{"schema_version":"1.7.2","id":"OESA-2021-1250","modified":"2021-07-03T11:03:01Z","published":"2021-07-03T11:03:01Z","upstream":["CVE-2021-27928","CVE-2020-15180"],"summary":"mariadb security update","details":"MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.\r\n\r\nSecurity Fix(es):\r\n\r\nA remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.(CVE-2021-27928)\r\n\r\nA flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system\u0026apos;s confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.(CVE-2020-15180)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"mariadb","purl":"pkg:rpm/openEuler/mariadb\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.3.9-11.oe1"}]}],"ecosystem_specific":{"aarch64":["mariadb-common-10.3.9-11.oe1.aarch64.rpm","mariadb-cracklib-10.3.9-11.oe1.aarch64.rpm","mariadb-debugsource-10.3.9-11.oe1.aarch64.rpm","mariadb-10.3.9-11.oe1.aarch64.rpm","mariadb-oqgraph-engine-10.3.9-11.oe1.aarch64.rpm","mariadb-embedded-10.3.9-11.oe1.aarch64.rpm","mariadb-gssapi-server-10.3.9-11.oe1.aarch64.rpm","mariadb-server-10.3.9-11.oe1.aarch64.rpm","mariadb-devel-10.3.9-11.oe1.aarch64.rpm","mariadb-server-galera-10.3.9-11.oe1.aarch64.rpm","mariadb-backup-10.3.9-11.oe1.aarch64.rpm","mariadb-debuginfo-10.3.9-11.oe1.aarch64.rpm","mariadb-embedded-devel-10.3.9-11.oe1.aarch64.rpm","mariadb-errmessage-10.3.9-11.oe1.aarch64.rpm","mariadb-test-10.3.9-11.oe1.aarch64.rpm"],"src":["mariadb-10.3.9-11.oe1.src.rpm"],"x86_64":["mariadb-gssapi-server-10.3.9-11.oe1.x86_64.rpm","mariadb-oqgraph-engine-10.3.9-11.oe1.x86_64.rpm","mariadb-devel-10.3.9-11.oe1.x86_64.rpm","mariadb-cracklib-10.3.9-11.oe1.x86_64.rpm","mariadb-debuginfo-10.3.9-11.oe1.x86_64.rpm","mariadb-10.3.9-11.oe1.x86_64.rpm","mariadb-errmessage-10.3.9-11.oe1.x86_64.rpm","mariadb-common-10.3.9-11.oe1.x86_64.rpm","mariadb-debugsource-10.3.9-11.oe1.x86_64.rpm","mariadb-embedded-10.3.9-11.oe1.x86_64.rpm","mariadb-server-10.3.9-11.oe1.x86_64.rpm","mariadb-server-galera-10.3.9-11.oe1.x86_64.rpm","mariadb-embedded-devel-10.3.9-11.oe1.x86_64.rpm","mariadb-test-10.3.9-11.oe1.x86_64.rpm","mariadb-backup-10.3.9-11.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1250"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27928"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15180"}],"database_specific":{"severity":"Critical"}}