Bug 1175596 - VUL-0: mariadb: Update to 10.2.33/10.4.14
VUL-0: mariadb: Update to 10.2.33/10.4.14
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-21 11:48 UTC by Alexandros Toptsoglou
Modified: 2020-12-04 17:16 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-08-21 11:48:09 UTC
Notable Changes
Variables

    Limit innodb_encryption_threads to 255 (MDEV-22258).
    Minimum value of max_sort_length raised to 8 (previously 4) so fixed size data types like DOUBLE and BIGINT are not truncated for lower values of max_sort_length (MDEV-22715). 

InnoDB

    InnoDB updated to 5.7.29
    Fixed corruption in delete buffering (MDEV-22497)
    Fixed a deadlock in FLUSH TABLES…FOR EXPORT (MDEV-22890)
    InnoDB data file extension is not crash-safe (MDEV-23190)
    Minor fixes related to encryption and FULLTEXT INDEX
    Dropping the adaptive hash index may cause DDL to lock up InnoDB (MDEV-22456)
    innodb_log_optimize_ddl=OFF is not crash safe (MDEV-21347)
    Mariadb service won't shutdown when it's running and the OS datetime updated backwards (MDEV-17481)
    Doublewrite recovery can corrupt data pages (MDEV-11799)
    Fixed race conditions related to buffer pool resizing
    Crash recovery fixes (MDEV-21347, MDEV-23190, MDEV-11799) 

Replication

    Make the binlog dump thread to log into errorlog a requested GTID position (MDEV-20428)
    Fix stop of the optimistic parallel slave at requested START-SLAVE-UNTIL position (MDEV-15152)
    Properly handle RESET MASTER TO value, when the value exceeds the max allowed 2147483647 (MDEV-22451)
    Correct 'relay-log.info' updating by concurrent parallel workers (MDEV-22806)
    Eliminate deadlock involving parallel workers, STOP SLAVE and FLUSH TABLES WITH READ LOCK (MDEV-23089)
    Correct master-slave automatic reconnection by slave to always pass through all steps of the initial connect. Specifically, do not skip master notification about slave binlog checksum awareness (MDEV-14203) 

Optimizer

    ALTER TABLE ... ANALYZE PARTITION ... with EITS reads and locks all rows ... (MDEV-21472)
    Print ranges in the optimizer trace created for non-indexed columns when optimizer_use_condition_selectivity >2 Now the optimizer trace shows the ranges constructed while getting estimates from EITS (MDEV-22665)
    LATERAL DERIVED is not clearly visible in EXPLAIN FORMAT=JSON, make LATERAL DERIVED tables visible in EXPLAIN FORMAT=JSON output (MDEV-17568)
    Crash on WITH RECURSIVE large query (MDEV-22748)
    Crash with Prepared Statement with a '?' parameter inside a re-used CTE (MDEV-22779) 

Other

    MariaDB could crash after changing the query_cache size (MDEV-5924)
    Errors and SIGSEGV on CREATE TABLE w/ various charsets (MDEV-22111)
    Crash in CREATE TABLE AS SELECT when the precision of returning type = 0 (MDEV-22502)
    XA: Reject DDL operations between PREPARE and COMMIT (MDEV-22420)
    Stop mariabackup --prepare on errors during innodb redo log applying (MDEV-22354)
    Server crashes in mysql_alter_table upon adding a non-null date column under NO_ZERO_DATE with ALGORITHM=INPLACE (MDEV-18042)
    Can't uninstall plugin if the library file doesn't exist (MDEV-21258) 

https://mariadb.com/kb/en/mariadb-10233-release-notes/
Comment 4 Swamp Workflow Management 2020-08-26 13:16:53 UTC
SUSE-RU-2020:2332-1: An update that has three recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1173516,1174559,1175596
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    mariadb-10.4.14-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-08-31 04:15:28 UTC
openSUSE-RU-2020:1300-1: An update that has three recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1173516,1174559,1175596
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    mariadb-10.4.14-lp152.2.3.1
Comment 6 Marcus Meissner 2020-11-11 16:38:40 UTC
closing
Comment 9 Swamp Workflow Management 2020-11-24 14:17:29 UTC
SUSE-SU-2020:3497-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1172399,1175596,1177472,1178428
CVE References: CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    mariadb-10.2.36-3.33.1, mariadb-connector-c-3.1.11-2.19.1
SUSE OpenStack Cloud 9 (src):    mariadb-10.2.36-3.33.1, mariadb-connector-c-3.1.11-2.19.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    mariadb-10.2.36-3.33.1, mariadb-connector-c-3.1.11-2.19.1
SUSE Linux Enterprise Server 12-SP5 (src):    mariadb-10.2.36-3.33.1, mariadb-connector-c-3.1.11-2.19.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    mariadb-10.2.36-3.33.1, mariadb-connector-c-3.1.11-2.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-11-24 17:16:08 UTC
SUSE-SU-2020:3500-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1175596,1177472,1178428
CVE References: CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    mariadb-10.2.36-3.34.4, mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise Server 15-LTSS (src):    mariadb-10.2.36-3.34.4, mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    mariadb-10.2.36-3.34.4, mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    mariadb-10.2.36-3.34.4, mariadb-connector-c-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    mariadb-10.2.36-3.34.4, mariadb-connector-c-3.1.11-3.22.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-11-28 14:14:53 UTC
openSUSE-SU-2020:2090-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1175596,1177472,1178428
CVE References: CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    mariadb-10.2.36-lp152.2.6.1, mariadb-connector-c-3.1.11-lp152.2.3.1
Comment 13 Swamp Workflow Management 2020-12-02 23:16:06 UTC
openSUSE-SU-2020:2149-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1175596,1177472,1178428
CVE References: CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    mariadb-10.2.36-lp151.2.18.1, mariadb-connector-c-3.1.11-lp151.3.15.1
Comment 14 Swamp Workflow Management 2020-12-04 17:16:37 UTC
SUSE-SU-2020:3625-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1171550,1175596,1177472,1178428
CVE References: CVE-2020-13249,CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180,CVE-2020-2752,CVE-2020-2760,CVE-2020-2812,CVE-2020-2814
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    mariadb-10.2.36-19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.