CVE-2022-24048 et al affect MariaDB in Ubuntu
Bug #1961350 reported by
Otto Kekäläinen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-10.3 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
mariadb-10.5 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
mariadb-10.6 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
According to https:/
I am working on updates for all maintained Ubuntu versions for MariaDB:
- mariadb-10.3 in Focal
- mariadb-10.5 in Impish
MariaDB 10.6 in Jammy will automatically import the new version from Debian Sid once available. MariaDB 10.5 should be removed from Jammy (as already done in Debian Sid and Testing).
Security sponsor note this: https:/
Changed in mariadb-10.3 (Ubuntu): | |
importance: | Undecided → Medium |
Changed in mariadb-10.6 (Ubuntu): | |
importance: | Undecided → Medium |
Changed in mariadb-10.6 (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
The 10.3 series update for 20.04 is now available.
Please use git-buildpackage to fetch and build from the ubuntu-20.04 branch at https:/ /salsa. debian. org/mariadb- team/mariadb- 10.3/tree/ ubuntu- 20.04
The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.
Test builds and testsuite passed on all platforms at /launchpad. net/~mysql- ubuntu/ +archive/ ubuntu/ mariadb- 10.3/+builds? build_text= &build_ state=all
https:/
Debdiffs can be created directly from the repo like in a local clone with 'git diff <tag1>..<tag2> debian/'
Changelog:
* SECURITY UPDATE: New upstream version 10.3.34 includes fixes for the buffer_ pool_size is 20 MB (from 2 MB)
following security vulnerabilities (LP: #1961350):
- CVE-2021-46661
- CVE-2021-46663
- CVE-2021-46664
- CVE-2021-46665
- CVE-2021-46668
* Previous upstream version 10.3.33 included security fixes for:
- CVE-2021-46659
- CVE-2022-24048
- CVE-2022-24050
- CVE-2022-24051
- CVE-2022-24052
* Previous upstream version 10.3.32 included security fixes for:
- CVE-2021-46662
- CVE-2021-46667
* Upstream version 10.3.33 was skipped as upstream pulled the release within a
couple of days of release due to severe regression
* Notable upstream functional changes in 10.3.33:
- New default minimum value for innodb_
-- Otto Kekäläinen <email address hidden> Thu, 17 Feb 2022 18:15:59 -0800