From bf74719bccd0d8d9c895ad7493fcd0398399e5fe Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Thu, 2 May 2024 15:02:15 +0000 Subject: [PATCH] ALT Vulnerability --- oval/c9f2/ALT-PU-2023-1583/definitions.json | 7 +- oval/p10/ALT-PU-2022-2446/definitions.json | 7 +- oval/p10/ALT-PU-2024-7114/definitions.json | 106 ++++++++++++++++ oval/p10/ALT-PU-2024-7114/objects.json | 34 +++++ oval/p10/ALT-PU-2024-7114/states.json | 23 ++++ oval/p10/ALT-PU-2024-7114/tests.json | 30 +++++ oval/p10/ALT-PU-2024-7301/definitions.json | 105 ++++++++++++++++ oval/p10/ALT-PU-2024-7301/objects.json | 40 ++++++ oval/p10/ALT-PU-2024-7301/states.json | 23 ++++ oval/p10/ALT-PU-2024-7301/tests.json | 42 +++++++ oval/p10/ALT-PU-2024-7305/definitions.json | 131 ++++++++++++++++++++ oval/p10/ALT-PU-2024-7305/objects.json | 52 ++++++++ oval/p10/ALT-PU-2024-7305/states.json | 23 ++++ oval/p10/ALT-PU-2024-7305/tests.json | 66 ++++++++++ oval/p9/ALT-PU-2023-6462/definitions.json | 7 +- 15 files changed, 681 insertions(+), 15 deletions(-) create mode 100644 oval/p10/ALT-PU-2024-7114/definitions.json create mode 100644 oval/p10/ALT-PU-2024-7114/objects.json create mode 100644 oval/p10/ALT-PU-2024-7114/states.json create mode 100644 oval/p10/ALT-PU-2024-7114/tests.json create mode 100644 oval/p10/ALT-PU-2024-7301/definitions.json create mode 100644 oval/p10/ALT-PU-2024-7301/objects.json create mode 100644 oval/p10/ALT-PU-2024-7301/states.json create mode 100644 oval/p10/ALT-PU-2024-7301/tests.json create mode 100644 oval/p10/ALT-PU-2024-7305/definitions.json create mode 100644 oval/p10/ALT-PU-2024-7305/objects.json create mode 100644 oval/p10/ALT-PU-2024-7305/states.json create mode 100644 oval/p10/ALT-PU-2024-7305/tests.json diff --git a/oval/c9f2/ALT-PU-2023-1583/definitions.json b/oval/c9f2/ALT-PU-2023-1583/definitions.json index 20f231a43d..1569c0813f 100644 --- a/oval/c9f2/ALT-PU-2023-1583/definitions.json +++ b/oval/c9f2/ALT-PU-2023-1583/definitions.json @@ -570,7 +570,7 @@ "Source": "CVE" } ], - "Description": "This update upgrades mariadb to version 10.6.9-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00903: Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01074: Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01315: Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01641: Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01832: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01851: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02593: Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02594: Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02595: Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02805: Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение\n\n * BDU:2022-03726: Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03789: Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03790: Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03791: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03792: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04064: Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04068: Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04075: Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04076: Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04078: Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04079: Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации\n\n * BDU:2022-04080: Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04082: Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04087: Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-05553: Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05677: Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2022-05691: Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05704: Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05710: Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05712: Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05752: Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05755: Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05757: Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06420: Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06894: Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06904: Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06906: Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06907: Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06909: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06910: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06913: Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06914: Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06915: Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06916: Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06919: Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06922: Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06923: Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06924: Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06927: Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n * CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-35604: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2021-46658: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.\n\n * CVE-2021-46659: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.\n\n * CVE-2021-46661: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).\n\n * CVE-2021-46662: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.\n\n * CVE-2021-46663: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n\n * CVE-2021-46664: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n\n * CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.\n\n * CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.\n\n * CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n\n * CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.\n\n * CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\n\n * CVE-2022-21427: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21595: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n\n * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.\n\n * CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.\n\n * CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n\n * CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.\n\n * CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.\n\n * CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.\n\n * CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.\n\n * CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.\n\n * CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node-\u003epcur-\u003erel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.\n\n * CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.\n\n * CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.\n\n * CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.\n\n * CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.\n\n * CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.\n\n * CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.\n\n * CVE-2022-27458: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-31621: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31622: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31623: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u003ectrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31624: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.\n\n * CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.\n\n * CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.\n\n * CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n\n * CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.\n\n * CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.\n\n * CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.\n\n * CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.\n\n * CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.\n\n * CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.\n\n * CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n * #35242: mysql.lib: CopyLibs: invalid or missing DESTDIR specified\n\n * #41295: без пакета mariadb-pam пакет mariadb-server нерабочий\n\n * #42774: Зависит от libmariadb-devel", + "Description": "This update upgrades mariadb to version 10.6.9-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00903: Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01074: Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01315: Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01641: Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01832: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01851: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02593: Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02594: Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02595: Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02805: Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение\n\n * BDU:2022-03726: Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03789: Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03790: Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03791: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03792: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04064: Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04068: Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04075: Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04076: Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04078: Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04079: Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации\n\n * BDU:2022-04080: Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04082: Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04087: Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-05553: Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05677: Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2022-05691: Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05704: Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05710: Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05712: Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05752: Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05755: Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05757: Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06420: Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06894: Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06904: Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06906: Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06907: Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06909: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06910: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06913: Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06914: Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06915: Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06916: Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06919: Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06922: Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06923: Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06924: Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06927: Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n * CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-35604: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2021-46658: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.\n\n * CVE-2021-46659: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.\n\n * CVE-2021-46661: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).\n\n * CVE-2021-46662: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.\n\n * CVE-2021-46663: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n\n * CVE-2021-46664: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n\n * CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.\n\n * CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.\n\n * CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n\n * CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.\n\n * CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\n\n * CVE-2022-21427: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21595: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n\n * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.\n\n * CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.\n\n * CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n\n * CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.\n\n * CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.\n\n * CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.\n\n * CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.\n\n * CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.\n\n * CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node-\u003epcur-\u003erel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.\n\n * CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.\n\n * CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.\n\n * CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.\n\n * CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.\n\n * CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.\n\n * CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.\n\n * CVE-2022-27458: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate.\n\n * CVE-2022-31621: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31622: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31623: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u003ectrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31624: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.\n\n * CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.\n\n * CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.\n\n * CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n\n * CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.\n\n * CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.\n\n * CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.\n\n * CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.\n\n * CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.\n\n * CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.\n\n * CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n * #35242: mysql.lib: CopyLibs: invalid or missing DESTDIR specified\n\n * #41295: без пакета mariadb-pam пакет mariadb-server нерабочий\n\n * #42774: Зависит от libmariadb-devel", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", @@ -1422,11 +1422,8 @@ }, { "ID": "CVE-2022-27458", - "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-27458", - "Impact": "High", + "Impact": "None", "Public": "20220414" }, { diff --git a/oval/p10/ALT-PU-2022-2446/definitions.json b/oval/p10/ALT-PU-2022-2446/definitions.json index 6888c26ebc..91eb7e4969 100644 --- a/oval/p10/ALT-PU-2022-2446/definitions.json +++ b/oval/p10/ALT-PU-2022-2446/definitions.json @@ -575,7 +575,7 @@ "Source": "CVE" } ], - "Description": "This update upgrades mariadb to version 10.6.9-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00903: Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01074: Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01315: Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01641: Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01832: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01851: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02593: Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02594: Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02595: Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02805: Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение\n\n * BDU:2022-03726: Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03789: Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03790: Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03791: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03792: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04064: Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04068: Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04075: Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04076: Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04078: Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04079: Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации\n\n * BDU:2022-04080: Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04082: Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04087: Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-05553: Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05677: Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2022-05691: Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05704: Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05710: Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05712: Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05752: Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05755: Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05757: Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06420: Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06894: Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06904: Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06906: Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06907: Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06909: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06910: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06913: Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06914: Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06915: Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06916: Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06919: Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06922: Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06923: Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06924: Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06927: Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n * CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-35604: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2021-46658: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.\n\n * CVE-2021-46659: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.\n\n * CVE-2021-46661: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).\n\n * CVE-2021-46662: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.\n\n * CVE-2021-46663: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n\n * CVE-2021-46664: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n\n * CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.\n\n * CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.\n\n * CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n\n * CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.\n\n * CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\n\n * CVE-2022-21427: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21595: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n\n * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.\n\n * CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.\n\n * CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n\n * CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.\n\n * CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.\n\n * CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.\n\n * CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.\n\n * CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.\n\n * CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node-\u003epcur-\u003erel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.\n\n * CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.\n\n * CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.\n\n * CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.\n\n * CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.\n\n * CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.\n\n * CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.\n\n * CVE-2022-27458: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-31621: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31622: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31623: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u003ectrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31624: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.\n\n * CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.\n\n * CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.\n\n * CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n\n * CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.\n\n * CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.\n\n * CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.\n\n * CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.\n\n * CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.\n\n * CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.\n\n * CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n * #35242: mysql.lib: CopyLibs: invalid or missing DESTDIR specified\n\n * #41295: без пакета mariadb-pam пакет mariadb-server нерабочий\n\n * #42774: Зависит от libmariadb-devel", + "Description": "This update upgrades mariadb to version 10.6.9-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00903: Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01074: Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01315: Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01641: Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01832: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01851: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02593: Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02594: Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02595: Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02805: Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение\n\n * BDU:2022-03726: Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03789: Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03790: Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03791: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03792: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04064: Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04068: Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04075: Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04076: Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04078: Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04079: Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации\n\n * BDU:2022-04080: Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04082: Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04087: Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-05553: Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05677: Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2022-05691: Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05704: Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05710: Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05712: Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05752: Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05755: Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05757: Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06420: Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06894: Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06904: Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06906: Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06907: Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06909: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06910: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06913: Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06914: Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06915: Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06916: Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06919: Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06922: Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06923: Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06924: Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06927: Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n * CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-35604: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2021-46658: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.\n\n * CVE-2021-46659: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.\n\n * CVE-2021-46661: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).\n\n * CVE-2021-46662: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.\n\n * CVE-2021-46663: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n\n * CVE-2021-46664: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n\n * CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.\n\n * CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.\n\n * CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n\n * CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.\n\n * CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\n\n * CVE-2022-21427: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21595: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n\n * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.\n\n * CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.\n\n * CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n\n * CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.\n\n * CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.\n\n * CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.\n\n * CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.\n\n * CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.\n\n * CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node-\u003epcur-\u003erel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.\n\n * CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.\n\n * CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.\n\n * CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.\n\n * CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.\n\n * CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.\n\n * CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.\n\n * CVE-2022-27458: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate.\n\n * CVE-2022-31621: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31622: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31623: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u003ectrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31624: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.\n\n * CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.\n\n * CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.\n\n * CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n\n * CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.\n\n * CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.\n\n * CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.\n\n * CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.\n\n * CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.\n\n * CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.\n\n * CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n * #35242: mysql.lib: CopyLibs: invalid or missing DESTDIR specified\n\n * #41295: без пакета mariadb-pam пакет mariadb-server нерабочий\n\n * #42774: Зависит от libmariadb-devel", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", @@ -1427,11 +1427,8 @@ }, { "ID": "CVE-2022-27458", - "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-27458", - "Impact": "High", + "Impact": "None", "Public": "20220414" }, { diff --git a/oval/p10/ALT-PU-2024-7114/definitions.json b/oval/p10/ALT-PU-2024-7114/definitions.json new file mode 100644 index 0000000000..8559220ca3 --- /dev/null +++ b/oval/p10/ALT-PU-2024-7114/definitions.json @@ -0,0 +1,106 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20247114", + "Version": "oval:org.altlinux.errata:def:20247114", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-7114: package `ds4drv` update to version 0.5.1-alt3.gitbe7327f", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-7114", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-7114", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades ds4drv to version 0.5.1-alt3.gitbe7327f. \nSecurity Fix(es):\n\n * #45143: Не запускается.\n\n * #50015: Не запускается из-за дубля настроек", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-05-02" + }, + "Updated": { + "Date": "2024-05-02" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "45143", + "Href": "https://bugzilla.altlinux.org/45143", + "Data": "Не запускается." + }, + { + "ID": "50015", + "Href": "https://bugzilla.altlinux.org/50015", + "Data": "Не запускается из-за дубля настроек" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20247114001", + "Comment": "ds4drv is earlier than 0:0.5.1-alt3.gitbe7327f" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7114/objects.json b/oval/p10/ALT-PU-2024-7114/objects.json new file mode 100644 index 0000000000..1dc8f8b1de --- /dev/null +++ b/oval/p10/ALT-PU-2024-7114/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20247114001", + "Version": "1", + "Comment": "ds4drv is installed", + "Name": "ds4drv" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7114/states.json b/oval/p10/ALT-PU-2024-7114/states.json new file mode 100644 index 0000000000..f9eac77530 --- /dev/null +++ b/oval/p10/ALT-PU-2024-7114/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:20247114001", + "Version": "1", + "Comment": "package EVR is earlier than 0:0.5.1-alt3.gitbe7327f", + "Arch": {}, + "EVR": { + "Text": "0:0.5.1-alt3.gitbe7327f", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7114/tests.json b/oval/p10/ALT-PU-2024-7114/tests.json new file mode 100644 index 0000000000..314210f509 --- /dev/null +++ b/oval/p10/ALT-PU-2024-7114/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20247114001", + "Version": "1", + "Check": "all", + "Comment": "ds4drv is earlier than 0:0.5.1-alt3.gitbe7327f", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247114001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247114001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7301/definitions.json b/oval/p10/ALT-PU-2024-7301/definitions.json new file mode 100644 index 0000000000..0ffad60f63 --- /dev/null +++ b/oval/p10/ALT-PU-2024-7301/definitions.json @@ -0,0 +1,105 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20247301", + "Version": "oval:org.altlinux.errata:def:20247301", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-7301: package `ash` update to version 0.5.8-alt1.2e5842258.p10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-7301", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-7301", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades ash to version 0.5.8-alt1.2e5842258.p10.1. \nSecurity Fix(es):\n\n * #50148: ash и beanshell конфликтуют по файлам", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-05-02" + }, + "Updated": { + "Date": "2024-05-02" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "50148", + "Href": "https://bugzilla.altlinux.org/50148", + "Data": "ash и beanshell конфликтуют по файлам" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20247301001", + "Comment": "ash is earlier than 0:0.5.8-alt1.2e5842258.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20247301002", + "Comment": "ash-static is earlier than 0:0.5.8-alt1.2e5842258.p10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7301/objects.json b/oval/p10/ALT-PU-2024-7301/objects.json new file mode 100644 index 0000000000..a57fe849cb --- /dev/null +++ b/oval/p10/ALT-PU-2024-7301/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20247301001", + "Version": "1", + "Comment": "ash is installed", + "Name": "ash" + }, + { + "ID": "oval:org.altlinux.errata:obj:20247301002", + "Version": "1", + "Comment": "ash-static is installed", + "Name": "ash-static" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7301/states.json b/oval/p10/ALT-PU-2024-7301/states.json new file mode 100644 index 0000000000..7f44cabc6f --- /dev/null +++ b/oval/p10/ALT-PU-2024-7301/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:20247301001", + "Version": "1", + "Comment": "package EVR is earlier than 0:0.5.8-alt1.2e5842258.p10.1", + "Arch": {}, + "EVR": { + "Text": "0:0.5.8-alt1.2e5842258.p10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7301/tests.json b/oval/p10/ALT-PU-2024-7301/tests.json new file mode 100644 index 0000000000..050c507883 --- /dev/null +++ b/oval/p10/ALT-PU-2024-7301/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20247301001", + "Version": "1", + "Check": "all", + "Comment": "ash is earlier than 0:0.5.8-alt1.2e5842258.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247301001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247301001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20247301002", + "Version": "1", + "Check": "all", + "Comment": "ash-static is earlier than 0:0.5.8-alt1.2e5842258.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247301002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247301001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7305/definitions.json b/oval/p10/ALT-PU-2024-7305/definitions.json new file mode 100644 index 0000000000..18672e2fc7 --- /dev/null +++ b/oval/p10/ALT-PU-2024-7305/definitions.json @@ -0,0 +1,131 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20247305", + "Version": "oval:org.altlinux.errata:def:20247305", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-7305: package `glpi` update to version 10.0.15-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-7305", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-7305", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-03309", + "RefURL": "https://bdu.fstec.ru/vul/2024-03309", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-29889", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-29889", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-31456", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-31456", + "Source": "CVE" + } + ], + "Description": "This update upgrades glpi to version 10.0.15-alt1. \nSecurity Fix(es):\n\n * BDU:2024-03309: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнять произвольные SQL-запросы\n\n * CVE-2024-29889: description unavailable\n\n * CVE-2024-31456: description unavailable", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-05-02" + }, + "Updated": { + "Date": "2024-05-02" + }, + "BDUs": [ + { + "ID": "BDU:2024-03309", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-89", + "Href": "https://bdu.fstec.ru/vul/2024-03309", + "Impact": "Critical", + "Public": "20240424" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20247305001", + "Comment": "glpi is earlier than 0:10.0.15-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20247305002", + "Comment": "glpi-apache2 is earlier than 0:10.0.15-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20247305003", + "Comment": "glpi-php8.1 is earlier than 0:10.0.15-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20247305004", + "Comment": "glpi-php8.2 is earlier than 0:10.0.15-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7305/objects.json b/oval/p10/ALT-PU-2024-7305/objects.json new file mode 100644 index 0000000000..9369fbc02d --- /dev/null +++ b/oval/p10/ALT-PU-2024-7305/objects.json @@ -0,0 +1,52 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20247305001", + "Version": "1", + "Comment": "glpi is installed", + "Name": "glpi" + }, + { + "ID": "oval:org.altlinux.errata:obj:20247305002", + "Version": "1", + "Comment": "glpi-apache2 is installed", + "Name": "glpi-apache2" + }, + { + "ID": "oval:org.altlinux.errata:obj:20247305003", + "Version": "1", + "Comment": "glpi-php8.1 is installed", + "Name": "glpi-php8.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:20247305004", + "Version": "1", + "Comment": "glpi-php8.2 is installed", + "Name": "glpi-php8.2" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7305/states.json b/oval/p10/ALT-PU-2024-7305/states.json new file mode 100644 index 0000000000..e364916aaa --- /dev/null +++ b/oval/p10/ALT-PU-2024-7305/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:20247305001", + "Version": "1", + "Comment": "package EVR is earlier than 0:10.0.15-alt1", + "Arch": {}, + "EVR": { + "Text": "0:10.0.15-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-7305/tests.json b/oval/p10/ALT-PU-2024-7305/tests.json new file mode 100644 index 0000000000..031820481e --- /dev/null +++ b/oval/p10/ALT-PU-2024-7305/tests.json @@ -0,0 +1,66 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20247305001", + "Version": "1", + "Check": "all", + "Comment": "glpi is earlier than 0:10.0.15-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247305001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247305001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20247305002", + "Version": "1", + "Check": "all", + "Comment": "glpi-apache2 is earlier than 0:10.0.15-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247305002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247305001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20247305003", + "Version": "1", + "Check": "all", + "Comment": "glpi-php8.1 is earlier than 0:10.0.15-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247305003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247305001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20247305004", + "Version": "1", + "Check": "all", + "Comment": "glpi-php8.2 is earlier than 0:10.0.15-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20247305004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20247305001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2023-6462/definitions.json b/oval/p9/ALT-PU-2023-6462/definitions.json index 82ffdbd015..4495251c23 100644 --- a/oval/p9/ALT-PU-2023-6462/definitions.json +++ b/oval/p9/ALT-PU-2023-6462/definitions.json @@ -655,7 +655,7 @@ "Source": "CVE" } ], - "Description": "This update upgrades mariadb to version 10.4.31-alt0.M90P.1. \nSecurity Fix(es):\n\n * BDU:2022-00903: Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01074: Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01315: Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01641: Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01832: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01851: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02593: Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02594: Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02595: Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02805: Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение\n\n * BDU:2022-02835: Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03726: Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03789: Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03790: Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03791: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03792: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04064: Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04068: Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04075: Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04076: Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04078: Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04079: Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации\n\n * BDU:2022-04080: Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04082: Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04087: Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-05553: Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05677: Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2022-05691: Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05704: Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05710: Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05712: Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05752: Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05755: Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05757: Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06420: Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06894: Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06904: Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06906: Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06907: Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06909: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06910: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06913: Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06914: Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06915: Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06916: Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06919: Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06922: Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06923: Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06924: Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06927: Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03856: Уязвимость функции spider_db_mbase::print_warnings() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05660: Уязвимость системы управления базами данных MariaDB , связанная с неправильной обработкой переноса условий из HAVING в WHEREE, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05661: Уязвимость комопнента Item_field::used_tables/update_depend_map_for_order системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05676: Уязвимость компонента my_mb_wc_latin1 системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05677: Уязвимость компонента my_wildcmp_8bit_impl системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05678: Уязвимость компонента ds_compress.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05683: Уязвимость компонента field_conv.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05684: Уязвимость компонента item_cmpfunc.h системы управления базами данных MariaDB, позволяющая нарушителю вызвать ошибку сегментации\n\n * BDU:2023-05685: Уязвимость компонента item_subselect.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06357: Уязвимость средства сканирования и управления уязвимостями OpenVAS системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n * CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-35604: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2021-46657: get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.\n\n * CVE-2021-46658: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.\n\n * CVE-2021-46659: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.\n\n * CVE-2021-46661: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).\n\n * CVE-2021-46662: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.\n\n * CVE-2021-46663: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n\n * CVE-2021-46664: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n\n * CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.\n\n * CVE-2021-46666: MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.\n\n * CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.\n\n * CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n\n * CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.\n\n * CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\n\n * CVE-2022-21427: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21451: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21595: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n\n * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.\n\n * CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.\n\n * CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n\n * CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.\n\n * CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.\n\n * CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.\n\n * CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.\n\n * CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.\n\n * CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node-\u003epcur-\u003erel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.\n\n * CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.\n\n * CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.\n\n * CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.\n\n * CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.\n\n * CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.\n\n * CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.\n\n * CVE-2022-27458: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-31621: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31622: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31623: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u003ectrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31624: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.\n\n * CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.\n\n * CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.\n\n * CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n\n * CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.\n\n * CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.\n\n * CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.\n\n * CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.\n\n * CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.\n\n * CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.\n\n * CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n * CVE-2022-47015: MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.\n\n * CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.", + "Description": "This update upgrades mariadb to version 10.4.31-alt0.M90P.1. \nSecurity Fix(es):\n\n * BDU:2022-00903: Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01074: Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01315: Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01641: Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01832: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01851: Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02593: Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02594: Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02595: Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02805: Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение\n\n * BDU:2022-02835: Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03726: Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03789: Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03790: Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03791: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03792: Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04064: Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04068: Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04075: Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04076: Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04078: Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04079: Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации\n\n * BDU:2022-04080: Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04082: Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-04087: Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации\n\n * BDU:2022-05553: Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05677: Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2022-05691: Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05704: Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05710: Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05712: Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05752: Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05755: Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05757: Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06420: Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06894: Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06904: Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06906: Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06907: Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06909: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06910: Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06913: Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06914: Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06915: Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06916: Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06919: Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06922: Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06923: Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06924: Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06927: Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03856: Уязвимость функции spider_db_mbase::print_warnings() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05660: Уязвимость системы управления базами данных MariaDB , связанная с неправильной обработкой переноса условий из HAVING в WHEREE, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05661: Уязвимость комопнента Item_field::used_tables/update_depend_map_for_order системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05676: Уязвимость компонента my_mb_wc_latin1 системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05677: Уязвимость компонента my_wildcmp_8bit_impl системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05678: Уязвимость компонента ds_compress.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05683: Уязвимость компонента field_conv.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05684: Уязвимость компонента item_cmpfunc.h системы управления базами данных MariaDB, позволяющая нарушителю вызвать ошибку сегментации\n\n * BDU:2023-05685: Уязвимость компонента item_subselect.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06357: Уязвимость средства сканирования и управления уязвимостями OpenVAS системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n * CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-35604: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2021-46657: get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.\n\n * CVE-2021-46658: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.\n\n * CVE-2021-46659: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.\n\n * CVE-2021-46661: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).\n\n * CVE-2021-46662: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.\n\n * CVE-2021-46663: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.\n\n * CVE-2021-46664: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.\n\n * CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.\n\n * CVE-2021-46666: MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.\n\n * CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.\n\n * CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.\n\n * CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.\n\n * CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).\n\n * CVE-2022-21427: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21451: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-21595: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.\n\n * CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.\n\n * CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.\n\n * CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.\n\n * CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.\n\n * CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27385: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.\n\n * CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.\n\n * CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.\n\n * CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.\n\n * CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.\n\n * CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.\n\n * CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.\n\n * CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node-\u003epcur-\u003erel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.\n\n * CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.\n\n * CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.\n\n * CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.\n\n * CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.\n\n * CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.\n\n * CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.\n\n * CVE-2022-27458: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate.\n\n * CVE-2022-31621: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31622: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31623: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd-\u003ectrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-31624: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.\n\n * CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.\n\n * CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.\n\n * CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.\n\n * CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.\n\n * CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.\n\n * CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.\n\n * CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.\n\n * CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.\n\n * CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.\n\n * CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.\n\n * CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n * CVE-2022-47015: MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.\n\n * CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", @@ -1633,11 +1633,8 @@ }, { "ID": "CVE-2022-27458", - "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-27458", - "Impact": "High", + "Impact": "None", "Public": "20220414" }, {