SB2025122923 - openEuler 24.03 LTS update for mariadb

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Insecure automated optimizations (CVE-ID: CVE-2023-52969)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling derived tables within the SELECT clause. A remote privileged user can crash the server with a specially crafted query. 

2) Improper input validation (CVE-ID: CVE-2024-21096)

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.

3) Improper input validation (CVE-ID: CVE-2025-21490)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1542