libmariadbd-devel-10.9.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12360-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmariadbd-devel-10.9.3-1.1 on GA media These are all security issues fixed in the libmariadbd-devel-10.9.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12360 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-25032/ SUSE CVE CVE-2018-25032 page https://www.suse.com/security/cve/CVE-2022-32081/ SUSE CVE CVE-2022-32081 page https://www.suse.com/security/cve/CVE-2022-32082/ SUSE CVE CVE-2022-32082 page https://www.suse.com/security/cve/CVE-2022-32084/ SUSE CVE CVE-2022-32084 page https://www.suse.com/security/cve/CVE-2022-32089/ SUSE CVE CVE-2022-32089 page https://www.suse.com/security/cve/CVE-2022-32091/ SUSE CVE CVE-2022-32091 page https://www.suse.com/security/cve/CVE-2022-38791/ SUSE CVE CVE-2022-38791 page openSUSE Tumbleweed libmariadbd-devel-10.9.3-1.1 libmariadbd19-10.9.3-1.1 mariadb-10.9.3-1.1 mariadb-bench-10.9.3-1.1 mariadb-client-10.9.3-1.1 mariadb-errormessages-10.9.3-1.1 mariadb-galera-10.9.3-1.1 mariadb-rpm-macros-10.9.3-1.1 mariadb-test-10.9.3-1.1 mariadb-tools-10.9.3-1.1 libmariadbd-devel-10.9.3-1.1 as a component of openSUSE Tumbleweed libmariadbd19-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-bench-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-client-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-errormessages-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-galera-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-rpm-macros-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-test-10.9.3-1.1 as a component of openSUSE Tumbleweed mariadb-tools-10.9.3-1.1 as a component of openSUSE Tumbleweed zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVE-2018-25032 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-25032.html CVE-2018-25032 https://bugzilla.suse.com/1197459 SUSE Bug 1197459 https://bugzilla.suse.com/1197893 SUSE Bug 1197893 https://bugzilla.suse.com/1198667 SUSE Bug 1198667 https://bugzilla.suse.com/1199104 SUSE Bug 1199104 https://bugzilla.suse.com/1200049 SUSE Bug 1200049 https://bugzilla.suse.com/1201732 SUSE Bug 1201732 https://bugzilla.suse.com/1202688 SUSE Bug 1202688 https://bugzilla.suse.com/1224427 SUSE Bug 1224427 MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32081 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32081.html CVE-2022-32081 https://bugzilla.suse.com/1201161 SUSE Bug 1201161 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. CVE-2022-32082 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32082.html CVE-2022-32082 https://bugzilla.suse.com/1201162 SUSE Bug 1201162 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. CVE-2022-32084 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32084.html CVE-2022-32084 https://bugzilla.suse.com/1201164 SUSE Bug 1201164 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. CVE-2022-32089 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32089.html CVE-2022-32089 https://bugzilla.suse.com/1201169 SUSE Bug 1201169 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. CVE-2022-32091 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32091.html CVE-2022-32091 https://bugzilla.suse.com/1201170 SUSE Bug 1201170 In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. CVE-2022-38791 openSUSE Tumbleweed:libmariadbd-devel-10.9.3-1.1 openSUSE Tumbleweed:libmariadbd19-10.9.3-1.1 openSUSE Tumbleweed:mariadb-10.9.3-1.1 openSUSE Tumbleweed:mariadb-bench-10.9.3-1.1 openSUSE Tumbleweed:mariadb-client-10.9.3-1.1 openSUSE Tumbleweed:mariadb-errormessages-10.9.3-1.1 openSUSE Tumbleweed:mariadb-galera-10.9.3-1.1 openSUSE Tumbleweed:mariadb-rpm-macros-10.9.3-1.1 openSUSE Tumbleweed:mariadb-test-10.9.3-1.1 openSUSE Tumbleweed:mariadb-tools-10.9.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-38791.html CVE-2022-38791 https://bugzilla.suse.com/1202863 SUSE Bug 1202863