Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3391-1 Final 1 1 2022-09-26T13:06:16Z current 2022-09-26T13:06:16Z 2022-09-26T13:06:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: Update to 10.5.17: - CVE-2022-32082: Fixed assertion failure at table->get_ref_count() == 0 in dict0dict.cc (bsc#1201162). - CVE-2022-32089: Fixed segmentation fault via the component st_select_lex_unit::exclude_level (bsc#1201169). - CVE-2022-32081: Fixed use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc (bsc#1201161). - CVE-2022-32091: Fixed use-after-poison in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc (bsc#1201170). - CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). - CVE-2022-38791: Fixed deadlock in compress_write in extra/mariabackup/ds_compress.cc (bsc#1202863). - CVE-2022-32088: Fixed segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (bsc#1201168). - CVE-2022-32087: Fixed segmentation fault via the component Item_args::walk_args (bsc#1201167). - CVE-2022-32086: Fixed segmentation fault via the component Item_field::fix_outer_field (bsc#1201166). - CVE-2022-32085: Fixed segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor (bsc#1201165). - CVE-2022-32083: Fixed segmentation fault via the component Item_subselect::init_expr_cache_tracker (bsc#1201163). Bugfixes: - Fixed mysql-systemd-helper being unaware of custom group (bsc#1200105). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3391,SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3391,SUSE-SLE-Module-Server-Applications-15-SP3-2022-3391,openSUSE-SLE-15.3-2022-3391 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ Link for SUSE-SU-2022:3391-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012373.html E-Mail link for SUSE-SU-2022:3391-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1200105 SUSE Bug 1200105 https://bugzilla.suse.com/1201161 SUSE Bug 1201161 https://bugzilla.suse.com/1201162 SUSE Bug 1201162 https://bugzilla.suse.com/1201163 SUSE Bug 1201163 https://bugzilla.suse.com/1201164 SUSE Bug 1201164 https://bugzilla.suse.com/1201165 SUSE Bug 1201165 https://bugzilla.suse.com/1201166 SUSE Bug 1201166 https://bugzilla.suse.com/1201167 SUSE Bug 1201167 https://bugzilla.suse.com/1201168 SUSE Bug 1201168 https://bugzilla.suse.com/1201169 SUSE Bug 1201169 https://bugzilla.suse.com/1201170 SUSE Bug 1201170 https://bugzilla.suse.com/1202863 SUSE Bug 1202863 https://www.suse.com/security/cve/CVE-2022-32081/ SUSE CVE CVE-2022-32081 page https://www.suse.com/security/cve/CVE-2022-32082/ SUSE CVE CVE-2022-32082 page https://www.suse.com/security/cve/CVE-2022-32083/ SUSE CVE CVE-2022-32083 page https://www.suse.com/security/cve/CVE-2022-32084/ SUSE CVE CVE-2022-32084 page https://www.suse.com/security/cve/CVE-2022-32085/ SUSE CVE CVE-2022-32085 page https://www.suse.com/security/cve/CVE-2022-32086/ SUSE CVE CVE-2022-32086 page https://www.suse.com/security/cve/CVE-2022-32087/ SUSE CVE CVE-2022-32087 page https://www.suse.com/security/cve/CVE-2022-32088/ SUSE CVE CVE-2022-32088 page https://www.suse.com/security/cve/CVE-2022-32089/ SUSE CVE CVE-2022-32089 page https://www.suse.com/security/cve/CVE-2022-32091/ SUSE CVE CVE-2022-32091 page https://www.suse.com/security/cve/CVE-2022-38791/ SUSE CVE CVE-2022-38791 page SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 openSUSE Leap 15.3 libmariadbd-devel-10.5.17-150300.3.21.1 libmariadbd19-10.5.17-150300.3.21.1 mariadb-10.5.17-150300.3.21.1 mariadb-bench-10.5.17-150300.3.21.1 mariadb-client-10.5.17-150300.3.21.1 mariadb-errormessages-10.5.17-150300.3.21.1 mariadb-galera-10.5.17-150300.3.21.1 mariadb-rpm-macros-10.5.17-150300.3.21.1 mariadb-test-10.5.17-150300.3.21.1 mariadb-tools-10.5.17-150300.3.21.1 mariadb-galera-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP3 libmariadbd-devel-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libmariadbd19-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 mariadb-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 mariadb-client-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 mariadb-errormessages-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 mariadb-tools-10.5.17-150300.3.21.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libmariadbd-devel-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 libmariadbd19-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-bench-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-client-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-errormessages-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-rpm-macros-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-test-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 mariadb-tools-10.5.17-150300.3.21.1 as a component of openSUSE Leap 15.3 MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32081 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32081.html CVE-2022-32081 https://bugzilla.suse.com/1201161 SUSE Bug 1201161 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. CVE-2022-32082 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32082.html CVE-2022-32082 https://bugzilla.suse.com/1201162 SUSE Bug 1201162 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. CVE-2022-32083 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32083.html CVE-2022-32083 https://bugzilla.suse.com/1201163 SUSE Bug 1201163 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. CVE-2022-32084 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32084.html CVE-2022-32084 https://bugzilla.suse.com/1201164 SUSE Bug 1201164 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. CVE-2022-32085 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32085.html CVE-2022-32085 https://bugzilla.suse.com/1201165 SUSE Bug 1201165 MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. CVE-2022-32086 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32086.html CVE-2022-32086 https://bugzilla.suse.com/1201166 SUSE Bug 1201166 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. CVE-2022-32087 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32087.html CVE-2022-32087 https://bugzilla.suse.com/1201167 SUSE Bug 1201167 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. CVE-2022-32088 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32088.html CVE-2022-32088 https://bugzilla.suse.com/1201168 SUSE Bug 1201168 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. CVE-2022-32089 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32089.html CVE-2022-32089 https://bugzilla.suse.com/1201169 SUSE Bug 1201169 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. CVE-2022-32091 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-32091.html CVE-2022-32091 https://bugzilla.suse.com/1201170 SUSE Bug 1201170 In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. CVE-2022-38791 SUSE Linux Enterprise Module for Package Hub 15 SP3:mariadb-galera-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd-devel-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libmariadbd19-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-client-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-errormessages-10.5.17-150300.3.21.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:mariadb-tools-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd-devel-10.5.17-150300.3.21.1 openSUSE Leap 15.3:libmariadbd19-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-bench-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-client-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-errormessages-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-rpm-macros-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-test-10.5.17-150300.3.21.1 openSUSE Leap 15.3:mariadb-tools-10.5.17-150300.3.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/ https://www.suse.com/security/cve/CVE-2022-38791.html CVE-2022-38791 https://bugzilla.suse.com/1202863 SUSE Bug 1202863