Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03276-1 Final 1 1 2025-09-19T12:17:22Z current 2025-09-19T12:17:22Z 2025-09-19T12:17:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: Update to version 10.6.23. Security issues fixed: - CVE-2025-21490: InnoDB issue allows high privileged attacker with network access to cause a hang or frequently repeatable crash of MySQL Server (bsc#1243356). - CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert or delete access to data and cause repeatable crash in MySQL server (bsc#1249213). - CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update, insert or delete access to data in MySQL Client (bsc#1249212). - CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150). - CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table (bsc#1239151). Release notes and changelog: - https://mariadb.com/docs/release-notes/community-server/mariadb-10-6-series/mariadb-10.6.23-release-notes - https://mariadb.com/docs/release-notes/community-server/changelogs/changelogs-mariadb-106-series/mariadb-10.6.23-changelog - https://mariadb.com/kb/en/mariadb-10-6-22-release-notes/ - https://mariadb.com/kb/en/mariadb-10-6-22-changelog/ - https://mariadb.com/kb/en/mariadb-10-6-21-release-notes/ - https://mariadb.com/kb/en/mariadb-10-6-21-changelog/ The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3276,SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2025-3276,SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2025-3276 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/ Link for SUSE-SU-2025:03276-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041781.html E-Mail link for SUSE-SU-2025:03276-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239150 SUSE Bug 1239150 https://bugzilla.suse.com/1239151 SUSE Bug 1239151 https://bugzilla.suse.com/1243356 SUSE Bug 1243356 https://bugzilla.suse.com/1249212 SUSE Bug 1249212 https://bugzilla.suse.com/1249213 SUSE Bug 1249213 https://www.suse.com/security/cve/CVE-2023-52969/ SUSE CVE CVE-2023-52969 page https://www.suse.com/security/cve/CVE-2023-52970/ SUSE CVE CVE-2023-52970 page https://www.suse.com/security/cve/CVE-2025-21490/ SUSE CVE CVE-2025-21490 page https://www.suse.com/security/cve/CVE-2025-30693/ SUSE CVE CVE-2025-30693 page https://www.suse.com/security/cve/CVE-2025-30722/ SUSE CVE CVE-2025-30722 page libmariadbd-devel-10.6.23-150400.3.40.1 libmariadbd19-10.6.23-150400.3.40.1 mariadb-10.6.23-150400.3.40.1 mariadb-bench-10.6.23-150400.3.40.1 mariadb-client-10.6.23-150400.3.40.1 mariadb-errormessages-10.6.23-150400.3.40.1 mariadb-galera-10.6.23-150400.3.40.1 mariadb-rpm-macros-10.6.23-150400.3.40.1 mariadb-test-10.6.23-150400.3.40.1 mariadb-tools-10.6.23-150400.3.40.1 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. CVE-2023-52969 moderate 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/ https://www.suse.com/security/cve/CVE-2023-52969.html CVE-2023-52969 https://bugzilla.suse.com/1239150 SUSE Bug 1239150 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. CVE-2023-52970 moderate 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/ https://www.suse.com/security/cve/CVE-2023-52970.html CVE-2023-52970 https://bugzilla.suse.com/1239151 SUSE Bug 1239151 unknown CVE-2025-21490 moderate 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/ https://www.suse.com/security/cve/CVE-2025-21490.html CVE-2025-21490 https://bugzilla.suse.com/1243355 SUSE Bug 1243355 unknown CVE-2025-30693 moderate 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/ https://www.suse.com/security/cve/CVE-2025-30693.html CVE-2025-30693 https://bugzilla.suse.com/1249213 SUSE Bug 1249213 unknown CVE-2025-30722 moderate 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/ https://www.suse.com/security/cve/CVE-2025-30722.html CVE-2025-30722 https://bugzilla.suse.com/1249212 SUSE Bug 1249212