Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1894934
Summary: | CVE-2020-15180 mariadb:10.3/mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael Kaplan <mkaplan> |
Component: | mariadb | Assignee: | Michal Schorm <mschorm> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 33 | CC: | damien.ciabrini, hhorak, ljavorsk, mbayer, mkocka, mmuzila, mschorm, SpikeFedora |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | mariadb-10.3-3120201106115457.f636be4b mariadb-10.3-3320201112123416.601d93de mariadb-10.3-3220201112123416.43bbeeef | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-11 01:34:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Kaplan
2020-11-05 13:08:51 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=high # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1894919,1894934 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Fixed in following updates: Rawhide: https://bodhi.fedoraproject.org/updates/FEDORA-2020-29ab989831 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0720774cf8 Base Fedora: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ac2d47d89a https://bodhi.fedoraproject.org/updates/FEDORA-2020-b995eb2973 https://bodhi.fedoraproject.org/updates/FEDORA-2020-561eed63ef Modular: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-d677da1343 https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-caa1c227f9 https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-85cbd3b4c6 https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-9a0c4877b1 FEDORA-MODULAR-2020-5558389b7d has been submitted as an update to Fedora 33 Modular. https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-5558389b7d FEDORA-MODULAR-2020-9cf4f26331 has been submitted as an update to Fedora 32 Modular. https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-9cf4f26331 FEDORA-MODULAR-2020-5558389b7d has been pushed to the Fedora 33 Modular testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-5558389b7d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-MODULAR-2020-f9ee27a67b has been pushed to the Fedora 31 Modular testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-f9ee27a67b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-MODULAR-2020-9cf4f26331 has been pushed to the Fedora 32 Modular testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-9cf4f26331 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-MODULAR-2020-f9ee27a67b has been pushed to the Fedora 31 Modular stable repository. If problem still persists, please make note of it in this bug report. FEDORA-MODULAR-2020-a3dfc2f19b has been pushed to the Fedora 33 Modular testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-a3dfc2f19b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-MODULAR-2020-556cd894f2 has been pushed to the Fedora 32 Modular testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2020-556cd894f2 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-MODULAR-2020-a3dfc2f19b has been pushed to the Fedora 33 Modular stable repository. If problem still persists, please make note of it in this bug report. FEDORA-MODULAR-2020-556cd894f2 has been pushed to the Fedora 32 Modular stable repository. If problem still persists, please make note of it in this bug report. Test comment |