Updated mariadb packages fix security vulnerability
Publication date: 29 Aug 2022Type: security
Affected Mageia releases : 8
CVE: CVE-2018-25032 , CVE-2022-32081 , CVE-2022-32082 , CVE-2022-32084 , CVE-2022-32089 , CVE-2022-32091
Description
zlib before 1.2.12 allows memory corruption when deflating (i.e., when
compressing) if the input has many distant matches. (CVE-2018-25032)
A use-after-poison in prepare_inplace_add_virtual at
/storage/innobase/handler/handler0alter.cc. (CVE-2022-32081)
An assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
(CVE-2022-32082)
Segmentation fault via the component sub_select. (CVE-2022-32084)
Segmentation fault via the component st_select_lex_unit::exclude_level.
(CVE-2022-32089)
References
- https://bugs.mageia.org/show_bug.cgi?id=30754
- https://mariadb.com/kb/en/mariadb-10517-release-notes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
SRPMS
8/core
- mariadb-10.5.17-1.mga8