Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2478-1 Final 1 1 2023-06-09T10:44:21Z current 2023-06-09T10:44:21Z 2023-06-09T10:44:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: Updated to version 10.5.20: - CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-2478,SUSE-SLE-Product-RT-15-SP3-2023-2478,SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-2478 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232478-1/ Link for SUSE-SU-2023:2478-1 https://lists.suse.com/pipermail/sle-security-updates/2023-June/015132.html E-Mail link for SUSE-SU-2023:2478-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1207404 SUSE Bug 1207404 https://www.suse.com/security/cve/CVE-2022-47015/ SUSE CVE CVE-2022-47015 page SUSE Linux Enterprise Real Time 15 SP3 libmariadbd-devel-10.5.20-150300.3.28.1 libmariadbd19-10.5.20-150300.3.28.1 mariadb-10.5.20-150300.3.28.1 mariadb-bench-10.5.20-150300.3.28.1 mariadb-client-10.5.20-150300.3.28.1 mariadb-errormessages-10.5.20-150300.3.28.1 mariadb-galera-10.5.20-150300.3.28.1 mariadb-rpm-macros-10.5.20-150300.3.28.1 mariadb-test-10.5.20-150300.3.28.1 mariadb-tools-10.5.20-150300.3.28.1 libmariadbd-devel-10.5.20-150300.3.28.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 libmariadbd19-10.5.20-150300.3.28.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 mariadb-10.5.20-150300.3.28.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 mariadb-client-10.5.20-150300.3.28.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 mariadb-errormessages-10.5.20-150300.3.28.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 mariadb-tools-10.5.20-150300.3.28.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. CVE-2022-47015 SUSE Linux Enterprise Real Time 15 SP3:libmariadbd-devel-10.5.20-150300.3.28.1 SUSE Linux Enterprise Real Time 15 SP3:libmariadbd19-10.5.20-150300.3.28.1 SUSE Linux Enterprise Real Time 15 SP3:mariadb-10.5.20-150300.3.28.1 SUSE Linux Enterprise Real Time 15 SP3:mariadb-client-10.5.20-150300.3.28.1 SUSE Linux Enterprise Real Time 15 SP3:mariadb-errormessages-10.5.20-150300.3.28.1 SUSE Linux Enterprise Real Time 15 SP3:mariadb-tools-10.5.20-150300.3.28.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232478-1/ https://www.suse.com/security/cve/CVE-2022-47015.html CVE-2022-47015 https://bugzilla.suse.com/1207404 SUSE Bug 1207404