Summary
This security update fixes an escalation of privileges vulnerability in a Linux virtual machine (VM) that's running Microsoft SQL Server 2019 Linux container images. To learn more about the problem, see CVE-2022-23276.
This vulnerability is not present on servers that are running SQL Server 2019 on Linux bare metal or VMs. This vulnerability is exposed only in SQL Server 2019 Linux container images. Therefore, this update is highly recommended for customers who have deployed SQL Server 2019 Linux container images.
The SQL Server components are updated to the following builds in this security update.
|
Component |
Build version |
File version |
|
SQL Server |
15.0.2090.38 |
2019.150.2090.38 |
|
Azure Arc |
1.3.0_2022-01-27 |
Not applicable |
|
Azure SQL Edge |
1.0.5 (15.0.2000.1562) |
Not applicable |
This security update fixes the following issue:
Improvements in this update
This update adds an improvement for capturing memory dump files if Microsoft SQL Server 2019 on Linux stops responding.
How to obtain and install the update
Refer to the information that applies to your product.
To update SQL Server 2019 on Linux to the latest CU, see Configure repositories for installing and upgrading SQL Server on Linux.
To update Azure Arc-enabled SQL Managed Instance to the latest CU, see the "January 2022" section of Release notes - Azure Arc-enabled data services.
To update Azure SQL Edge to the latest CU, see Azure SQL Edge release notes.
Download tags
To download the update, use the following tags, as appropriate.
|
Linux distribution |
Tag |
|---|---|
|
Ubuntu 16.04 |
2019-gdr3-ubuntu-16.04 |
|
RHEL 7.x |
2019-gdr3-rhel-7.9 |
For other distributions, such as RHEL 8.x, SLES 12/15, or Ubuntu 18.04/20.04, go to the following Knowledge Base article to install the update that contains this security fix:
-
5008996 Cumulative Update 15 for SQL Server 2019
More information
For information about how to update containers, see the "Upgrade SQL Server in containers" section in Deploy and connect to SQL Server Docker containers.
Prerequisites
To apply this update, you must have SQL Server 2019 or any SQL Server 2019 GDR release through this SQL Server 2019 GDR installed.
File hash information
|
File name |
SHA256 hash |
|---|---|
|
SQLServer2019-KB4583458-x64.exe |
C87380608D888D52018AD346D0EF27F1DA00986DBF8684323EDA905D35E4180E |
Information about protection and security
Protect yourself online: Windows Security support
Learn how we guard against cyber threats: Microsoft Security
