Lucene search

K
suse
SuseSUSE-SU-2022:2561-1
HistoryJul 27, 2022 - 12:00 a.m.

Security update for mariadb (important)

2022-07-2700:00:00
lists.opensuse.org
39

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

An update that fixes 36 vulnerabilities, contains one
feature is now available.

Description:

This update for mariadb fixes the following issues:

  • Added mariadb-galera (jsc#SLE-22245)

Update to 10.6.8 (bsc#1199928):

  • CVE-2021-46669 (bsc#1199928)

  • CVE-2022-27376 (bsc#1198628)

  • CVE-2022-27377 (bsc#1198603)

  • CVE-2022-27378 (bsc#1198604)

  • CVE-2022-27379 (bsc#1198605)

  • CVE-2022-27380 (bsc#1198606)

  • CVE-2022-27381 (bsc#1198607)

  • CVE-2022-27382 (bsc#1198609)

  • CVE-2022-27383 (bsc#1198610)

  • CVE-2022-27384 (bsc#1198611)

  • CVE-2022-27386 (bsc#1198612)

  • CVE-2022-27387 (bsc#1198613)

  • CVE-2022-27444 (bsc#1198634)

  • CVE-2022-27445 (bsc#1198629)

  • CVE-2022-27446 (bsc#1198630)

  • CVE-2022-27447 (bsc#1198631)

  • CVE-2022-27448 (bsc#1198632)

  • CVE-2022-27449 (bsc#1198633)

  • CVE-2022-27451 (bsc#1198639)

  • CVE-2022-27452 (bsc#1198640)

  • CVE-2022-27455 (bsc#1198638)

  • CVE-2022-27456 (bsc#1198635)

  • CVE-2022-27457 (bsc#1198636)

  • CVE-2022-27458 (bsc#1198637)

  • The following issue is not affecting this package: CVE-2022-21427

Update to 10.6.7 (bsc#1196016):

  • CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668,
    CVE-2021-46663

Update to 10.6.6:

  • CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048,
    CVE-2021-46659 (bsc#1195339)

The following issues have been fixed already but didn’t have CVE
references:

  • CVE-2021-46658 (bsc#1195334)
  • CVE-2021-46657 (bsc#1195325)

Non security fixes:

  • Skip failing tests for s390x, fixes bsc#1195076

External refernences:

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-2561=1

  • SUSE Linux Enterprise Module for Server Applications 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2561=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.4noarch< - openSUSE Leap 15.4 (noarch):- openSUSE Leap 15.4 (noarch):.noarch.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4aarch64< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4ppc64le< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4s390x< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4x86_64< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4noarch< SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):.noarch.rpm
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for SUSE-SU-2022:2561-1