galera and mariadb security update
エラータID: AXSA:2025-11069:01
リリース日:
2025/11/11 Tuesday - 16:49
題名:
galera and mariadb security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- MariaDB の make_aggr_tables_info() 関数および optimize_stage2()
関数には、リモートの攻撃者により、バックトレースログが空の状況下
において、サービス拒否攻撃 (クラッシュの発生) を可能とする脆弱性
が存在します。(CVE-2023-52969)
- MariaDB の
Item_direct_view_ref::derived_field_transformer_for_where()
メソッドには、リモートの攻撃者により、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2023-52970)
- MySQL の InnoDB コンポーネントには、認証されたリモートの
攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
サービス拒否攻撃 (ハングアップやクラッシュの発生) を可能とする
脆弱性が存在します。(CVE-2025-21490)
- MySQL には、リモートの攻撃者により、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-30693)
- MySQL には、リモートの攻撃者により、情報の漏洩、およびデータ
破壊を可能とする脆弱性が存在します。(CVE-2025-30722)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-52969
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
CVE-2023-52970
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2025-21490
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30693
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30722
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- galera-26.4.22-1.el9_6.src.rpm
MD5: 608c93a6023d859511d118b5a4910d4c
SHA-256: 3f7802493b3e1aa22fa2aa8c2f22683d0e0060f839bf21c21eeccc79304e66ef
Size: 3.57 MB - mariadb-10.5.29-2.el9_6.src.rpm
MD5: b1294607555a31c4629e378c05a85142
SHA-256: ef70325481e43d6c5832111456aba7b8433e146c3f7426e01c6350606968faa2
Size: 94.49 MB
Asianux Server 9 for x86_64
- galera-26.4.22-1.el9_6.x86_64.rpm
MD5: 377ce02f08a86ace13a5bd147885aad7
SHA-256: 76a4c70736a03e95dcaf13bc14e62d08e78ce9fae9ea03548896f2a029519a9d
Size: 1.19 MB - mariadb-10.5.29-2.el9_6.x86_64.rpm
MD5: dbc063fe84b52b61eca291ae2bbd5629
SHA-256: f50d748bd988c6b2f1fca13a30315602d3cdd54399696984d237b6380364a8a2
Size: 1.61 MB - mariadb-backup-10.5.29-2.el9_6.x86_64.rpm
MD5: e3245fa77fedb19e8626454eab68a3f6
SHA-256: aaca5a3dfb83c367bebd5b0237d5067422704064742595054e4b136af10faa07
Size: 6.49 MB - mariadb-common-10.5.29-2.el9_6.x86_64.rpm
MD5: aa84d031a228cb4e6f4083e75a0bd3d0
SHA-256: d450fcc28f5c967e83658dc6f2fdb06033a5a7a0e8b8f71c4c6ab57422ba1fbb
Size: 33.48 kB - mariadb-devel-10.5.29-2.el9_6.x86_64.rpm
MD5: 3d87ba85b167a178af24561c3d2ed509
SHA-256: 6e8cc4538d7950cede09ea79583d506c8ad82703ba940219e4947ca1dfbb427f
Size: 1.11 MB - mariadb-embedded-10.5.29-2.el9_6.x86_64.rpm
MD5: e5ec219632a82b97f6f4e9e0d8f74d5e
SHA-256: 8986c297a1559f99d869d7e1b9656345e86d38b499da46ce273f4928711c2dfe
Size: 5.41 MB - mariadb-embedded-devel-10.5.29-2.el9_6.x86_64.rpm
MD5: 7949c311b961522d32bdd74acc3bc5de
SHA-256: c915d9827df61f6b1b7e0226198d51dfde749dff9d011ca52c4a8e8a038ee010
Size: 7.58 kB - mariadb-errmsg-10.5.29-2.el9_6.x86_64.rpm
MD5: 4de7fd202425faed2ec510f19851ba84
SHA-256: 96dc6af5bb768abe2dbd39cc1f0ea3fa36d8cfdec36db5a6372b34c27e938fbe
Size: 217.50 kB - mariadb-gssapi-server-10.5.29-2.el9_6.x86_64.rpm
MD5: 1c1ced41bf5ca90cfa10763362fbd128
SHA-256: 696f56a4e0f29438c724a1169b3af1a49ee8c848eedf0d3f0240794113bc73d1
Size: 14.23 kB - mariadb-oqgraph-engine-10.5.29-2.el9_6.x86_64.rpm
MD5: 79ffd2525e01996ae322f50f4ad60352
SHA-256: 3765855f8a9883894d82f33574a1cc39c89637a649ba584088c4c3d814e07924
Size: 80.27 kB - mariadb-pam-10.5.29-2.el9_6.x86_64.rpm
MD5: 2ac69abd6634fb2bb570d41f54fe0b07
SHA-256: c3babdfceb3b10f6c52f7ba87a9a605fddccb8139ea07fed36f8594940f0e512
Size: 23.22 kB - mariadb-server-10.5.29-2.el9_6.x86_64.rpm
MD5: ce8af389c35c2b6bc3ebac5162e33caf
SHA-256: 4e6b31a9bcaac2366f203be78c6da168b9b91e6158573685e0378b37c4acf546
Size: 9.74 MB - mariadb-server-galera-10.5.29-2.el9_6.x86_64.rpm
MD5: 31e844ae7d3e84e3bbf4dcad7aa3018a
SHA-256: 3036823fb313c5438b341e4a5b5ed9ca043bef9363cf563d1323451ded2a1103
Size: 23.50 kB - mariadb-server-utils-10.5.29-2.el9_6.x86_64.rpm
MD5: 81029a7925710a0a24cdabe75604d10b
SHA-256: 010f73ea572141481ea915c775c808e7c2363f5428b92ff307ef3a32633fe42f
Size: 216.12 kB - mariadb-test-10.5.29-2.el9_6.x86_64.rpm
MD5: 0729e11a108114935ffd90094d05dfcc
SHA-256: d97e2af2220b30b443f4528aca2a8a1f19859ee3d93ad92baf74e74e43c1ab18
Size: 33.32 MB
English