mariadb:10.5 security update
エラータID: AXSA:2025-11081:01
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
Security Fix(es):
* mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
* mariadb: MariaDB Server Crash Due to Empty Backtrace Log (CVE-2023-52969)
* mariadb: MariaDB Server Crash via Item_direct_view_ref (CVE-2023-52970)
* mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-52969
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
CVE-2023-52970
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2025-21490
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30693
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30722
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Modularity name: "mariadb"
Stream name: "10.5"
Update packages.
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
N/A
SRPMS
- asio-1.10.8-7.module+el8+1915+8cf48350.src.rpm
MD5: 5184c91a45298d631da6d51253256216
SHA-256: 1a4bc37d512dc812c3c8517631718e760045735576899a9b7439525b29f82ef9
Size: 0.99 MB - galera-26.4.22-1.module+el8+1915+8cf48350.src.rpm
MD5: c6bbe362293fd2db247b57a71c6647ce
SHA-256: abe63dde7a467508c1e049efe492cf3bb69432c14546691f0edd2069b1a14bd9
Size: 3.58 MB - Judy-1.0.5-18.module+el8+1915+8cf48350.src.rpm
MD5: 551b2f76217b878aa741008455979f60
SHA-256: 326543033fa9f9f57b17b478b6efa5da87c3bb7c26cf54398360c15ef3d9a825
Size: 1.10 MB - mariadb-10.5.29-2.module+el8+1915+8cf48350.src.rpm
MD5: 067caa47d767ea7b5b04783326c02560
SHA-256: b967bf9a677a6e917ef318b4029d905ea498f4751cd0d81629fee9f4416df051
Size: 94.53 MB
Asianux Server 8 for x86_64
- galera-26.4.22-1.module+el8+1915+8cf48350.x86_64.rpm
MD5: 2e0a6c95f9a497e6ec7e67aec3db2f73
SHA-256: a61f89fcf9e9d6360239c8d0c74a0319a9d5687e449dadf1b8870a1801a35788
Size: 1.65 MB - galera-debugsource-26.4.22-1.module+el8+1915+8cf48350.x86_64.rpm
MD5: 4bbf06c3666124cbec055304e29e2a21
SHA-256: 4a590058ebfb8573c0848fb14c50529e1487362808c06c545d1e63959c3a8c01
Size: 705.42 kB - Judy-1.0.5-18.module+el8+1915+8cf48350.x86_64.rpm
MD5: 7573e6f4d057cf49628b2d5f92e6935b
SHA-256: ff5b572c9c771e993e8db2e3809637f1f1347a26d93f8f761853ca87fda971b3
Size: 129.11 kB - Judy-debugsource-1.0.5-18.module+el8+1915+8cf48350.x86_64.rpm
MD5: d3cafe6e9904be43adc4fc99ef43cc6b
SHA-256: 7cc19d32138333d8cb77c36bfd2aa87d9ed971a6054a27c92f64ae6439f26800
Size: 157.63 kB - mariadb-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 32afffd5db008d8a863775d54a4ebf25
SHA-256: 4202ce737af011c6168e2d2c91e1741fd73fd48d4ab9037aa4728b4f451a996c
Size: 6.35 MB - mariadb-backup-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 071e71cf561589c9278bec7d75575d98
SHA-256: f9229e1ac9c3b0c893c7bec3c0b4bc65f5696ad0520f6504785fe7ce9bacc171
Size: 7.10 MB - mariadb-common-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 6830e119e9075bce4bfa153c7a1575fb
SHA-256: b3503d8d57c800fd2feb2da4418c9b8fe3c8cbf1dae443e8075d1a2ec63703e3
Size: 68.01 kB - mariadb-debugsource-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 5f33229128d5155bfdf0d7d2c75068f4
SHA-256: 48d989f26d8f0363a7c6a78d22a253cc564f7e9c1e43c35b2792e6e3789fd2cd
Size: 10.30 MB - mariadb-devel-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 974d2c1b34abe0b151f9e44968e9c901
SHA-256: 4c0029191b9dbc0a253c0dcb3cd5bee126cfe0501546d0fe1c06ff29617c0c28
Size: 1.19 MB - mariadb-embedded-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 915942d132bd2a24e437f8c8516f3871
SHA-256: 7e011a2aaea1a213a3be969522fa28e09fa92087c8f940854d781c203c7e25e1
Size: 5.63 MB - mariadb-embedded-devel-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: d95cf006b45d0e5722551caf6e555a96
SHA-256: b73e9304c403494da86a2c32e8fb1ad778fd8508313d632a9608f8cc46612cc2
Size: 48.63 kB - mariadb-errmsg-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 12746e3b587da33b997144d1d6824c22
SHA-256: 2f3fec003e28c66e78d1d96b5d84bb599559bee927defda0e6aeffb84061babb
Size: 271.87 kB - mariadb-gssapi-server-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: e4b0425a297163df7e4f3d628e1bf73b
SHA-256: d7a12eca2f93fb8dc8d46fbfc37a1b8a40f17015cf4a43bb6581ca38a738f9ef
Size: 55.49 kB - mariadb-oqgraph-engine-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 396e7815e8900b2323391fab05dd64bf
SHA-256: 4c518f475c24f36a534535f8ddabd5d4d33ce655fbbc3f69de30313b19733ce4
Size: 118.44 kB - mariadb-pam-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: b4939a7107dfeed5b7500d349f1b39ac
SHA-256: de1c645a672cd573a62835889150fcd1034df499a248fd75adaf4b3e3fd14a02
Size: 64.71 kB - mariadb-server-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 35a3cb8b598b2a884b52fb566c193db9
SHA-256: 3909d255475f0ccdc9888033d16d55f0686aa3148562f43cefa2ef8e863dc6a6
Size: 18.77 MB - mariadb-server-galera-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: b9185fd17ce1424820db26c52f3c4d7e
SHA-256: 759f3003155ccd136dc7037840a768930f3e840bedb53bfb19d4d19151c426b5
Size: 65.28 kB - mariadb-server-utils-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 321d7d8eed41d6bb6c536730b9c21db8
SHA-256: b6ab98780efaac1c84036be040e13c2bb67ca04a2fb09d76bdf167298e59fcd6
Size: 1.21 MB - mariadb-test-10.5.29-2.module+el8+1915+8cf48350.x86_64.rpm
MD5: 357e5d28f1f20b1c87eb849940d89250
SHA-256: 186fc8df0aed0b780d4f3a348c641c8455e7a98e31e8b789a86aa63559986c40
Size: 31.69 MB