USN-6600-1: MariaDB vulnerabilities

24810

23 July 2024

23 July 2024

CLOSED

MEDIUM

CVE-2023-22084;CVE-2022-47015

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 18.04

Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update Instructions: Run `sudo pro fix USN-6600-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.3.39-0ubuntu0.20.04.2 mariadb-backup - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-connect - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-spider - 1:10.3.39-0ubuntu0.20.04.2 libmariadbclient-dev - 1:10.3.39-0ubuntu0.20.04.2 libmariadb-dev - 1:10.3.39-0ubuntu0.20.04.2 libmariadb3 - 1:10.3.39-0ubuntu0.20.04.2 libmariadbd19 - 1:10.3.39-0ubuntu0.20.04.2 mariadb-client-core-10.3 - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-tokudb - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-mroonga - 1:10.3.39-0ubuntu0.20.04.2 mariadb-client - 1:10.3.39-0ubuntu0.20.04.2 mariadb-server-10.3 - 1:10.3.39-0ubuntu0.20.04.2 mariadb-server-core-10.3 - 1:10.3.39-0ubuntu0.20.04.2 mariadb-test-data - 1:10.3.39-0ubuntu0.20.04.2 mariadb-client-10.3 - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-rocksdb - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-gssapi-client - 1:10.3.39-0ubuntu0.20.04.2 libmariadbd-dev - 1:10.3.39-0ubuntu0.20.04.2 libmariadb-dev-compat - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-gssapi-server - 1:10.3.39-0ubuntu0.20.04.2 mariadb-server - 1:10.3.39-0ubuntu0.20.04.2 mariadb-common - 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-oqgraph - 1:10.3.39-0ubuntu0.20.04.2 mariadb-test - 1:10.3.39-0ubuntu0.20.04.2 No subscription required.

Fixed and Unaffected VMware Products and Versions

  • Cflinuxfs4
    • 1.69.0 or greater
  • CF Deployment
    • 37.5.0 or greater
  • Isolation Segment
    • 4.0.18+LTS-T or greater
    • 5.0.8 or greater
    • 6.0.x unaffected
  • VMware Tanzu Applications Service for VMs
    • 4.0.18+LTS-T or greater
    • 5.0.8 or greater
    • 6.0.x unaffected
  • Operation Manager Image
    • 3.0.x unaffected

References

https://ubuntu.com/security/notices/USN-6600-1

https://www.cloudfoundry.org/blog/usn-6600-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6600-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24810

History

2024-01-25: Initial vulnerability report published.