[SECURITY] [DLA 3891-1] mariadb-10.5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3891-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Otto Kekäläinen
September 18, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : mariadb-10.5
Version : 1:10.5.26-0+deb11u2
CVE ID : CVE-2024-21096
Debian Bug : 1069189 1015293
A vulnerability was discovered in MariaDB, a SQL database server
compatible with MySQL. An attacker could generate a malicious dump
file which could execute shell commands from the MariaDB client.
The fix may cause a compatibility issue with older MariaDB and MySQL
clients, with existing workarounds, as detailed at:
https://mariadb.org/mariadb-dump-file-compatibility-change/
This updates also includes bugfixes through the 10.5 maintenance
branch, as detailed at:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/
https://mariadb.com/kb/en/mariadb-10-5-25-release-notes/
https://mariadb.com/kb/en/mariadb-10-5-26-release-notes/
For Debian 11 bullseye, this problem has been fixed in version
1:10.5.26-0+deb11u2.
We recommend that you upgrade your mariadb-10.5 packages.
For the detailed security status of mariadb-10.5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.5
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmbqnTAACgkQDTl9HeUl
XjB1uA//QbINMqqIPaD7wD4xTIS+rfP3D7HNoXDnxFrW/VNydAEJJw4Pg+1A8v6p
0GjsKMWp2fMmc/OuGsucHcVrVPhCEHL3+kK/v7jO4f4/JTYz0QJR0x8Cl2A4DlDu
M4/uNLHOZLIgvI/HFiLNACOcDikA+/lnsff8Uxedy41KpP9VavfH/hDgLZAk4y9Q
6l+DpCNSHJJ8tWd/DFjkG/22ac6qwEcBhwCSD69WsU1UJxDal0w1IBXIme99ZcJH
zAmh/XOh9Dl2jCZbfvdFFGme1+r7F3TE9Z+GJ7+Kw4NiMhf2a3kBYF+pTlvDFw2W
jQrTBlJR+b6icC/EsAqkhnIr++PDK9RmPMBqeRC1eplOKZTI27lEUXpVwt/x5DgU
88251BH+vsQHTJcck4HqnnuKbGeX/pIYYJnN0MuEgqZqb7WznMre2TXtoVyfbRwf
sM/ige/IQ3rPgb+zViKl4tVeH/R9qCanXwdzLh/s/uwb0A/6TeMIbtXIaxBx4imB
G/g5e1p/11I5XGKJfRr7rLSlv7Lnm3AxG+FE9otPtzUTr8zHBC5xdqYWRnoarnfD
zewkxWQSarX4ln3gdEjBmQpDPMrKTWgtxGG2nbyEqez2RTXOYnUPB0FizMMZrdKH
tSfpast8xjFzYWlj6r5zJ+l5HTEljLyNsjSdTtOTIkKehyijnc0=
=88+N
-----END PGP SIGNATURE-----
Reply to: