[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3444-1] mariadb-10.3 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

From: Otto Kekäläinen <otto@debian.org>
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3444-1] mariadb-10.3 security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3444-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Otto Kekäläinen
June 03, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mariadb-10.3
Version        : 1:10.3.39-0+deb10u1
CVE ID         : CVE-2022-47015
Debian Bug     : 1031773

Latest MariaDB minor maintenance release 10.3.39 included a fix for the
following security vulnerability:

CVE-2022-47015

    Spider storage engine vulnerable to Denial of Service

For Debian 10 buster, this problem has been fixed in version
1:10.3.39-0+deb10u1.

Additionally the backwards incompatible libmariadb API change has
been reverted (Closes: #1031773).

We recommend that you upgrade your mariadb-10.3 packages.

For the detailed security status of mariadb-10.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.3

Note! According to https://mariadb.org/about/#maintenance-policy this
was the last minor maintenance release for MariaDB 10.3 series.


Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmR8Mn0ACgkQvthEn87o
2ogVHw//RhyuyqoTkBYxsgvLlYepDypfKKz4Y2/evmj3Ysw+hLBKc1DQ9sGLvaZs
GlX5f9QXx5eWZfeZdPM2UeEng4BWHcE2TUsdJsApGnxEcZbfh4Nouhqm4ipSnzaD
EOzjNfpnlHKpF7seHw0Nnrw32foBjyB+JWbbRTZ5junUN0ob1bYRE5QDo4Kf8oXS
DccJJgpayGSn0f/vsfFBJznI5CCUGXkuwjgl79TPNdEV8FA6gklqbMsDFGBvefDg
kOaCZD8uISoXT8lbxOHXllue4+G6PLKo4eOe8QlE2F1TKVpSZvhszHg7dpiiGVT4
mO+oS344eFMqjGpUHC1TsiNgs68kDEV3apDL9vs6774TNVQe5HcZnz4UmyI6s2FD
sqmdONvTe/Q+KP50s3ViL6Xk/viOQZNJcQp1OIEJoEdPyMs9wnmYNp09OKd/dhKM
jrjxq6FkvnCdM0JhB/Wj0nLA1XDRWvk4NOaCamp4BjJq2VZjeVl6O/3QSTam5U/v
aZZjith2AJNj13W8keeV304fExBRJG8NbEpG7pbeRHTxsJ1lGGC4TLZghy+yPEyj
F/9BJzVnuCS6gCwrIxMOZb9kPDxdkK3kp+sNj4NRN7pOVDfWqzsSHKJJzmlJlrT+
zgIXSlrOoYy2mrIznFD0JnxH6qtiCXpdjineA33f/Jg+1t649A8=
=cG/2
-----END PGP SIGNATURE-----
Reply to: