RHEL 7 : rh-mariadb103-mariadb (RHSA-2022:1010)


The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1010 advisory. - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166) - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389) - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604) - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657) - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658) - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662) - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666) - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667) - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451) - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385) - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621) - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c (CVE-2022-31624) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.