Overview

File _patchinfo of Package patchinfo.40468

<patchinfo incident="40468">
  <issue tracker="cve" id="2023-52970"/>
  <issue tracker="cve" id="2023-52969"/>
  <issue tracker="cve" id="2025-21490"/>
  <issue tracker="cve" id="2025-30693"/>
  <issue tracker="cve" id="2025-30722"/>
  <issue tracker="bnc" id="1239151">VUL-0: CVE-2023-52970: mariadb: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref:derived_field_transformer_for_where.</issue>
  <issue tracker="bnc" id="1239150">VUL-0: CVE-2023-52969: mariadb: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2</issue>
  <issue tracker="bnc" id="1243356">VUL-0: CVE-2025-21490: mariadb, mariadb-100: high privileged attacker with network access can  cause a hang or frequently repeatable crash of MySQL Server</issue>
  <issue tracker="bnc" id="1249212">VUL-0: CVE-2025-30722: mariadb: mysql: mysqldump issue allows low privileged attacker with network access to compromise MySQL Client and gain unauthorized update, insert or delete access to data</issue>
  <issue tracker="bnc" id="1249213">VUL-0: CVE-2025-30693: mariadb: mysql: mysql: InnoDB issue allows high privileged attacker with network access to compromise MySQL Server to gain unauthorized update, insert or delete access to data and cause repeatable crash</issue>
  <packager>ateixeira</packager>
  <rating>moderate</rating>
  <category>security</category>
  <message>Updating mariadb might impact the database service. Do you want to proceed with the update?</message>
  <summary>Security update for mariadb</summary>
  <description>This update for mariadb fixes the following issues:

Update to version 10.6.23.

Security issues fixed:

- CVE-2025-21490: InnoDB issue allows high privileged attacker with network access to cause a hang or frequently
  repeatable crash of MySQL Server (bsc#1243356).
- CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert
  or delete access to data and cause repeatable crash in MySQL server (bsc#1249213).
- CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update,
  insert or delete access to data in MySQL Client (bsc#1249212).
- CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150).
- CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table
  (bsc#1239151).

Release notes and changelog:
  
- https://mariadb.com/docs/release-notes/community-server/mariadb-10-6-series/mariadb-10.6.23-release-notes
- https://mariadb.com/docs/release-notes/community-server/changelogs/changelogs-mariadb-106-series/mariadb-10.6.23-changelog
- https://mariadb.com/kb/en/mariadb-10-6-22-release-notes/
- https://mariadb.com/kb/en/mariadb-10-6-22-changelog/
- https://mariadb.com/kb/en/mariadb-10-6-21-release-notes/
- https://mariadb.com/kb/en/mariadb-10-6-21-changelog/
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places