mariadb:10.5 security update

エラータID: AXSA:2025-11081:01

リリース日: 
2025/11/11 Tuesday - 21:46
題名: 
mariadb:10.5 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- MariaDB の make_aggr_tables_info() 関数および optimize_stage2()
関数には、リモートの攻撃者により、バックトレースログが空の状況下
において、サービス拒否攻撃 (クラッシュの発生) を可能とする脆弱性
が存在します。(CVE-2023-52969)

- MariaDB の
Item_direct_view_ref::derived_field_transformer_for_where()
メソッドには、リモートの攻撃者により、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2023-52970)

- MySQL の InnoDB コンポーネントには、認証されたリモートの
攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
サービス拒否攻撃 (ハングアップやクラッシュの発生) を可能とする
脆弱性が存在します。(CVE-2025-21490)

- MySQL には、リモートの攻撃者により、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-30693)

- MySQL には、リモートの攻撃者により、情報の漏洩、およびデータ
破壊を可能とする脆弱性が存在します。(CVE-2025-30722)

Modularity name: mariadb
Stream name: 10.5

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-52969
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
CVE-2023-52970
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2025-21490
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30693
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30722
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. asio-1.10.8-7.module+el8+1915+8cf48350.src.rpm
    MD5: 5184c91a45298d631da6d51253256216
    SHA-256: 1a4bc37d512dc812c3c8517631718e760045735576899a9b7439525b29f82ef9
    Size: 0.99 MB
  2. galera-26.4.22-1.module+el8+1915+8cf48350.src.rpm
    MD5: c6bbe362293fd2db247b57a71c6647ce
    SHA-256: abe63dde7a467508c1e049efe492cf3bb69432c14546691f0edd2069b1a14bd9
    Size: 3.58 MB
  3. Judy-1.0.5-18.module+el8+1915+8cf48350.src.rpm
    MD5: 551b2f76217b878aa741008455979f60
    SHA-256: 326543033fa9f9f57b17b478b6efa5da87c3bb7c26cf54398360c15ef3d9a825
    Size: 1.10 MB
  4. mariadb-10.5.29-2.module+el8+1915+8cf48350.src.rpm
    MD5: 067caa47d767ea7b5b04783326c02560
    SHA-256: b967bf9a677a6e917ef318b4029d905ea498f4751cd0d81629fee9f4416df051
    Size: 94.53 MB

Asianux Server 8 for x86_64
  1. galera-26.4.22-1.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 2e0a6c95f9a497e6ec7e67aec3db2f73
    SHA-256: a61f89fcf9e9d6360239c8d0c74a0319a9d5687e449dadf1b8870a1801a35788
    Size: 1.65 MB
  2. galera-debugsource-26.4.22-1.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 4bbf06c3666124cbec055304e29e2a21
    SHA-256: 4a590058ebfb8573c0848fb14c50529e1487362808c06c545d1e63959c3a8c01
    Size: 705.42 kB
  3. Judy-1.0.5-18.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 7573e6f4d057cf49628b2d5f92e6935b
    SHA-256: ff5b572c9c771e993e8db2e3809637f1f1347a26d93f8f761853ca87fda971b3
    Size: 129.11 kB
  4. Judy-debugsource-1.0.5-18.module+el8+1915+8cf48350.x86_64.rpm
    MD5: d3cafe6e9904be43adc4fc99ef43cc6b
    SHA-256: 7cc19d32138333d8cb77c36bfd2aa87d9ed971a6054a27c92f64ae6439f26800
    Size: 157.63 kB
  5. mariadb-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 32afffd5db008d8a863775d54a4ebf25
    SHA-256: 4202ce737af011c6168e2d2c91e1741fd73fd48d4ab9037aa4728b4f451a996c
    Size: 6.35 MB
  6. mariadb-backup-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 071e71cf561589c9278bec7d75575d98
    SHA-256: f9229e1ac9c3b0c893c7bec3c0b4bc65f5696ad0520f6504785fe7ce9bacc171
    Size: 7.10 MB
  7. mariadb-common-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 6830e119e9075bce4bfa153c7a1575fb
    SHA-256: b3503d8d57c800fd2feb2da4418c9b8fe3c8cbf1dae443e8075d1a2ec63703e3
    Size: 68.01 kB
  8. mariadb-debugsource-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 5f33229128d5155bfdf0d7d2c75068f4
    SHA-256: 48d989f26d8f0363a7c6a78d22a253cc564f7e9c1e43c35b2792e6e3789fd2cd
    Size: 10.30 MB
  9. mariadb-devel-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 974d2c1b34abe0b151f9e44968e9c901
    SHA-256: 4c0029191b9dbc0a253c0dcb3cd5bee126cfe0501546d0fe1c06ff29617c0c28
    Size: 1.19 MB
  10. mariadb-embedded-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 915942d132bd2a24e437f8c8516f3871
    SHA-256: 7e011a2aaea1a213a3be969522fa28e09fa92087c8f940854d781c203c7e25e1
    Size: 5.63 MB
  11. mariadb-embedded-devel-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: d95cf006b45d0e5722551caf6e555a96
    SHA-256: b73e9304c403494da86a2c32e8fb1ad778fd8508313d632a9608f8cc46612cc2
    Size: 48.63 kB
  12. mariadb-errmsg-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 12746e3b587da33b997144d1d6824c22
    SHA-256: 2f3fec003e28c66e78d1d96b5d84bb599559bee927defda0e6aeffb84061babb
    Size: 271.87 kB
  13. mariadb-gssapi-server-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: e4b0425a297163df7e4f3d628e1bf73b
    SHA-256: d7a12eca2f93fb8dc8d46fbfc37a1b8a40f17015cf4a43bb6581ca38a738f9ef
    Size: 55.49 kB
  14. mariadb-oqgraph-engine-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 396e7815e8900b2323391fab05dd64bf
    SHA-256: 4c518f475c24f36a534535f8ddabd5d4d33ce655fbbc3f69de30313b19733ce4
    Size: 118.44 kB
  15. mariadb-pam-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: b4939a7107dfeed5b7500d349f1b39ac
    SHA-256: de1c645a672cd573a62835889150fcd1034df499a248fd75adaf4b3e3fd14a02
    Size: 64.71 kB
  16. mariadb-server-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 35a3cb8b598b2a884b52fb566c193db9
    SHA-256: 3909d255475f0ccdc9888033d16d55f0686aa3148562f43cefa2ef8e863dc6a6
    Size: 18.77 MB
  17. mariadb-server-galera-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: b9185fd17ce1424820db26c52f3c4d7e
    SHA-256: 759f3003155ccd136dc7037840a768930f3e840bedb53bfb19d4d19151c426b5
    Size: 65.28 kB
  18. mariadb-server-utils-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 321d7d8eed41d6bb6c536730b9c21db8
    SHA-256: b6ab98780efaac1c84036be040e13c2bb67ca04a2fb09d76bdf167298e59fcd6
    Size: 1.21 MB
  19. mariadb-test-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
    MD5: 357e5d28f1f20b1c87eb849940d89250
    SHA-256: 186fc8df0aed0b780d4f3a348c641c8455e7a98e31e8b789a86aa63559986c40
    Size: 31.69 MB