SUSE-SU-2025:03276-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03276-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:03276-1
Upstream
Related
Published
2025-09-19T12:17:22Z
Modified
2026-03-23T04:49:56.947330Z
Summary
Security update for mariadb
Details

This update for mariadb fixes the following issues:

Update to version 10.6.23.

Security issues fixed:

  • CVE-2025-21490: InnoDB issue allows high privileged attacker with network access to cause a hang or frequently repeatable crash of MySQL Server (bsc#1243356).
  • CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert or delete access to data and cause repeatable crash in MySQL server (bsc#1249213).
  • CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update, insert or delete access to data in MySQL Client (bsc#1249212).
  • CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150).
  • CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table (bsc#1239151).

Release notes and changelog:

  • https://mariadb.com/docs/release-notes/community-server/mariadb-10-6-series/mariadb-10.6.23-release-notes
  • https://mariadb.com/docs/release-notes/community-server/changelogs/changelogs-mariadb-106-series/mariadb-10.6.23-changelog
  • https://mariadb.com/kb/en/mariadb-10-6-22-release-notes/
  • https://mariadb.com/kb/en/mariadb-10-6-22-changelog/
  • https://mariadb.com/kb/en/mariadb-10-6-21-release-notes/
  • https://mariadb.com/kb/en/mariadb-10-6-21-changelog/
References

Affected packages