{"id":"RLSA-2020:5500","summary":"Important: mariadb:10.3 security, bug fix, and enhancement update","details":"MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899082, BZ#1899086)\n\nSecurity Fix(es):\n\n* mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)\n\n* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)\n\n* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899009)\n\n* Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899017)\n\n* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899021)\n\n* There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899077)","modified":"2026-02-04T18:15:10.555527Z","published":"2020-12-15T16:03:43Z","upstream":["CVE-2019-2938","CVE-2019-2974","CVE-2020-13249","CVE-2020-14765","CVE-2020-14776","CVE-2020-14789","CVE-2020-14812","CVE-2020-15180","CVE-2020-2574","CVE-2020-2752","CVE-2020-2760","CVE-2020-2780","CVE-2020-2812","CVE-2020-2814","CVE-2021-2022","CVE-2021-2144","CVE-2021-2194"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2020:5500"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764680"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764691"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798587"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830056"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830059"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830060"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830082"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1835849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1839827"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1890738"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1890743"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1890747"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1890756"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1894919"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899009"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899017"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899021"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899082"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899086"}],"affected":[{"package":{"name":"Judy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/Judy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.5-18.module+el8.4.0+427+adf35707"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:5500.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}