SOLVED CPANEL-34745 - MariaDB 10.3.26-1 Breaks PHP < 7.2

Operating System & Version
CentOS Linux release 7.8.2003 (Core)
cPanel & WHM Version
v90.0.16

MindServer

Well-Known Member
Mar 18, 2020
176
27
28
Spain
cPanel Access Level
Root Administrator
Hi,

This problem is solved?, we can update MariaDB and WHM/cPanel to last version?.

This is very urgent because we have various cPanel servers and we don't want more problems in client's accounts. Thank you.
 
  • Like
Reactions: Vasiliy80

Vasiliy80

Registered
Nov 6, 2020
4
0
0
Kenya
cPanel Access Level
Website Owner
Hi,

This problem is solved?, we can update MariaDB and WHM/cPanel to last version?.

This is very urgent because we have various cPanel servers and we don't want more problems in client's accounts. Thank you.

hi dear
my forum fixed
in post #34 i wrote № of ticket - support solved my problem.
 

milstanyu

Registered
Nov 9, 2020
2
0
1
Serbia
cPanel Access Level
Root Administrator
Hello,

When I downgraded to 10.3.25, everything was normal again.

Now I followed updated info from here Updating MariaDB to v10.2.35 or v10.3.26, causes MySQL Databases interface to show MySQL as offline. reupdated MariaDB to 10.3.26, applied the patch... And one of my old PHP 5.6 script doesn't work again.

Now, I can't even downgrade. When I run this again:

Code:
# whmapi1 configureservice service=mysql enabled=1 monitored=0
# downgrade MariaDB-server MariaDB-common MariaDB-shared MariaDB-client MariaDB-compat MariaDB-devel
it won't downgrade. I just got the message "Nothing to do" and MariaDB stays 10.3.26.

Best,
Milos
 

cPanelSamA

Moderator
Staff member
Oct 30, 2019
17
6
78
Houston, Texas
cPanel Access Level
Root Administrator
Such autofixer is being run on every nightly update? So, by tomorrow it would be safe to unlock updates for MariaDB on servers with websites running PHP>= 7.3, is this correct?
Hello!

The autofixer should run in the next nightly upcp maintenance cron if it hasn't already. The autofixer was created to resolve the issue regarding the "MySQL Databases" UI being unable to read the user grants properly.

The issue concerning PHP sites populating a 500, is still actively being reported as it's tied with a different UPS case. This has not yet been resolved as we're still working with MariaDB's team. You can find more information on this case and future via through the below article:

After MariaDB update, PHP website has database connection error, 500 error, or white page: MySQL query error: Malformed communication packet

Hopefully, that clarified your concern. Let me know if you have any additional questions.
 

bejbi

Well-Known Member
PartnerNOC
Jan 20, 2006
137
22
168
Poland
cPanel Access Level
DataCenter Provider
I can see the problem is from Thursday ... Now we have Monday.

Problem is not solved yet !

Many of customers will go out of our hosting, becouse PrestaShop is not working with php 7.3 but on <7.3 is not working after MadiaDB upgrade

How long will it takes ! My priority support is completely unhelpfull ?

What should I do ?
 

wintech2003

Well-Known Member
PartnerNOC
Sep 15, 2010
69
19
58
Greece
cPanel Access Level
DataCenter Provider
And now this: [MDEV-23569] temporary tables can overwrite existing files - Jira

Code:
Vulnerability Description:
--------------------------

MariaDB is vulnerable to an arbitrary file delete vulnerability that allows unprivileged users the ability to corrupt and/or delete files owned by the 'mysql' user including other user databases.

This vulnerability is allowed to happen due to the use of insecure temporary files related to the MyISAM/Aria operations.

In our testing, most hosting control panels that use MariaDB are vulnerable to this exploit. It is incredibly easy to exploit and users are highly recommended to update as soon as possible.
So keeping servers downgraded is now a vulnerability.
 
  • Like
Reactions: Kent Brockman

MindServer

Well-Known Member
Mar 18, 2020
176
27
28
Spain
cPanel Access Level
Root Administrator
Hello!

The autofixer should run in the next nightly upcp maintenance cron if it hasn't already. The autofixer was created to resolve the issue regarding the "MySQL Databases" UI being unable to read the user grants properly.

The issue concerning PHP sites populating a 500, is still actively being reported as it's tied with a different UPS case. This has not yet been resolved as we're still working with MariaDB's team. You can find more information on this case and future via through the below article:

After MariaDB update, PHP website has database connection error, 500 error, or white page: MySQL query error: Malformed communication packet

Hopefully, that clarified your concern. Let me know if you have any additional questions.
Hi,

-Thank you, but I not understanded correctly: we can update to MariaDB 10.3.26?. Or still have this but / another bug?.
-How can I force cPanel update now without wait until tonight?.

This is very urgent because Maria DB 10.3.25 have a very serious vulnerability. Thank you very much.
 

MindServer

Well-Known Member
Mar 18, 2020
176
27
28
Spain
cPanel Access Level
Root Administrator
The problem not is solved. I updated CloudLinux and WHM/cPanel, but again have the same error: img

I need execute manually the fix or what I should do?. This is very urgent, we waited many time and have the same problem.

I outdated again to 10.3.25 for can use databases :(
 
Last edited:

wintech2003

Well-Known Member
PartnerNOC
Sep 15, 2010
69
19
58
Greece
cPanel Access Level
DataCenter Provider
The problem not is solved. I updated CloudLinux and WHM/cPanel, but again have the same error: img

I need execute manually the fix or what I should do?. This is very urgent, we waited many time and have the same problem.

I outdated again to 10.3.25 for can use databases :(
This is a temporary fix to upgrade to 10.3.27, until MariaDB pushes 10.3.27 into the 10.3 repo. Use at your own risk.

Open file /etc/yum.repos.d/MariaDB103.repo with an editor and change:
Code:
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
to
Code:
baseurl = http://yum.mariadb.org/10.3.27/centos7-amd64
in order to force yum to update from the v10.3.27 path.

Then run yum upgrade to upgrade to 10.3.27
This version fixes both the issue with PHP < 7.2 scripts, as well as the vulnerability reported by Rack911.

In some servers I still had to run /scripts/autorepair fix_mariadb_show_grants_roles to fix the MySQL UI error.

Finally restart MySQL with /scripts/restartsrv_mysql
 
  • Like
Reactions: Steini Petur

Steini Petur

Well-Known Member
Apr 24, 2016
45
10
8
Iceland
cPanel Access Level
Root Administrator
I've been following this thread and I am scared on page 2, im staying right where I am in 10.3.25 until this is much more solid.

I am not running any alteration scripts that fix this and that but not this because this is an issue from them.

We're running a company and we have multiple nodes and we can't have any screw ups so I will follow this thread until cpanel issues a real patch to the problem, not a quick hotfix autoscript for just the interface.

I am very much fine at 10.3.25, works wonders all around.
 
  • Like
Reactions: cPRex

Lagarto

Registered
Nov 4, 2020
2
1
1
Canada
cPanel Access Level
Root Administrator
The problem has been solved, I have not downgraded MariaDB, I have always kept the version 10.3.26-MariaDB, I have waited for the autofixer.
I use CLOUDLINUX 7.9 and cPanel v90.0.16
The problem has been solved automatically with the autofixer.
Thank you @cPanelSamA
 
  • Like
Reactions: cPanelSamA