mariadb-rocksdb-engine-10.5.15-2.oe2203.aarch64.rpm mariadb-server-uitls-10.5.15-2.oe2203.aarch64.rpm mariadb-10.3.34-1.oe1.src.rpm mariadb-10.3.34-1.oe1.src.rpm mariadb-10.3.34-1.oe1.src.rpm mariadb-10.5.15-2.oe2203.src.rpm mariadb-10.3.34-1.oe1.x86_64.rpm mariadb-backup-10.3.34-1.oe1.x86_64.rpm mariadb-test-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-10.3.34-1.oe1.x86_64.rpm mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm mariadb-devel-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm mariadb-common-10.3.34-1.oe1.x86_64.rpm mariadb-server-10.3.34-1.oe1.x86_64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm mariadb-devel-10.3.34-1.oe1.x86_64.rpm mariadb-common-10.3.34-1.oe1.x86_64.rpm mariadb-10.3.34-1.oe1.x86_64.rpm mariadb-test-10.3.34-1.oe1.x86_64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm mariadb-server-10.3.34-1.oe1.x86_64.rpm mariadb-backup-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.3.34-1.oe1.x86_64.rpm mariadb-common-10.3.34-1.oe1.x86_64.rpm mariadb-backup-10.3.34-1.oe1.x86_64.rpm mariadb-debugsource-10.3.34-1.oe1.x86_64.rpm mariadb-debuginfo-10.3.34-1.oe1.x86_64.rpm mariadb-devel-10.3.34-1.oe1.x86_64.rpm mariadb-errmessage-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-10.3.34-1.oe1.x86_64.rpm mariadb-oqgraph-engine-10.3.34-1.oe1.x86_64.rpm mariadb-embedded-devel-10.3.34-1.oe1.x86_64.rpm mariadb-cracklib-10.3.34-1.oe1.x86_64.rpm mariadb-server-galera-10.3.34-1.oe1.x86_64.rpm mariadb-server-10.3.34-1.oe1.x86_64.rpm mariadb-test-10.3.34-1.oe1.x86_64.rpm mariadb-10.3.34-1.oe1.x86_64.rpm mariadb-gssapi-server-10.5.15-2.oe1.x86_64.rpm mariadb-common-10.5.15-2.oe1.x86_64.rpm mariadb-backup-10.5.15-2.oe1.x86_64.rpm mariadb-debugsource-10.5.15-2.oe1.x86_64.rpm mariadb-debuginfo-10.5.15-2.oe1.x86_64.rpm mariadb-devel-10.5.15-2.oe1.x86_64.rpm mariadb-errmsg-10.5.15-2.oe1.x86_64.rpm mariadb-embedded-10.5.15-2.oe1.x86_64.rpm mariadb-oqgraph-engine-10.5.15-2.oe1.x86_64.rpm mariadb-embedded-devel-10.5.15-2.oe1.x86_64.rpm mariadb-config-10.5.15-2.oe1.x86_64.rpm mariadb-server-galera-10.5.15-2.oe1.x86_64.rpm mariadb-server-10.5.15-2.oe1.x86_64.rpm mariadb-test-10.5.15-2.oe1.x86_64.rpm mariadb-10.5.15-2.oe1.x86_64.rpm mariadb-pam-10.5.15-2.oe1.x86_64.rpm mariadb-server-utils-10.5.15-2.oe1.x86_64.rpm MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. 2022-03-19 CVE-2021-46669 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). 2022-03-19 CVE-2021-46661 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. 2022-03-19 CVE-2021-46667 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. 2022-03-19 CVE-2021-46666 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. 2022-03-19 CVE-2021-46662 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. 2022-03-19 CVE-2021-46663 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. 2022-03-19 CVE-2021-46665 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. 2022-03-19 CVE-2021-46664 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. 2022-03-19 CVE-2021-46659 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587 get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. 2022-03-19 CVE-2021-46657 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mariadb security update 2022-03-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1587