galera and mariadb security update

エラータID: AXSA:2025-11069:01

Release date: 
Tuesday, November 11, 2025 - 16:49
Subject: 
galera and mariadb security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Galera is a fast synchronous multimaster wsrep provider (replication engine) for transactional databases and similar applications. For more information about wsrep API see repository. For a description of Galera replication engine see web.

Security Fix(es):

* mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
* mariadb: MariaDB Server Crash Due to Empty Backtrace Log (CVE-2023-52969)
* mariadb: MariaDB Server Crash via Item_direct_view_ref (CVE-2023-52970)
* mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-52969
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
CVE-2023-52970
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2025-21490
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30693
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30722
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2023-52969
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
CVE-2023-52970
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2025-21490
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30693
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30722
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. galera-26.4.22-1.el9_6.src.rpm
    MD5: 608c93a6023d859511d118b5a4910d4c
    SHA-256: 3f7802493b3e1aa22fa2aa8c2f22683d0e0060f839bf21c21eeccc79304e66ef
    Size: 3.57 MB
  2. mariadb-10.5.29-2.el9_6.src.rpm
    MD5: b1294607555a31c4629e378c05a85142
    SHA-256: ef70325481e43d6c5832111456aba7b8433e146c3f7426e01c6350606968faa2
    Size: 94.49 MB

Asianux Server 9 for x86_64
  1. galera-26.4.22-1.el9_6.x86_64.rpm
    MD5: 377ce02f08a86ace13a5bd147885aad7
    SHA-256: 76a4c70736a03e95dcaf13bc14e62d08e78ce9fae9ea03548896f2a029519a9d
    Size: 1.19 MB
  2. mariadb-10.5.29-2.el9_6.x86_64.rpm
    MD5: dbc063fe84b52b61eca291ae2bbd5629
    SHA-256: f50d748bd988c6b2f1fca13a30315602d3cdd54399696984d237b6380364a8a2
    Size: 1.61 MB
  3. mariadb-backup-10.5.29-2.el9_6.x86_64.rpm
    MD5: e3245fa77fedb19e8626454eab68a3f6
    SHA-256: aaca5a3dfb83c367bebd5b0237d5067422704064742595054e4b136af10faa07
    Size: 6.49 MB
  4. mariadb-common-10.5.29-2.el9_6.x86_64.rpm
    MD5: aa84d031a228cb4e6f4083e75a0bd3d0
    SHA-256: d450fcc28f5c967e83658dc6f2fdb06033a5a7a0e8b8f71c4c6ab57422ba1fbb
    Size: 33.48 kB
  5. mariadb-devel-10.5.29-2.el9_6.x86_64.rpm
    MD5: 3d87ba85b167a178af24561c3d2ed509
    SHA-256: 6e8cc4538d7950cede09ea79583d506c8ad82703ba940219e4947ca1dfbb427f
    Size: 1.11 MB
  6. mariadb-embedded-10.5.29-2.el9_6.x86_64.rpm
    MD5: e5ec219632a82b97f6f4e9e0d8f74d5e
    SHA-256: 8986c297a1559f99d869d7e1b9656345e86d38b499da46ce273f4928711c2dfe
    Size: 5.41 MB
  7. mariadb-embedded-devel-10.5.29-2.el9_6.x86_64.rpm
    MD5: 7949c311b961522d32bdd74acc3bc5de
    SHA-256: c915d9827df61f6b1b7e0226198d51dfde749dff9d011ca52c4a8e8a038ee010
    Size: 7.58 kB
  8. mariadb-errmsg-10.5.29-2.el9_6.x86_64.rpm
    MD5: 4de7fd202425faed2ec510f19851ba84
    SHA-256: 96dc6af5bb768abe2dbd39cc1f0ea3fa36d8cfdec36db5a6372b34c27e938fbe
    Size: 217.50 kB
  9. mariadb-gssapi-server-10.5.29-2.el9_6.x86_64.rpm
    MD5: 1c1ced41bf5ca90cfa10763362fbd128
    SHA-256: 696f56a4e0f29438c724a1169b3af1a49ee8c848eedf0d3f0240794113bc73d1
    Size: 14.23 kB
  10. mariadb-oqgraph-engine-10.5.29-2.el9_6.x86_64.rpm
    MD5: 79ffd2525e01996ae322f50f4ad60352
    SHA-256: 3765855f8a9883894d82f33574a1cc39c89637a649ba584088c4c3d814e07924
    Size: 80.27 kB
  11. mariadb-pam-10.5.29-2.el9_6.x86_64.rpm
    MD5: 2ac69abd6634fb2bb570d41f54fe0b07
    SHA-256: c3babdfceb3b10f6c52f7ba87a9a605fddccb8139ea07fed36f8594940f0e512
    Size: 23.22 kB
  12. mariadb-server-10.5.29-2.el9_6.x86_64.rpm
    MD5: ce8af389c35c2b6bc3ebac5162e33caf
    SHA-256: 4e6b31a9bcaac2366f203be78c6da168b9b91e6158573685e0378b37c4acf546
    Size: 9.74 MB
  13. mariadb-server-galera-10.5.29-2.el9_6.x86_64.rpm
    MD5: 31e844ae7d3e84e3bbf4dcad7aa3018a
    SHA-256: 3036823fb313c5438b341e4a5b5ed9ca043bef9363cf563d1323451ded2a1103
    Size: 23.50 kB
  14. mariadb-server-utils-10.5.29-2.el9_6.x86_64.rpm
    MD5: 81029a7925710a0a24cdabe75604d10b
    SHA-256: 010f73ea572141481ea915c775c808e7c2363f5428b92ff307ef3a32633fe42f
    Size: 216.12 kB
  15. mariadb-test-10.5.29-2.el9_6.x86_64.rpm
    MD5: 0729e11a108114935ffd90094d05dfcc
    SHA-256: d97e2af2220b30b443f4528aca2a8a1f19859ee3d93ad92baf74e74e43c1ab18
    Size: 33.32 MB