Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3008-1 Final 1 1 2021-09-09T13:22:35Z current 2021-09-09T13:22:35Z 2021-09-09T13:22:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-3008,SUSE-OpenStack-Cloud-9-2021-3008,SUSE-OpenStack-Cloud-Crowbar-9-2021-3008,SUSE-SLE-SAP-12-SP4-2021-3008,SUSE-SLE-SERVER-12-SP4-LTSS-2021-3008,SUSE-SLE-SERVER-12-SP5-2021-3008 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213008-1/ Link for SUSE-SU-2021:3008-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009430.html E-Mail link for SUSE-SU-2021:3008-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182255 SUSE Bug 1182255 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://www.suse.com/security/cve/CVE-2021-2372/ SUSE CVE CVE-2021-2372 page https://www.suse.com/security/cve/CVE-2021-2389/ SUSE CVE CVE-2021-2389 page SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libmysqld-devel-10.2.40-3.39.1 libmysqld19-10.2.40-3.39.1 mariadb-10.2.40-3.39.1 mariadb-bench-10.2.40-3.39.1 mariadb-client-10.2.40-3.39.1 mariadb-errormessages-10.2.40-3.39.1 mariadb-galera-10.2.40-3.39.1 mariadb-test-10.2.40-3.39.1 mariadb-tools-10.2.40-3.39.1 mariadb-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS mariadb-client-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS mariadb-errormessages-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS mariadb-tools-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS mariadb-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP5 mariadb-client-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP5 mariadb-errormessages-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP5 mariadb-tools-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server 12 SP5 mariadb-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 mariadb-client-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 mariadb-errormessages-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 mariadb-tools-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 mariadb-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mariadb-client-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mariadb-errormessages-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mariadb-tools-10.2.40-3.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mariadb-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud 9 mariadb-client-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud 9 mariadb-errormessages-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud 9 mariadb-galera-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud 9 mariadb-tools-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud 9 mariadb-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud Crowbar 9 mariadb-client-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud Crowbar 9 mariadb-errormessages-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud Crowbar 9 mariadb-galera-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud Crowbar 9 mariadb-tools-10.2.40-3.39.1 as a component of SUSE OpenStack Cloud Crowbar 9 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2372 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-tools-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-tools-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-tools-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-tools-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-client-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-errormessages-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-galera-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-tools-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-client-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-errormessages-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-galera-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-tools-10.2.40-3.39.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213008-1/ https://www.suse.com/security/cve/CVE-2021-2372.html CVE-2021-2372 https://bugzilla.suse.com/1188549 SUSE Bug 1188549 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://bugzilla.suse.com/1199955 SUSE Bug 1199955 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2389 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP4-LTSS:mariadb-tools-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server 12 SP5:mariadb-tools-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mariadb-tools-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-client-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-errormessages-10.2.40-3.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mariadb-tools-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-client-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-errormessages-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-galera-10.2.40-3.39.1 SUSE OpenStack Cloud 9:mariadb-tools-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-client-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-errormessages-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-galera-10.2.40-3.39.1 SUSE OpenStack Cloud Crowbar 9:mariadb-tools-10.2.40-3.39.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213008-1/ https://www.suse.com/security/cve/CVE-2021-2389.html CVE-2021-2389 https://bugzilla.suse.com/1188549 SUSE Bug 1188549 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://bugzilla.suse.com/1199955 SUSE Bug 1199955