Forum: Too Lazy BBS

Who's Online

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	28
Nodes:	6 (0 / 6)
Uptime:	48:57:33
Calls:	422
Files:	1,024
Messages:	90,442

Bug#1105976: mariadb: CVE-2025-30722 CVE-2025-30693

From Salvatore Bonaccorso@21:1/5 to All on Sun May 18 13:10:01 2025

Source: mariadb
Version: 1:11.8.1-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for mariadb.

CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult
| to exploit vulnerability allows low privileged attacker with network
| access via multiple protocols to compromise MySQL Client.
| Successful attacks of this vulnerability can result in unauthorized
| access to critical data or complete access to all MySQL Client
| accessible data as well as unauthorized update, insert or delete
| access to some of MySQL Client accessible data. CVSS 3.1 Base Score
| 5.9 (Confidentiality and Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).

CVE-2025-30693[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-30722
https://www.cve.org/CVERecord?id=CVE-2025-30722
[1] https://security-tracker.debian.org/tracker/CVE-2025-30693
https://www.cve.org/CVERecord?id=CVE-2025-30693

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From =?UTF-8?B?T3R0byBLZWvDpGzDpGluZW4=?@21:1/5 to All on Mon May 19 05:00:01 2025

Hi,

FYI: The new upstream minor version have been ready for review for 10+
days, and they include these CVE fixes. There are however potential
regressions so I am holding back from uploading yet.

* https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/119
* https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/121
* https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/120
* https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/118
* https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/22

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online

System Info

Bug#1105976: mariadb: CVE-2025-30722 CVE-2025-30693