Overview

File _patchinfo of Package patchinfo.40466

<patchinfo incident="40466">
  <issue tracker="cve" id="2023-52970"/>
  <issue tracker="cve" id="2023-52969"/>
  <issue tracker="cve" id="2025-21490"/>
  <issue tracker="cve" id="2025-30693"/>
  <issue tracker="cve" id="2025-30722"/>
  <issue tracker="cve" id="2025-13699"/>
  <issue tracker="bnc" id="1254313">VUL-0: CVE-2025-13699: mariadb,mariadb-100: MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability</issue>
  <issue tracker="bnc" id="1239151">VUL-0: CVE-2023-52970: mariadb: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref:derived_field_transformer_for_where.</issue>
  <issue tracker="bnc" id="1239150">VUL-0: CVE-2023-52969: mariadb: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2</issue>
  <issue tracker="bnc" id="1243356">VUL-0: CVE-2025-21490: mariadb, mariadb-100: high privileged attacker with network access can  cause a hang or frequently repeatable crash of MySQL Server</issue>
  <issue tracker="bnc" id="1249212">VUL-0: CVE-2025-30722: mariadb: mysql: mysqldump issue allows low privileged attacker with network access to compromise MySQL Client and gain unauthorized update, insert or delete access to data</issue>
  <issue tracker="bnc" id="1249213">VUL-0: CVE-2025-30693: mariadb: mysql: mysql: InnoDB issue allows high privileged attacker with network access to compromise MySQL Server to gain unauthorized update, insert or delete access to data and cause repeatable crash</issue>
  <packager>ateixeira</packager>
  <rating>important</rating>
  <category>security</category>
  <message>Updating mariadb might impact the database service. Do you want to proceed with the update?</message>
  <summary>Security update for mariadb</summary>
  <description>This update for mariadb fixes the following issues:

Update to version 10.5.29.

Release notes and changelog:
  
- https://mariadb.com/kb/en/mariadb-10-5-29-release-notes/
- https://mariadb.com/kb/en/mariadb-10-5-29-changelog/
- https://mariadb.com/kb/en/mariadb-10-5-28-release-notes/
- https://mariadb.com/kb/en/mariadb-10-5-28-changelog/

Security issues fixed:

- Version 10.5.28:
  * CVE-2025-21490: InnoDB issue allows high privileged attacker with network access to cause a hang or frequently
    repeatable crash of MySQL Server (bsc#1243356).

- Version 10.5.29:
  * CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert
    or delete access to data and cause repeatable crash in MySQL server (bsc#1249213).
  * CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update,
    insert or delete access to data in MySQL Client (bsc#1249212).
  * CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150).
  * CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table
    (bsc#1239151).

- CVE-2025-13699: lack of proper validation of a user-supplied path prior to using it in file operations allows an
  attacker to execute code in the context of the current user (bsc#1254313).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places