Security update for mariadb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:2837-1 Final 1 1 2021-08-25T10:32:30Z current 2021-08-25T10:32:30Z 2021-08-25T10:32:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: Update to version 10.2.40 (bsc#1189320): - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 In additon the follwing was changed: - Increase NOFILE limit on service configuration (bsc#1180014) The default 'NOFILE' setting on mariadb service configuration is to low and may cause instability on higher loads. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-2837 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5E3JTT3QDMGM72JNHXWIG4BR4EZU4HJT/ E-Mail link for openSUSE-SU-2021:2837-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180014 SUSE Bug 1180014 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://www.suse.com/security/cve/CVE-2021-2372/ SUSE CVE CVE-2021-2372 page https://www.suse.com/security/cve/CVE-2021-2389/ SUSE CVE CVE-2021-2389 page openSUSE Leap 15.3 mariadb-galera-10.4.21-3.14.1 mariadb-galera-10.4.21-3.14.1 as a component of openSUSE Leap 15.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2372 openSUSE Leap 15.3:mariadb-galera-10.4.21-3.14.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5E3JTT3QDMGM72JNHXWIG4BR4EZU4HJT/ https://www.suse.com/security/cve/CVE-2021-2372.html CVE-2021-2372 https://bugzilla.suse.com/1188549 SUSE Bug 1188549 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://bugzilla.suse.com/1199955 SUSE Bug 1199955 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2389 openSUSE Leap 15.3:mariadb-galera-10.4.21-3.14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5E3JTT3QDMGM72JNHXWIG4BR4EZU4HJT/ https://www.suse.com/security/cve/CVE-2021-2389.html CVE-2021-2389 https://bugzilla.suse.com/1188549 SUSE Bug 1188549 https://bugzilla.suse.com/1189320 SUSE Bug 1189320 https://bugzilla.suse.com/1199955 SUSE Bug 1199955