-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2605-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky March 22, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : mariadb-10.1 Version : 10.1.48-0+deb9u2 CVE ID : CVE-2021-27928 A remote code execution issue was discovered in MariaDB. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. For Debian 9 stretch, this problem has been fixed in version 10.1.48-0+deb9u2. We recommend that you upgrade your mariadb-10.1 packages. For the detailed security status of mariadb-10.1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mariadb-10.1 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmBZjKkACgkQ0+Fzg8+n /wai4g/5Af31KHUFQnd+4/73CfoxoLLHCWo59TJA76EVsQwbIHF1N+4uM1pzVXjf VSbzKSfL3PSMHGs5NcBRlT+Aofn3G3lNMEKpEVQoeCH1vPLUuqclUIssTX+biPAJ 4HkmiUhJRSnXVPcTGFmSqGOq4Wb0iDeUBOlX6Zgx6XFh5BFRrD/gZZQp7BUMJ4Xd xBoDiBsutBrPy3zovUEfNYypc5vJQZ/6WGkqxEqVpkP35Tte2z2SGRimRnw3HlDl jP2NvqauY+xf2QKwEE3h/aqwF4RC9NSSlxnBMXW+4MF2+F/7IpKaBk8WXBGdUBVc CMJXvW85QBeqguA1umkCRpL2/lUAiY3F79ywzmZVngO7UV80bSSXEx//9hGeS5pd 6oqI97bICLeJmGmS+B9jJotXDQazYfwxtYSEClPFYsWDVNmyw6TwxGs4TVIyf5cn +g3A80aHVgTIjtYN5wTmB9dmg5daVfGedy7BrosNCreAQfVWkwv5St8ep36rBw3u IoFD4Of1cnlXK8GglC1pze3n/2Fn9pm9R7JioXyJdme6L9C2vap9ocTNMpRFfA4U EIP1l2lb5vBt5S65tCTX6yosFaYjH7nMFWSmHYxv4vuBaZsubhRE5zAMsoPdrOLN 8prsh5O/RXvYb0ZsYQY1eApjTz05nGEw7wtyZqj1dWjQjpsCP9U= =omZt -----END PGP SIGNATURE-----