Fixes the following security issues:
- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
Donor then appends it to the "wsrep_sst_" string to get the name of the
sst script to use, e.g. wsrep_sst_rsync. There is no validation or
filtering here, so if the malicious joiner sends, for example, "rsync `rm
-rf /`" the donor will execute that too.
- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: Locking). Supported versions that are affected are
5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.6.49
and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected are 5.7.31 and
prior and 8.0.21 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.7.31
and prior and 8.0.21 and prior. Easily exploitable vulnerability allows
high privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-28912:
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
describes a named pipe privilege vulnerability, specifically for MySQL,
where an unprivileged user, located on the same machine as the server, can
act as man-in-the-middle between server and client.
Additionally, 10.3.27 fixes a regression added in 10.3.26.
Drop weak md5/sha1 checksums.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 163334a707)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
69c1d54fa3