A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. Reference: https://jira.mariadb.org/browse/MDEV-25179
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940911] Created mariadb:10.3/mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940912] Created mariadb:10.4/mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940913] Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940914]
External References: https://mariadb.com/kb/en/mariadb-10237-release-notes/ https://mariadb.com/kb/en/mariadb-10328-release-notes/ https://mariadb.com/kb/en/mariadb-10418-release-notes/ https://mariadb.com/kb/en/mariadb-1059-release-notes/
Not verified, but looks like the upstream commit for 10.5.9 is: https://github.com/MariaDB/server/commit/ce3a2a688db556d8d077a409fd9bf5cc013d13dd
Mitigation: Only users that have the SUPER privilege can exploit this flaw. To reduce your exposure, ensure user accounts with the SUPER privilege are protected with strong credentials, only allowed to connect locally and not shared with untrusted parties.
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2021:1039 https://access.redhat.com/errata/RHSA-2021:1039
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-27928
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1241 https://access.redhat.com/errata/RHSA-2021:1241
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1242 https://access.redhat.com/errata/RHSA-2021:1242
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1240 https://access.redhat.com/errata/RHSA-2021:1240
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2040 https://access.redhat.com/errata/RHSA-2021:2040