SUSE-CU-2022:258-1: Security update of suse/rmt-mariadb

sle-security-updates at sle-security-updates at
Sun Mar 6 08:05:31 UTC 2022

SUSE Container Update Advisory: suse/rmt-mariadb
Container Advisory ID : SUSE-CU-2022:258-1
Container Tags        : suse/rmt-mariadb:10.5 , suse/rmt-mariadb:10.5-3.5 , suse/rmt-mariadb:latest
Container Release     : 3.5
Severity              : important
Type                  : security
References            : 1188348 1188507 1192954 1193632 1194976 1195325 1195334 1195339
                        1196016 1196025 1196026 1196168 1196169 1196171 CVE-2021-3995
                        CVE-2021-3996 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661
                        CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048
                        CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-25235 CVE-2022-25236
                        CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 

The container suse/rmt-mariadb was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2021:2626-1
Released:    Thu Aug  5 12:10:35 2021
Summary:     Recommended maintenance update for libeconf
Type:        recommended
Severity:    moderate
References:  1188348
This update for libeconf fixes the following issue:

- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
Advisory ID: SUSE-SU-2022:713-1
Released:    Fri Mar  4 09:34:17 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

Advisory ID: SUSE-SU-2022:727-1
Released:    Fri Mar  4 10:39:21 2022
Summary:     Security update for libeconf, shadow and util-linux
Type:        security
Severity:    moderate
References:  1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996
This security update for libeconf, shadow and util-linux fix the following issues:


- Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' 
  to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

Issues fixed in libeconf:
- Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
- Fixed different issues while writing string values to file.
- Writing comments to file too.
- Fixed crash while merging values.
- Added econftool cat option (#146)
- new API call: econf_readDirsHistory (showing ALL locations)
- new API call: econf_getPath (absolute path of the configuration file)
- Man pages libeconf.3 and econftool.8.
- Handling multiline strings.
- Added libeconf_ext which returns more information like
  line_nr, comments, path of the configuration file,...
- Econftool, an command line interface for handling configuration
- Generating HTML API documentation with doxygen.
- Improving error handling and semantic file check.
- Joining entries with the same key to one single entry if
  env variable ECONF_JOIN_SAME_ENTRIES has been set.


- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to 
  read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)


- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to 
  read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
- Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507)
- Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507)
- CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) 
- CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)

Advisory ID: SUSE-SU-2022:731-1
Released:    Fri Mar  4 14:47:06 2022
Summary:     Security update for mariadb
Type:        security
Severity:    important
References:  1195325,1195334,1195339,1196016,CVE-2021-46657,CVE-2021-46658,CVE-2021-46659,CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668,CVE-2022-24048,CVE-2022-24050,CVE-2022-24051,CVE-2022-24052
This update for mariadb fixes the following issues:

- Update to 10.5.15 (bsc#1196016):
    * 10.5.15: CVE-2021-46665
    * 10.5.14: CVE-2022-24052
             CVE-2021-46659, bsc#1195339
- The following issues have already been fixed in this package but weren't
  previously mentioned in the changes file:
  CVE-2021-46658, bsc#1195334
  CVE-2021-46657, bsc#1195325

The following package changes have been done:

- mariadb-client-10.5.15-150300.3.15.1 updated
- libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added
- libexpat1-2.2.5-3.15.1 updated
- mariadb-errormessages-10.5.15-150300.3.15.1 updated
- util-linux-2.36.2-150300.4.14.3 updated
- mariadb-10.5.15-150300.3.15.1 updated
- mariadb-tools-10.5.15-150300.3.15.1 updated

More information about the sle-security-updates mailing list