Security update for mariadb (important)

An update that solves 10 vulnerabilities and has one errata
is now available.

Description:

This update for mariadb fixes the following issues:

• Updated to 10.6.9:

  • CVE-2022-32082: Fixed a reachable assertion that would crash the
    server (bsc#1201162).
  • CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via
    a crafted query (bsc#1201169).
  • CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of
    generated column (bsc#1201161).
  • CVE-2022-32091: Fixed a memory corruption issue that could be
    triggered via a crafted query (bsc#1201170).
  • CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries
    (bsc#1201164).

• Additionaly, the following issues were previously fixed:

  • CVE-2022-32088: Fixed a server crash when using ORDER BY with window
    function and UNION(bsc#1201168).
  • CVE-2022-32087: Fixed a segmentation fault that could be triggered via
    a crafted query (bsc#1201167).
  • CVE-2022-32086: Fixed a server crash on INSERT SELECT queries
    (bsc#1201166).
  • CVE-2022-32085: Fixed a segmentation fault that could be triggered via
    a crafted query (bsc#1201165).
  • CVE-2022-32083: Fixed a segmentation fault that could be triggered via
    a crafted query (bsc#1201163).

Bugfixes:

• Update mysql-systemd-helper to be aware of custom group (bsc#1200105).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4:

  zypper in -t patch openSUSE-SLE-15.4-2022-3159=1

• SUSE Linux Enterprise Module for Server Applications 15-SP4:

  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3159=1