[security - high] mariadb:10.3 security update
エラータID: AXSA:2026-040:01
Release date:
Thursday, January 15, 2026 - 20:48
Subject:
[security - high] mariadb:10.3 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
Security Fix(es):
* mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation (CVE-2025-13699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Modularity name: "mariadb"
Stream name: "10.3"
Solution:
Update packages.
CVEs:
CVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Additional Info:
N/A
Download:
SRPMS
- asio-1.10.8-7.module+el8+1938+e490a79b.src.rpm
MD5: 5b956bb2054b0a10389573b5aefc0846
SHA-256: 1680ddf0f5be5b149109981f72ee31cda7dd699a018f93486983c85212e6ff90
Size: 0.99 MB - galera-25.3.37-1.module+el8+1938+e490a79b.src.rpm
MD5: 850c9aabf7dfe65725c5dab424483425
SHA-256: 9d7381cc34657e68a7b7631aa84711ad5c6679f2cd93b7a0a8fa84b51718bce8
Size: 3.25 MB - Judy-1.0.5-18.module+el8+1938+e490a79b.src.rpm
MD5: f5ad869c809864a7f173e616402ac54c
SHA-256: e30e70b2ab35951c1f0cf67e2cb8873c5c235300cb7c674ece2768cc105844fc
Size: 1.10 MB - mariadb-10.3.39-2.module+el8+1938+e490a79b.src.rpm
MD5: c8916755773a8274241d0f4ece69c004
SHA-256: f4e13ee99ce3b39a53f48abd1ff734f244ff12e1f36dc23ca573eb9f673f0144
Size: 65.60 MB
Asianux Server 8 for x86_64
- asio-devel-1.10.8-7.module+el8+1938+e490a79b.i686.rpm
MD5: 21127bf7157762321e0a47b8c81dd8b9
SHA-256: deb433c4494fcd477ccb41820010d694601cc8456f365e1240d82ba20d1e475f
Size: 637.44 kB - asio-devel-1.10.8-7.module+el8+1938+e490a79b.x86_64.rpm
MD5: b14170029bb66e60662f5e0fccc59826
SHA-256: 85a438fb05ba694f3b26d666384988fdadef35c7d921b102d5d8896a06ec2c59
Size: 637.48 kB - galera-25.3.37-1.module+el8+1938+e490a79b.x86_64.rpm
MD5: 1018de2e52032740508797852dee3740
SHA-256: 6aa814603041f8ad185f2f6eaa8c1ea08419f52c7e601f99bc0a5799d1fe2bc7
Size: 1.42 MB - galera-debugsource-25.3.37-1.module+el8+1938+e490a79b.x86_64.rpm
MD5: cfb300c61926f01533aea58c4fffee6c
SHA-256: 64a0eb416f742269a938ee1aaf8df108246d593ca080d461676d51a3446a6e0a
Size: 441.83 kB - Judy-1.0.5-18.module+el8+1938+e490a79b.i686.rpm
MD5: 88e9907df9ccc3486694392b7527d83a
SHA-256: fe883db1e10487b0f0652c141df635d27d897c64047928a7a34d53ca21f42560
Size: 92.43 kB - Judy-1.0.5-18.module+el8+1938+e490a79b.x86_64.rpm
MD5: 9752a12a5782a1068838d8152a3d61fb
SHA-256: 7b1d24a2fafb03137e1fdae0aff29ca125df1cfd93a73a6793da9c1222166d91
Size: 129.12 kB - Judy-debugsource-1.0.5-18.module+el8+1938+e490a79b.i686.rpm
MD5: 16b75ff960e72c3bc8c743e91d7f6f29
SHA-256: d5814dc5d0a7576fff6ecae89532fdfd02a1e3111937222f811bfdbaedfbff8a
Size: 157.35 kB - Judy-debugsource-1.0.5-18.module+el8+1938+e490a79b.x86_64.rpm
MD5: 0663938e9f5703febc9954abd602aa4b
SHA-256: 5e1cb80cff16a0f9bb68aae4f0b22fd631fa0e2468e47fe8f82281d599f6b2c2
Size: 157.63 kB - Judy-devel-1.0.5-18.module+el8+1938+e490a79b.i686.rpm
MD5: 9ee1577e4f550ea0228dbea795cd8321
SHA-256: defb6f974d9d2b5421a6bbef1c64d8bd042e9142c8e3022a2c89850545b411f6
Size: 74.65 kB - Judy-devel-1.0.5-18.module+el8+1938+e490a79b.x86_64.rpm
MD5: afe3d641d2be167046294049d879a9c0
SHA-256: 90723019525c131e00a6bae654d888ed27a7c12d163a30a405fb363239e2f72e
Size: 74.65 kB - mariadb-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: b5bc1af9a80fc5d6779288ee84e7c889
SHA-256: 8db96d299bcbde5bbecc393a3cf1bf85d86c2a74c74e5be973e415c9d96fdbc8
Size: 6.02 MB - mariadb-backup-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 285b2a9ba053f82b7a969d250798f0af
SHA-256: 33ebe0e7966b1c46c68d5619f66fa003198534d259019bb60dc376667743f01a
Size: 6.08 MB - mariadb-common-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 6e10894f7ac08b923470ac573439328f
SHA-256: 0a67c172897f3c99920755ff370e339a667585c3362901fb93f3ddc871dd78c3
Size: 63.32 kB - mariadb-debugsource-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 9e022463ac3f6171ff04aedb9e1862e3
SHA-256: 072a3d409d08d736a36e0e5177f26eb93f042a1698efc640dd13d2663d2188f9
Size: 9.17 MB - mariadb-devel-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: eb183c011e398ec30a3d19560b02b114
SHA-256: 07a918168b031742ea9e415d0e87fa883cae2211be9b819a3597b9aec3df209c
Size: 1.06 MB - mariadb-embedded-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 71b49c76fd8a5fd539bbb8469c82142b
SHA-256: 51ef2c1aa8f8d5a8b5b269d48794b5a6f1de50922445bd35de9e0e94e4e13282
Size: 4.98 MB - mariadb-embedded-devel-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: ee3cb0b3f42d44645cd8ec5dffce0e49
SHA-256: 544bb92ae7f3c9c79f4a200cfabbc183bca987a33b8e372e2634e7a52d03169d
Size: 43.88 kB - mariadb-errmsg-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 33fd8107cf9da4d3b05448da0ffe742d
SHA-256: 0b5d75da550ca2d7c6e7445fd22ee74190b6ea8e13b9c201e05829539c3acbc4
Size: 233.82 kB - mariadb-gssapi-server-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: bab42d9529682ae5b6ad5a2cda449ed3
SHA-256: 3f9c4490f08f06dd535ed53afdb31d50f1dec98396c2536265d02d8e0daa3bfc
Size: 50.71 kB - mariadb-oqgraph-engine-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 9b6fbcac97e4be13462f440e0574c03c
SHA-256: af14f573b2a418ed525bca44088e3f550a4eb0993333909781d32593adc84dda
Size: 112.97 kB - mariadb-server-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 4aa4f1f61eb34cb91c6d1833e566ed30
SHA-256: 110c991041f88c2ddfe30714a919c4a31019b26a3b23483613774a0f4c866ea0
Size: 16.43 MB - mariadb-server-galera-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 871fc7cb729b9f8d1188aa542c603a02
SHA-256: 830f25c078f058af17293b782fbd3ae41524391f2e266f6c85114df317533589
Size: 60.49 kB - mariadb-server-utils-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: dabde67d8a588972a57c3cc3726339f1
SHA-256: ebd6442ab8e3891c736438913eca44d14db9bbda0f023fbaeb43ee14181fa4ca
Size: 1.15 MB - mariadb-test-10.3.39-2.module+el8+1938+e490a79b.x86_64.rpm
MD5: 770f515fc54d8102dd1b0170f2df661a
SHA-256: 2a2458f0fa8daf75cda1727f02412dbd1dae7cce8cb748e77deb2d45a6397dba
Size: 36.42 MB