SB2025122928 - SUSE update for mariadb

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Insecure automated optimizations (CVE-ID: CVE-2023-52969)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling derived tables within the SELECT clause. A remote privileged user can crash the server with a specially crafted query. 

2) Insecure automated optimizations (CVE-ID: CVE-2023-52970)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling inserts from a derived table containing insert target table. A remote privileged user can crash the server with a specially crafted query. 

3) Improper input validation (CVE-ID: CVE-2025-21490)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

4) Improper input validation (CVE-ID: CVE-2025-30693)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

5) Improper input validation (CVE-ID: CVE-2025-30722)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2025/suse-su-202503276-1/