[SECURITY] [DLA 2605-1] mariadb-10.1 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2605-1] mariadb-10.1 security update
From: Anton Gladky <gladk@debian.org>
Date: Tue, 23 Mar 2021 07:37:33 +0100 (CET)
Message-id: <[🔎] 20210323063733.538F34A01D9@thinkpad.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2605-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
March 22, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mariadb-10.1
Version        : 10.1.48-0+deb9u2
CVE ID         : CVE-2021-27928

A remote code execution issue was discovered in MariaDB. An untrusted search
path leads to eval injection, in which a database SUPER user can execute OS
commands after modifying wsrep_provider and wsrep_notify_cmd.

For Debian 9 stretch, this problem has been fixed in version
10.1.48-0+deb9u2.

We recommend that you upgrade your mariadb-10.1 packages.

For the detailed security status of mariadb-10.1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.1

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmBZjKkACgkQ0+Fzg8+n
/wai4g/5Af31KHUFQnd+4/73CfoxoLLHCWo59TJA76EVsQwbIHF1N+4uM1pzVXjf
VSbzKSfL3PSMHGs5NcBRlT+Aofn3G3lNMEKpEVQoeCH1vPLUuqclUIssTX+biPAJ
4HkmiUhJRSnXVPcTGFmSqGOq4Wb0iDeUBOlX6Zgx6XFh5BFRrD/gZZQp7BUMJ4Xd
xBoDiBsutBrPy3zovUEfNYypc5vJQZ/6WGkqxEqVpkP35Tte2z2SGRimRnw3HlDl
jP2NvqauY+xf2QKwEE3h/aqwF4RC9NSSlxnBMXW+4MF2+F/7IpKaBk8WXBGdUBVc
CMJXvW85QBeqguA1umkCRpL2/lUAiY3F79ywzmZVngO7UV80bSSXEx//9hGeS5pd
6oqI97bICLeJmGmS+B9jJotXDQazYfwxtYSEClPFYsWDVNmyw6TwxGs4TVIyf5cn
+g3A80aHVgTIjtYN5wTmB9dmg5daVfGedy7BrosNCreAQfVWkwv5St8ep36rBw3u
IoFD4Of1cnlXK8GglC1pze3n/2Fn9pm9R7JioXyJdme6L9C2vap9ocTNMpRFfA4U
EIP1l2lb5vBt5S65tCTX6yosFaYjH7nMFWSmHYxv4vuBaZsubhRE5zAMsoPdrOLN
8prsh5O/RXvYb0ZsYQY1eApjTz05nGEw7wtyZqj1dWjQjpsCP9U=
=omZt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2604-1] dnsmasq security update
Next by Date: [SECURITY] [DLA 2603-1] libmediainfo security update
Previous by thread: [SECURITY] [DLA 2604-1] dnsmasq security update
Next by thread: [SECURITY] [DLA 2603-1] libmediainfo security update
Index(es):
- Date
- Thread