[SECURITY] [DLA 4190-1] mydumper security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4190-1] mydumper security update
From: Lee Garrett <debian@rocketjump.eu>
Date: Thu, 29 May 2025 22:33:32 +0200 (CEST)
Message-id: <[🔎] 4b7dP83lr8zycG@mail.rocketjump.eu>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4190-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Lee Garrett
May 29, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mydumper
Version        : 0.10.1-1+deb11u1
CVE ID         : CVE-2025-30224
Debian Bug     : #1102002

MyDumper is a MySQL Logical Backup Tool. The MySQL C client library
(libmysqlclient) allows authenticated remote actors to read arbitrary files from
client systems via a crafted server response to LOAD LOCAL INFILE query, leading
to sensitive information disclosure when clients connect to untrusted MySQL
servers without explicitly disabling the local infile capability. Mydumper has
the local infile option enabled by default and does not have an option to
disable it. This can lead to an unexpected arbitrary file read if the Mydumper
tool connects to an untrusted server.

For Debian 11 bullseye, this problem has been fixed in version
0.10.1-1+deb11u1.

We recommend that you upgrade your mydumper packages.

For the detailed security status of mydumper please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mydumper

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4xIIACgkQ1gShxII+
4PjgDh//R72J7AKViUbp3I+xiBDOLPAMuIFklMtaJsV731S6/o4mSg4jz3R14HqQ
2pcpGcTgw1IU2DyLvXSs1Y6eFVO0c0de45A6KaZX6J9WesfFMqClU9gUUud4eAHq
vmJIJyFKJU9shRLuIyP32UI5cydOuhiyipY9fuqufrDB/0Lc2nR1sj0Mzurt/yGn
/Eus9bFK4UbSmow22c/55rL8QYNRnG7lAyiOF8PvHkiHTURfgw/IWWFYHV+ACJD9
ar/+Jd8eqmKxO0I2ZTtvXF2WIdcS6CgUyEej0s4RF9BakB8j3f6OGsLi+w727S89
+PYbuFA+8HxXqOvXyxSfKhd7upvyvJLEm2Y8sbLS1338Qtb5XAgrEt2jEGGTCmZ9
uT+h3iO8D/hTQ7yWVfOZFxSf670WLh7mMEhFCaKEvOPfzQRLFg2RasLG2I3F8A7s
JArRc12uly1X7BMPe93Omqjfnytmt7CIjH3moxIr1TGWYMugaCBof703XkpHytKL
2wWUSdHwtYTDZ0sljrxDO+BkmxDM0EmpiIF8fyrGYeR08QDxOlIqV7wLV1zV5//7
WpSpUuwSCAGFb8JsiXwSHGhLN0cAzDdxFR9KhXrim0ovCkX9gK7MlQOGF5nzQhfB
6gQwC9vajXF1jIHK2Zkn86eRtLEr652dcNARLVxVNFrsllKGi9YajwLXmXptIpBI
SIEkiwqobZTmS/OFDeX1+AMXmEN4XnfqLzMFwQdpiEUxxmnPEVzpQb96Fv17bW4i
V07xqm8PjnX9dRoo+7qgcR1ERV8S1FnkOYQEigLnSlSiXlzqdXX7zpJ+vxPPe5N3
9ZbN4akMeadd/wn4ixc5LDko8DiF2MeLktz7ABagMNsLeWeX6VkvmJ1QrBXRl7FC
gZsPCHof6oSu02mJ2H0jDq0lKHWCdhbdB2qrzgda0VIJg5bYteF7L1rPiXgcc7w3
VADc5nCJ8r6Y1elxjgeZB4R3AxlU6PC6p/8NnxUN6GAyGq4heY3BRz8ZpovitGzB
orMT5mfDVVn6kK8w/QZUlQ0ZKwb4ce890AcwIoqaENap+XcarppDB0ZD0NKRBPGX
sboLh29z03Mynvt7tBX1Cnt4c5cXRfiYWh37UqXV+IohOlkrpiIMuANMbOwTeZo3
HI6U3vUqk4XGt2YlPiFVjaRDvNr6OujqQzozvydx8qzCtk45OWJam4eoCtTjX99f
UvDsZxRHTaByvaj9bltv83wvB4mU373B0hJ+xuulBpEY/fp1Uw7pafGP+WlNhWrG
UKtOCJwYzwNJleDLPfd3Cxp8tWT+gcT4e/uNNj6vTjUwv5KPvhabCw21lgxtfCM/
T42S8QZfa1Eulcg/Xu+A0S6bZHLrew==
=7ZwP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4189-1] webpy security update
Next by Date: [SECURITY] [DLA 4191-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 4189-1] webpy security update
Next by thread: [SECURITY] [DLA 4191-1] firefox-esr security update
Index(es):
- Date
- Thread