{"id":"ALSA-2020:5500","summary":"Important: mariadb:10.3 security, bug fix, and enhancement update","details":"MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899082, BZ#1899086)\n\nSecurity Fix(es):\n\n* mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)\n\n* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)\n\n* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899009)\n\n* Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899017)\n\n* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899021)\n\n* There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899077)","modified":"2026-01-30T01:20:51.597995Z","published":"2020-12-15T16:03:43Z","related":["CVE-2019-2938","CVE-2019-2974","CVE-2020-13249","CVE-2020-14765","CVE-2020-14776","CVE-2020-14789","CVE-2020-14812","CVE-2020-15180","CVE-2020-2574","CVE-2020-2752","CVE-2020-2760","CVE-2020-2780","CVE-2020-2812","CVE-2020-2814"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2020-5500.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-2938"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-2974"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-13249"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-14765"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-14776"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-14789"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-14812"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-15180"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-2574"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-2752"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-2760"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-2780"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-2812"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-2814"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-2022"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-2144"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-2194"}],"affected":[{"package":{"name":"Judy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/Judy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.5-18.module_el8.6.0+2867+72759d2f"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:5500.json"}},{"package":{"name":"Judy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/Judy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.5-18.module_el8.5.0+2632+14ced695"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:5500.json"}},{"package":{"name":"Judy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/Judy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.5-18.module_el8.6.0+2761+593e5e59"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:5500.json"}}],"schema_version":"1.7.3"}