Security update for mariadb

Announcement ID:	SUSE-SU-2022:2003-1
Rating:	important
References:	bsc#1198603 bsc#1198604 bsc#1198605 bsc#1198606 bsc#1198607 bsc#1198609 bsc#1198610 bsc#1198611 bsc#1198612 bsc#1198613 bsc#1198628 bsc#1198629 bsc#1198630 bsc#1198631 bsc#1198632 bsc#1198633 bsc#1198634 bsc#1198635 bsc#1198636 bsc#1198637 bsc#1198638 bsc#1198639 bsc#1198640 bsc#1199928
Cross-References:	CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458
CVSS scores:	CVE-2021-46669 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21427 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27376 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27379 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27382 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27382 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27444 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27444 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27446 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27446 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27447 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27447 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27448 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27448 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27449 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27449 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27451 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27451 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27452 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27452 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27455 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27455 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27456 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27456 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27457 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27457 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27458 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27458 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Galera for Ericsson 15 SP3 openSUSE Leap 15.3 Server Applications Module 15-SP3 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 SUSE Package Hub 15 15-SP3

An update that solves 25 vulnerabilities can now be installed.

Description:

This update for mariadb fixes the following issues:

Update to 10.5.16 (bsc#1199928):

• CVE-2021-46669 (bsc#1199928)
• CVE-2022-27376 (bsc#1198628)
• CVE-2022-27377 (bsc#1198603)
• CVE-2022-27378 (bsc#1198604)
• CVE-2022-27379 (bsc#1198605)
• CVE-2022-27380 (bsc#1198606)
• CVE-2022-27381 (bsc#1198607)
• CVE-2022-27382 (bsc#1198609)
• CVE-2022-27383 (bsc#1198610)
• CVE-2022-27384 (bsc#1198611)
• CVE-2022-27386 (bsc#1198612)
• CVE-2022-27387 (bsc#1198613)
• CVE-2022-27444 (bsc#1198634)
• CVE-2022-27445 (bsc#1198629)
• CVE-2022-27446 (bsc#1198630)
• CVE-2022-27447 (bsc#1198631)
• CVE-2022-27448 (bsc#1198632)
• CVE-2022-27449 (bsc#1198633)
• CVE-2022-27451 (bsc#1198639)
• CVE-2022-27452 (bsc#1198640)
• CVE-2022-27455 (bsc#1198638)
• CVE-2022-27456 (bsc#1198635)
• CVE-2022-27457 (bsc#1198636)

• CVE-2022-27458 (bsc#1198637)

• The following issue is not affecting this package: CVE-2022-21427

External refernences:

• https://mariadb.com/kb/en/library/mariadb-10516-release-notes
• https://mariadb.com/kb/en/library/mariadb-10516-changelog

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-2003=1
• SUSE Package Hub 15 15-SP3
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2003=1
• Server Applications Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2003=1
• Galera for Ericsson 15 SP3
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2022-2003=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • mariadb-client-10.5.16-150300.3.18.1
  • libmariadbd19-debuginfo-10.5.16-150300.3.18.1
  • mariadb-10.5.16-150300.3.18.1
  • mariadb-bench-debuginfo-10.5.16-150300.3.18.1
  • mariadb-client-debuginfo-10.5.16-150300.3.18.1
  • mariadb-test-10.5.16-150300.3.18.1
  • mariadb-galera-10.5.16-150300.3.18.1
  • mariadb-test-debuginfo-10.5.16-150300.3.18.1
  • mariadb-debuginfo-10.5.16-150300.3.18.1
  • mariadb-tools-10.5.16-150300.3.18.1
  • mariadb-rpm-macros-10.5.16-150300.3.18.1
  • libmariadbd19-10.5.16-150300.3.18.1
  • mariadb-tools-debuginfo-10.5.16-150300.3.18.1
  • mariadb-bench-10.5.16-150300.3.18.1
  • mariadb-debugsource-10.5.16-150300.3.18.1
  • libmariadbd-devel-10.5.16-150300.3.18.1
• openSUSE Leap 15.3 (noarch)
  • mariadb-errormessages-10.5.16-150300.3.18.1
• SUSE Package Hub 15 15-SP3 (aarch64 ppc64le s390x x86_64)
  • mariadb-galera-10.5.16-150300.3.18.1
• Server Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • mariadb-client-10.5.16-150300.3.18.1
  • libmariadbd19-debuginfo-10.5.16-150300.3.18.1
  • mariadb-10.5.16-150300.3.18.1
  • mariadb-client-debuginfo-10.5.16-150300.3.18.1
  • mariadb-debuginfo-10.5.16-150300.3.18.1
  • libmariadbd19-10.5.16-150300.3.18.1
  • mariadb-tools-debuginfo-10.5.16-150300.3.18.1
  • mariadb-tools-10.5.16-150300.3.18.1
  • mariadb-debugsource-10.5.16-150300.3.18.1
  • libmariadbd-devel-10.5.16-150300.3.18.1
• Server Applications Module 15-SP3 (noarch)
  • mariadb-errormessages-10.5.16-150300.3.18.1
• Galera for Ericsson 15 SP3 (x86_64)
  • mariadb-galera-10.5.16-150300.3.18.1

References:

• https://www.suse.com/security/cve/CVE-2021-46669.html
• https://www.suse.com/security/cve/CVE-2022-21427.html
• https://www.suse.com/security/cve/CVE-2022-27376.html
• https://www.suse.com/security/cve/CVE-2022-27377.html
• https://www.suse.com/security/cve/CVE-2022-27378.html
• https://www.suse.com/security/cve/CVE-2022-27379.html
• https://www.suse.com/security/cve/CVE-2022-27380.html
• https://www.suse.com/security/cve/CVE-2022-27381.html
• https://www.suse.com/security/cve/CVE-2022-27382.html
• https://www.suse.com/security/cve/CVE-2022-27383.html
• https://www.suse.com/security/cve/CVE-2022-27384.html
• https://www.suse.com/security/cve/CVE-2022-27386.html
• https://www.suse.com/security/cve/CVE-2022-27387.html
• https://www.suse.com/security/cve/CVE-2022-27444.html
• https://www.suse.com/security/cve/CVE-2022-27445.html
• https://www.suse.com/security/cve/CVE-2022-27446.html
• https://www.suse.com/security/cve/CVE-2022-27447.html
• https://www.suse.com/security/cve/CVE-2022-27448.html
• https://www.suse.com/security/cve/CVE-2022-27449.html
• https://www.suse.com/security/cve/CVE-2022-27451.html
• https://www.suse.com/security/cve/CVE-2022-27452.html
• https://www.suse.com/security/cve/CVE-2022-27455.html
• https://www.suse.com/security/cve/CVE-2022-27456.html
• https://www.suse.com/security/cve/CVE-2022-27457.html
• https://www.suse.com/security/cve/CVE-2022-27458.html
• https://bugzilla.suse.com/show_bug.cgi?id=1198603
• https://bugzilla.suse.com/show_bug.cgi?id=1198604
• https://bugzilla.suse.com/show_bug.cgi?id=1198605
• https://bugzilla.suse.com/show_bug.cgi?id=1198606
• https://bugzilla.suse.com/show_bug.cgi?id=1198607
• https://bugzilla.suse.com/show_bug.cgi?id=1198609
• https://bugzilla.suse.com/show_bug.cgi?id=1198610
• https://bugzilla.suse.com/show_bug.cgi?id=1198611
• https://bugzilla.suse.com/show_bug.cgi?id=1198612
• https://bugzilla.suse.com/show_bug.cgi?id=1198613
• https://bugzilla.suse.com/show_bug.cgi?id=1198628
• https://bugzilla.suse.com/show_bug.cgi?id=1198629
• https://bugzilla.suse.com/show_bug.cgi?id=1198630
• https://bugzilla.suse.com/show_bug.cgi?id=1198631
• https://bugzilla.suse.com/show_bug.cgi?id=1198632
• https://bugzilla.suse.com/show_bug.cgi?id=1198633
• https://bugzilla.suse.com/show_bug.cgi?id=1198634
• https://bugzilla.suse.com/show_bug.cgi?id=1198635
• https://bugzilla.suse.com/show_bug.cgi?id=1198636
• https://bugzilla.suse.com/show_bug.cgi?id=1198637
• https://bugzilla.suse.com/show_bug.cgi?id=1198638
• https://bugzilla.suse.com/show_bug.cgi?id=1198639
• https://bugzilla.suse.com/show_bug.cgi?id=1198640
• https://bugzilla.suse.com/show_bug.cgi?id=1199928