Описание
Security update for mariadb
This update for mariadb fixes the following issues:
Update to version 10.5.29.
Release notes and changelog:
- https://mariadb.com/kb/en/mariadb-10-5-29-release-notes/
- https://mariadb.com/kb/en/mariadb-10-5-29-changelog/
- https://mariadb.com/kb/en/mariadb-10-5-28-release-notes/
- https://mariadb.com/kb/en/mariadb-10-5-28-changelog/
Security issues fixed:
-
Version 10.5.28:
- CVE-2025-21490: InnoDB issue allows high privileged attacker with network access to cause a hang or frequently repeatable crash of MySQL Server (bsc#1243356).
-
Version 10.5.29:
- CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert or delete access to data and cause repeatable crash in MySQL server (bsc#1249213).
- CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update, insert or delete access to data in MySQL Client (bsc#1249212).
- CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150).
- CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table (bsc#1239151).
-
CVE-2025-13699: lack of proper validation of a user-supplied path prior to using it in file operations allows an attacker to execute code in the context of the current user (bsc#1254313).
Список пакетов
SUSE Enterprise Storage 7.1
libmariadbd-devel-10.5.29-150300.3.55.1
libmariadbd19-10.5.29-150300.3.55.1
mariadb-10.5.29-150300.3.55.1
mariadb-client-10.5.29-150300.3.55.1
mariadb-errormessages-10.5.29-150300.3.55.1
mariadb-tools-10.5.29-150300.3.55.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libmariadbd-devel-10.5.29-150300.3.55.1
libmariadbd19-10.5.29-150300.3.55.1
mariadb-10.5.29-150300.3.55.1
mariadb-client-10.5.29-150300.3.55.1
mariadb-errormessages-10.5.29-150300.3.55.1
mariadb-tools-10.5.29-150300.3.55.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libmariadbd-devel-10.5.29-150300.3.55.1
libmariadbd19-10.5.29-150300.3.55.1
mariadb-10.5.29-150300.3.55.1
mariadb-client-10.5.29-150300.3.55.1
mariadb-errormessages-10.5.29-150300.3.55.1
mariadb-tools-10.5.29-150300.3.55.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libmariadbd-devel-10.5.29-150300.3.55.1
libmariadbd19-10.5.29-150300.3.55.1
mariadb-10.5.29-150300.3.55.1
mariadb-client-10.5.29-150300.3.55.1
mariadb-errormessages-10.5.29-150300.3.55.1
mariadb-tools-10.5.29-150300.3.55.1
Ссылки
- Link for SUSE-SU-2025:4491-1
- E-Mail link for SUSE-SU-2025:4491-1
- SUSE Security Ratings
- SUSE Bug 1239150
- SUSE Bug 1239151
- SUSE Bug 1243356
- SUSE Bug 1249212
- SUSE Bug 1249213
- SUSE Bug 1254313
- SUSE CVE CVE-2023-52969 page
- SUSE CVE CVE-2023-52970 page
- SUSE CVE CVE-2025-13699 page
- SUSE CVE CVE-2025-21490 page
- SUSE CVE CVE-2025-30693 page
- SUSE CVE CVE-2025-30722 page
Описание
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
Затронутые продукты
SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:libmariadbd19-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-client-10.5.29-150300.3.55.1
Ссылки
- CVE-2023-52969
- SUSE Bug 1239150
Описание
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
Затронутые продукты
SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:libmariadbd19-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-client-10.5.29-150300.3.55.1
Ссылки
- CVE-2023-52970
- SUSE Bug 1239151
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:libmariadbd19-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-client-10.5.29-150300.3.55.1
Ссылки
- CVE-2025-13699
- SUSE Bug 1254313
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:libmariadbd19-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-client-10.5.29-150300.3.55.1
Ссылки
- CVE-2025-21490
- SUSE Bug 1243355
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:libmariadbd19-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-client-10.5.29-150300.3.55.1
Ссылки
- CVE-2025-30693
- SUSE Bug 1249213
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:libmariadbd19-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-10.5.29-150300.3.55.1
SUSE Enterprise Storage 7.1:mariadb-client-10.5.29-150300.3.55.1
Ссылки
- CVE-2025-30722
- SUSE Bug 1249212