Errata ALT-PU-2022-5783-1: Information
Fixes
Published: March 23, 2022
BDU:2022-01641
Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.2) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Links:
Published: July 1, 2022
BDU:2022-04075
Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: July 1, 2022
BDU:2022-04078
Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: July 1, 2022
BDU:2022-04079
Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации
Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Links:
Published: July 1, 2022
BDU:2022-04082
Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: July 1, 2022
BDU:2022-05553
Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 25, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- [oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)
- [oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)
- https://www.openwall.com/lists/oss-security/2022/03/28/1
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- https://github.com/madler/zlib/issues/605
- DSA-5111
- [debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update
- [debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- https://security.netapp.com/advisory/ntap-20220526-0009/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.netapp.com/advisory/ntap-20220729-0004/
- [debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update
- GLSA-202210-42
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- FEDORA-2022-413a80a102
- FEDORA-2022-dbd2935e44
- FEDORA-2022-12b89e2aad
- FEDORA-2022-61cf1c64f6
- FEDORA-2022-3a92250fd5
- FEDORA-2022-b58a85e167
Published: July 1, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-32081
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 1, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-32082
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 1, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-32084
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 1, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-32089
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 1, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-32091
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 27, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-38791
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links: