[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3891-1] mariadb-10.5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3891-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Otto Kekäläinen
September 18, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mariadb-10.5
Version        : 1:10.5.26-0+deb11u2
CVE ID         : CVE-2024-21096
Debian Bug     : 1069189 1015293

A vulnerability was discovered in MariaDB, a SQL database server
compatible with MySQL. An attacker could generate a malicious dump
file which could execute shell commands from the MariaDB client.

The fix may cause a compatibility issue with older MariaDB and MySQL
clients, with existing workarounds, as detailed at:
https://mariadb.org/mariadb-dump-file-compatibility-change/

This updates also includes bugfixes through the 10.5 maintenance
branch, as detailed at:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/
https://mariadb.com/kb/en/mariadb-10-5-25-release-notes/
https://mariadb.com/kb/en/mariadb-10-5-26-release-notes/

For Debian 11 bullseye, this problem has been fixed in version
1:10.5.26-0+deb11u2.

We recommend that you upgrade your mariadb-10.5 packages.

For the detailed security status of mariadb-10.5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.5

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmbqnTAACgkQDTl9HeUl
XjB1uA//QbINMqqIPaD7wD4xTIS+rfP3D7HNoXDnxFrW/VNydAEJJw4Pg+1A8v6p
0GjsKMWp2fMmc/OuGsucHcVrVPhCEHL3+kK/v7jO4f4/JTYz0QJR0x8Cl2A4DlDu
M4/uNLHOZLIgvI/HFiLNACOcDikA+/lnsff8Uxedy41KpP9VavfH/hDgLZAk4y9Q
6l+DpCNSHJJ8tWd/DFjkG/22ac6qwEcBhwCSD69WsU1UJxDal0w1IBXIme99ZcJH
zAmh/XOh9Dl2jCZbfvdFFGme1+r7F3TE9Z+GJ7+Kw4NiMhf2a3kBYF+pTlvDFw2W
jQrTBlJR+b6icC/EsAqkhnIr++PDK9RmPMBqeRC1eplOKZTI27lEUXpVwt/x5DgU
88251BH+vsQHTJcck4HqnnuKbGeX/pIYYJnN0MuEgqZqb7WznMre2TXtoVyfbRwf
sM/ige/IQ3rPgb+zViKl4tVeH/R9qCanXwdzLh/s/uwb0A/6TeMIbtXIaxBx4imB
G/g5e1p/11I5XGKJfRr7rLSlv7Lnm3AxG+FE9otPtzUTr8zHBC5xdqYWRnoarnfD
zewkxWQSarX4ln3gdEjBmQpDPMrKTWgtxGG2nbyEqez2RTXOYnUPB0FizMMZrdKH
tSfpast8xjFzYWlj6r5zJ+l5HTEljLyNsjSdTtOTIkKehyijnc0=
=88+N
-----END PGP SIGNATURE-----


Reply to: