all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
@ 2021-03-19 10:25 Léo Le Bouter via Bug reports for GNU Guix
  2021-03-19 11:15 ` Julien Lepiller
                   ` (4 more replies)
  0 siblings, 5 replies; 17+ messages in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-03-19 10:25 UTC (permalink / raw)
  To: 47257

[-- Attachment #1: Type: text/plain, Size: 1054 bytes --]

CVE-2021-27928	04:15
A remote code execution issue was discovered in MariaDB 10.2 before
10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before
10.5.9; Percona Server through 2021-03-03; and the wsrep patch through
2021-03-03 for MySQL. An untrusted search path leads to eval injection,
in which a database SUPER user can execute OS commands after modifying
wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an
Oracle product.

From https://jira.mariadb.org/browse/MDEV-25179 it looks like 10.5.9
fixes it for us since we package 10.5.8 currently.

However:

$ ./pre-inst-env guix refresh -l mariadb
Building the following 552 packages would ensure 1047 dependent
packages are rebuilt:
[..]

Is it possible to graft mariadb you think? I am thinking this issue
doesnt need updating of the "lib" output which is what's causing the
high number of dependents AIUI. I am not sure we could actually update
individual outputs right now though. Might be a good idea to split the
packages for the future.

Léo

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2021-03-30  8:30 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-19 10:25 bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE) Léo Le Bouter via Bug reports for GNU Guix
2021-03-19 11:15 ` Julien Lepiller
2021-03-19 11:35 ` zimoun
2021-03-25 11:28   ` Léo Le Bouter via Bug reports for GNU Guix
2021-03-29 21:34     ` zimoun
2021-03-30  0:26       ` Léo Le Bouter via Bug reports for GNU Guix
2021-03-30  8:29         ` zimoun
2021-03-19 11:35 ` bug#47257: [PATCH 0/1] gnu: mariadb: Update to 10.5.9 [fixes CVE-2021-27928] Léo Le Bouter via Bug reports for GNU Guix
2021-03-19 11:35   ` bug#47257: [PATCH 1/1] " Léo Le Bouter via Bug reports for GNU Guix
2021-03-20  0:28     ` Mark H Weaver
2021-03-20  0:42       ` Mark H Weaver
2021-03-25 10:58 ` bug#47257: [PATCH v2] gnu: mariadb: Fix CVE-2021-27928 Léo Le Bouter via Bug reports for GNU Guix
2021-03-25 11:06   ` Julien Lepiller
2021-03-25 12:39 ` bug#47257: [PATCH v3] " Léo Le Bouter via Bug reports for GNU Guix
2021-03-25 12:48   ` Léo Le Bouter via Bug reports for GNU Guix
2021-03-26  1:16     ` Mark H Weaver
2021-03-26  1:23       ` Léo Le Bouter via Bug reports for GNU Guix

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.