vulnerability

CentOS Linux: CVE-2021-27928: Important: mariadb:10.3 and mariadb-devel:10.3 security update (CESA-2021:1242)

Try Surface Command
Back to search
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Mar 19, 2021
Added
Apr 20, 2021
Modified
May 25, 2023

Description

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Solutions

centos-upgrade-galeracentos-upgrade-galera-debuginfocentos-upgrade-galera-debugsourcecentos-upgrade-judycentos-upgrade-judy-debuginfocentos-upgrade-judy-debugsourcecentos-upgrade-mariadbcentos-upgrade-mariadb-backupcentos-upgrade-mariadb-backup-debuginfocentos-upgrade-mariadb-commoncentos-upgrade-mariadb-debuginfocentos-upgrade-mariadb-debugsourcecentos-upgrade-mariadb-develcentos-upgrade-mariadb-embeddedcentos-upgrade-mariadb-embedded-debuginfocentos-upgrade-mariadb-embedded-develcentos-upgrade-mariadb-errmsgcentos-upgrade-mariadb-gssapi-servercentos-upgrade-mariadb-gssapi-server-debuginfocentos-upgrade-mariadb-oqgraph-enginecentos-upgrade-mariadb-oqgraph-engine-debuginfocentos-upgrade-mariadb-servercentos-upgrade-mariadb-server-debuginfocentos-upgrade-mariadb-server-galeracentos-upgrade-mariadb-server-utilscentos-upgrade-mariadb-server-utils-debuginfocentos-upgrade-mariadb-testcentos-upgrade-mariadb-test-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today