Lucene search

K
suse
SuseSUSE-SU-2022:3159-1
HistorySep 07, 2022 - 12:00 a.m.

Security update for mariadb (important)

2022-09-0700:00:00
lists.opensuse.org
14

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

An update that solves 10 vulnerabilities and has one errata
is now available.

Description:

This update for mariadb fixes the following issues:

  • Updated to 10.6.9:

    • CVE-2022-32082: Fixed a reachable assertion that would crash the
      server (bsc#1201162).
    • CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via
      a crafted query (bsc#1201169).
    • CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of
      generated column (bsc#1201161).
    • CVE-2022-32091: Fixed a memory corruption issue that could be
      triggered via a crafted query (bsc#1201170).
    • CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries
      (bsc#1201164).
  • Additionaly, the following issues were previously fixed:

    • CVE-2022-32088: Fixed a server crash when using ORDER BY with window
      function and UNION(bsc#1201168).
    • CVE-2022-32087: Fixed a segmentation fault that could be triggered via
      a crafted query (bsc#1201167).
    • CVE-2022-32086: Fixed a server crash on INSERT SELECT queries
      (bsc#1201166).
    • CVE-2022-32085: Fixed a segmentation fault that could be triggered via
      a crafted query (bsc#1201165).
    • CVE-2022-32083: Fixed a segmentation fault that could be triggered via
      a crafted query (bsc#1201163).

Bugfixes:

  • Update mysql-systemd-helper to be aware of custom group (bsc#1200105).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3159=1

  • SUSE Linux Enterprise Module for Server Applications 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3159=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.4noarch< - openSUSE Leap 15.4 (noarch):- openSUSE Leap 15.4 (noarch):.noarch.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4aarch64< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4ppc64le< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4s390x< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4x86_64< SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
SUSE Linux Enterprise Module for Server Applications 15SP4noarch< SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):.noarch.rpm
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for SUSE-SU-2022:3159-1