MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb , galera . Security Fix: * mysql: Server: DML unspecified vulnerability * mysql: Server: DML unspecified vulnerability * mysql: InnoDB unspecified vulnerability * mysql: InnoDB unspecified vulnerability * mysql: InnoDB unspecified vulnerability * mariadb: Integer overflow in sql_lex.cc integer leading to crash * mariadb: Crash in get_sort_by_table in subquery with ORDER BY having outer ref * mariadb: save_window_function_values triggers an abort during IN subquery * mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries * mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause * mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade * MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" * Crash: WSREP: invalid state ROLLED_BACK * Galera doesn"t work without "procps-ng" package MariaDB-10.3