ELSA-2026-0137

Опубликовано: 07 янв. 2026

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2026-0137: mariadb security update (IMPORTANT)

[3:10.5.29-3]

Release bump for rebuild

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

mariadb-devel

10.5.29-3.el9_7

mariadb-embedded-devel

10.5.29-3.el9_7

mariadb-test

10.5.29-3.el9_7

mariadb

10.5.29-3.el9_7

mariadb-backup

10.5.29-3.el9_7

mariadb-common

10.5.29-3.el9_7

mariadb-embedded

10.5.29-3.el9_7

mariadb-errmsg

10.5.29-3.el9_7

mariadb-gssapi-server

10.5.29-3.el9_7

mariadb-oqgraph-engine

10.5.29-3.el9_7

mariadb-pam

10.5.29-3.el9_7

mariadb-server

10.5.29-3.el9_7

mariadb-server-galera

10.5.29-3.el9_7

mariadb-server-utils

10.5.29-3.el9_7

Oracle Linux x86_64

mariadb

10.5.29-3.el9_7

mariadb-backup

10.5.29-3.el9_7

mariadb-common

10.5.29-3.el9_7

mariadb-embedded

10.5.29-3.el9_7

mariadb-errmsg

10.5.29-3.el9_7

mariadb-gssapi-server

10.5.29-3.el9_7

mariadb-oqgraph-engine

10.5.29-3.el9_7

mariadb-pam

10.5.29-3.el9_7

mariadb-server

10.5.29-3.el9_7

mariadb-server-galera

10.5.29-3.el9_7

mariadb-server-utils

10.5.29-3.el9_7

mariadb-devel

10.5.29-3.el9_7

mariadb-embedded-devel

10.5.29-3.el9_7

mariadb-test

10.5.29-3.el9_7

Связанные CVE

CVE-2025-13699

Ссылки на источники

Связанные уязвимости

CVE-2025-13699

CVSS3: 7

ubuntu

около 1 месяца назад

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.