{"affected":[{"ecosystem_specific":{"binaries":[{"mariadb-galera":"10.5.17-150300.3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP3","name":"mariadb","purl":"pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.5.17-150300.3.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libmariadbd-devel":"10.5.17-150300.3.21.1","libmariadbd19":"10.5.17-150300.3.21.1","mariadb":"10.5.17-150300.3.21.1","mariadb-client":"10.5.17-150300.3.21.1","mariadb-errormessages":"10.5.17-150300.3.21.1","mariadb-tools":"10.5.17-150300.3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP3","name":"mariadb","purl":"pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.5.17-150300.3.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libmariadbd-devel":"10.5.17-150300.3.21.1","libmariadbd19":"10.5.17-150300.3.21.1","mariadb":"10.5.17-150300.3.21.1","mariadb-bench":"10.5.17-150300.3.21.1","mariadb-client":"10.5.17-150300.3.21.1","mariadb-errormessages":"10.5.17-150300.3.21.1","mariadb-rpm-macros":"10.5.17-150300.3.21.1","mariadb-test":"10.5.17-150300.3.21.1","mariadb-tools":"10.5.17-150300.3.21.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"mariadb","purl":"pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.5.17-150300.3.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mariadb fixes the following issues:\n\nUpdate to 10.5.17:\n\n- CVE-2022-32082: Fixed assertion failure at table->get_ref_count() == 0 in dict0dict.cc (bsc#1201162).\n- CVE-2022-32089: Fixed segmentation fault via the component st_select_lex_unit::exclude_level (bsc#1201169).\n- CVE-2022-32081: Fixed use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc (bsc#1201161).\n- CVE-2022-32091: Fixed use-after-poison in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc (bsc#1201170).\n- CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164).\n- CVE-2022-38791: Fixed deadlock in compress_write in extra/mariabackup/ds_compress.cc (bsc#1202863).\n\n- CVE-2022-32088: Fixed segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (bsc#1201168).\n- CVE-2022-32087: Fixed segmentation fault via the component Item_args::walk_args (bsc#1201167).\n- CVE-2022-32086: Fixed segmentation fault via the component Item_field::fix_outer_field (bsc#1201166).\n- CVE-2022-32085: Fixed segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor (bsc#1201165).\n- CVE-2022-32083: Fixed segmentation fault via the component Item_subselect::init_expr_cache_tracker (bsc#1201163).\n\nBugfixes:\n\n- Fixed mysql-systemd-helper being unaware of custom group (bsc#1200105).\n","id":"SUSE-SU-2022:3391-1","modified":"2022-09-26T13:06:16Z","published":"2022-09-26T13:06:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223391-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201161"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201162"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201163"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201164"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201165"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201166"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201167"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201168"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201169"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201170"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202863"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32081"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32082"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32083"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32086"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32087"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32088"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32089"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38791"}],"related":["CVE-2022-32081","CVE-2022-32082","CVE-2022-32083","CVE-2022-32084","CVE-2022-32085","CVE-2022-32086","CVE-2022-32087","CVE-2022-32088","CVE-2022-32089","CVE-2022-32091","CVE-2022-38791"],"summary":"Security update for mariadb","upstream":["CVE-2022-32081","CVE-2022-32082","CVE-2022-32083","CVE-2022-32084","CVE-2022-32085","CVE-2022-32086","CVE-2022-32087","CVE-2022-32088","CVE-2022-32089","CVE-2022-32091","CVE-2022-38791"]}