[security - high] mariadb:10.11 security update
エラータID: AXSA:2026-038:01
リリース日:
2026/01/14 Wednesday - 22:07
題名:
[security - high] mariadb:10.11 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
Security Fix(es):
* mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation (CVE-2025-13699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Modularity name: "mariadb"
Stream name: "10.11"
解決策:
Update packages.
CVE:
CVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
追加情報:
N/A
ダウンロード:
SRPMS
- asio-1.10.8-7.module+el8+1940+9d4f961b.src.rpm
MD5: 6c7a3b35c5a896e5966104c7cc761125
SHA-256: 06a597e1bc960e5acb17d13450dc03fd268e10793de290a5251a107a392ca1de
Size: 0.99 MB - galera-26.4.20-1.module+el8+1940+9d4f961b.src.rpm
MD5: 7e44c7a28b8f59640b89c260d97bbbdc
SHA-256: e8cf90ea31386935e1a0e912bf714aa607e675477bb410a248900e6d28b6a24b
Size: 3.58 MB - Judy-1.0.5-18.module+el8+1940+9d4f961b.src.rpm
MD5: b774521b504a2bf1f78f7c16d34f1b33
SHA-256: ebb9d15ef5700bb2f5315f1899eb29d5fe30b900ad317fc76e20934834dd6c29
Size: 1.10 MB - mariadb-10.11.10-2.module+el8+1940+9d4f961b.src.rpm
MD5: 69857cf210f76e8594a8effa7d35cdec
SHA-256: 7ccc0ed8340e98dce1c0574b6fb31357a82cc80127bbad51b61f79766f32d8d8
Size: 99.27 MB
Asianux Server 8 for x86_64
- galera-26.4.20-1.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 548169f6fd45266147075d071b642bad
SHA-256: ba9181ba93adc349df5d901a12ae792a770bcf5b9b3117f31f32ca1de02eab7a
Size: 1.65 MB - galera-debugsource-26.4.20-1.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 648d9c80434e8483a73fec97dae1b4f6
SHA-256: 384d6c8ccb80fbdbb19e9882d8abe835585380f1d5288f6345e2864a9516f92e
Size: 703.85 kB - Judy-1.0.5-18.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 96c2fae7a79f15c28c89f3278709926c
SHA-256: 0fc43dd95ead292fa88bfe2452cdad506e19f2e60e6f9ebb2a22a60a0590b00a
Size: 129.12 kB - Judy-debugsource-1.0.5-18.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 9322fe94ad5ea3e055941a4547a87c74
SHA-256: efe321c4be1994ad39dbecb797e8afc5f05e9cf63e3ef3b6357ba940c3918996
Size: 157.62 kB - mariadb-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: b39eb3529893c08fca86b3533e61d02b
SHA-256: 69949dbb8ebb4d061336073c0da87cf1c0972787ff929d4893a2bc4a623cc2ff
Size: 7.38 MB - mariadb-backup-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 46c2b956354ed0e70983bcb95d30076f
SHA-256: 5571b604bc03260860aa7a21fb9b17b75089f223d06e0bf9ce42a8be0f1a1072
Size: 7.44 MB - mariadb-common-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: a4fe8943dc948963f9e5c344836c8760
SHA-256: f734d5bba27342b33d20aaddd5ac71803ce30e37dd43e79ab8a2d8040fae17ac
Size: 68.30 kB - mariadb-debugsource-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 78d7e7db792b6b0788e935eaf019ef76
SHA-256: 5835817ea3be9535c8d19abe09c2c0129f4bda1de78b482a29cd6b63742405d1
Size: 10.76 MB - mariadb-devel-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 18814e61e0fcabbb3b014eb3c9083fd1
SHA-256: 2296f7d1bc73323d70791b6e0d98284556d3deb056fecbf0085f923ecb81c765
Size: 1.25 MB - mariadb-embedded-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 36a55216082d95b03a62d16d7ad0f569
SHA-256: d9a81d8e9fe0039215b644b26cba57cb2f057dc46e326a249bb92d5bf8d5f297
Size: 5.80 MB - mariadb-embedded-devel-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 379de999f3e13dfce9d76a3551f3997d
SHA-256: 0095391574eafb4175aec4c9ee82cfa6ce1e48364f7ad36d579d4f518b14f34d
Size: 48.92 kB - mariadb-errmsg-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: a2bcc8bac7c5510d07d9778d31513d6d
SHA-256: 31ce617c87615b31d5bf5fc3d6054a930d876b4707e4f9f539932cebff0bad4d
Size: 338.97 kB - mariadb-gssapi-server-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: c24614f291a75fde2d51f93cabb73f26
SHA-256: c2b07685d7907f46d56a3629e29277260bc16263c269a142f1c3e56347749a66
Size: 55.58 kB - mariadb-oqgraph-engine-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 23c22ad24b2e76b7db18515d53db3402
SHA-256: e267ab0706a9cf8fdee409a9ff9bae916bcd99d71aa4b33c0a888cd3c0f028e8
Size: 107.18 kB - mariadb-pam-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 524b66727e60b35fe3f16ea53b3b1ac7
SHA-256: 3abd62a9b3ef1283ff79eaa0806ca7196d3fc8c996a06cf6bde212db8a92d7e6
Size: 65.00 kB - mariadb-server-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 9f7c0d9b33b3c1a5067947c1d7929199
SHA-256: 9c6f53662ff8e0632ad32f0414507f2f8510eb54032e5b1814ff66809df20b7b
Size: 20.59 MB - mariadb-server-galera-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: ea636698a184239e5436e234a323c266
SHA-256: e3067f9ddfd5181303cccee9f35b5081cf99b6d9ca29f1ab62dbccc6585cbb10
Size: 65.57 kB - mariadb-server-utils-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 0f41ce8e544f8fe7d4de9e1d0862bf0e
SHA-256: d28606abe09246dd2f6b2492d7d63b971bed4456c2f926eea7bee3b3c389a29f
Size: 1.43 MB - mariadb-test-10.11.10-2.module+el8+1940+9d4f961b.x86_64.rpm
MD5: 4d69e12dfac7c210282b83b78cdc6bd5
SHA-256: fe4971fd1b8cf71c49fa069649d85b764ed1b8db5debcbbd74b9f6ed2e683429
Size: 33.20 MB