A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
10.11 is the LTS version for five years. As you see 10.11 has patch version 7.
11.3.2 is the latest release for one year
Upgrade Mariadb
Mariadb 11.2.2
I will upgrade to 11.3 in a few months. MariaDB has not put out a document stating issues with 11.2 should have you update to 11.3. I am waiting for the next LTS version to try.
The latest MariaDB LTS version
Important news: MariaDB 10.11, which just was declared RC, is a long-term maintenance version. The industry standard term to refer to that concept is LTS (as in long-term support), and we too use this term for the releases that get a significantly longer lifetime of bug fixes.
We are announcing MariaDB 10.11 as LTS for a number of reasons:
Firstly, the purpose of an LTS is to reassure users – and, in particular, Linux distros – that a certain version will receive regular updates long-term, for the lifetime of their product. That means a much longer lifetime than the one-year time period of, say, MariaDB 10.10. As you can see from the maintenance policy on https://mariadb.org/about/#maintenance-policy, MariaDB 10.6 is the latest previously announced LTS, and it is supported from 2021-07-06 to 2026-07-06. Today’s LTS announcement means that we’ve updated the maintenance policy accordingly for MariaDB 10.11, and will enter the exact dates upon GA.
Installation of Mariadb
echo "deb [arch=amd64,arm64,ppc64el signed-by=/usr/share/keyrings/mariadb.gpg] http://mirror.mariadb.org/repo/11.1/ubuntu/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mariadb.listCopy the /etc/apache2/ssl to /etc/mysql/ssl
cd/etc/mysql/mariadb.conf.d/50-server.cnf
ssl-ca=/etc/mysql/ssl/gd_bundle-g2-g1.crt
ssl-ca-path=/etc/mysql/ssl
ssl-cert=/etc/mysql/ssl/xxxxxxxxxxx.pem
ssl-key=/etc/mysql/ssl/xxxx.key
## Set up TLS version here. For example TLS version 1.2 and 1.3 ##
tls_version = TLSv1.2,TLSv1.3
Downloads Setting up MariaDB Repositories
It will update the databases for you.
sudo mysql_upgrade -u root -p to verify it is updated. It will install the repositories for future dist-upgrades.
/etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
general_log_file = /var/log/mysql/mysql.log
log_error = /var/log/mysql/error.log
log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M binlog_format = mixed
expire_logs_days = 10
tmp_table_size=64M
max_heap_table_size=64M
query_cache_size=64M
[mariadb]
plugin_load_add = feedback
feedback=on
innodb_temp_data_file_path=ibtmp1:32M;ibtmp2:32M:autoextend
sudo apt update
sudo apt list –upgradable -a
sudo apt dist-upgrade
sudo reboot
You start by stopping mariadb and removing it.
sudo systemctl stop mariadb
sudo apt remove mariadb-server
Next you setup the new repository
sudo apt-get install software-properties-common dirmngr apt-transport-https
sudo apt-key adv –fetch-keys ‘https://mariadb.org/mariadb_release_signing_key.asc‘
sudo add-apt-repository ‘deb [arch=amd64,arm64,ppc64el,s390x] https://mirror.jaleco.com/mariadb/repo/10.11/ubuntu focal main’
echo "deb [arch=amd64,arm64,ppc64el signed-by=/usr/share/keyrings/mariadb.gpg] http://mirror.mariadb.org/repo/11.2/ubuntu/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mariadb.listsudo apt update
sudo apt install mariadb-server
Then I run the upgrade commands again to get any patches
sudo apt update
sudo apt list –upgradable -a
sudo apt dist-upgrade