[SECURITY] [DLA 3722-1] mariadb-10.3 security update

2024-01-2707:46:34

lists.debian.org

dos

network access

mariadb suite

unauthorized ability

debian 10 buster

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.3%

JSON

Debian LTS Advisory DLA-3722-1 [email protected]
https://www.debian.org/lts/security/ Bastien ROUCARIÃ?S
January 27, 2024 https://wiki.debian.org/LTS

Package : mariadb-10.3
Version : 1:10.3.39-0+deb10u2
CVE ID : CVE-2023-22084
Debian Bug : 1055034

A vulnerability was fixed in MariaDB, a database suite.
This vulnerability allowed a high privileged attacker
with network access to compromise a MariaDB Server.
Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang
or frequently repeatable crash.

The main risk was a complete DOS of the sever.

For Debian 10 buster, this problem has been fixed in version
1:10.3.39-0+deb10u2.

We recommend that you upgrade your mariadb-10.3 packages.

For the detailed security status of mariadb-10.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10armhflibmariadb-dev< 1:10.3.39-0+deb10u2libmariadb-dev_1:10.3.39-0+deb10u2_armhf.deb
Debian11amd64mariadb-server-core-10.5-dbgsym< 1:10.5.23-0+deb11u1mariadb-server-core-10.5-dbgsym_1:10.5.23-0+deb11u1_amd64.deb
Debian11s390xmariadb-test< 1:10.5.23-0+deb11u1mariadb-test_1:10.5.23-0+deb11u1_s390x.deb
Debian12mipselmariadb-plugin-oqgraph< 1:10.11.6-0+deb12u1mariadb-plugin-oqgraph_1:10.11.6-0+deb12u1_mipsel.deb
Debian11arm64mariadb-client-10.5-dbgsym< 1:10.5.23-0+deb11u1mariadb-client-10.5-dbgsym_1:10.5.23-0+deb11u1_arm64.deb
Debian11ppc64elmariadb-plugin-gssapi-client-dbgsym< 1:10.5.23-0+deb11u1mariadb-plugin-gssapi-client-dbgsym_1:10.5.23-0+deb11u1_ppc64el.deb
Debian10amd64mariadb-client-10.3< 1:10.3.39-0+deb10u2mariadb-client-10.3_1:10.3.39-0+deb10u2_amd64.deb
Debian10arm64libmariadb-dev< 1:10.3.39-0+deb10u2libmariadb-dev_1:10.3.39-0+deb10u2_arm64.deb
Debian12s390xmariadb-server< 1:10.11.6-0+deb12u1mariadb-server_1:10.11.6-0+deb12u1_s390x.deb
Debian11amd64mariadb-test-dbgsym< 1:10.5.23-0+deb11u1mariadb-test-dbgsym_1:10.5.23-0+deb11u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	libmariadb-dev	< 1:10.3.39-0+deb10u2	libmariadb-dev_1:10.3.39-0+deb10u2_armhf.deb
Debian	11	amd64	mariadb-server-core-10.5-dbgsym	< 1:10.5.23-0+deb11u1	mariadb-server-core-10.5-dbgsym_1:10.5.23-0+deb11u1_amd64.deb
Debian	11	s390x	mariadb-test	< 1:10.5.23-0+deb11u1	mariadb-test_1:10.5.23-0+deb11u1_s390x.deb
Debian	12	mipsel	mariadb-plugin-oqgraph	< 1:10.11.6-0+deb12u1	mariadb-plugin-oqgraph_1:10.11.6-0+deb12u1_mipsel.deb
Debian	11	arm64	mariadb-client-10.5-dbgsym	< 1:10.5.23-0+deb11u1	mariadb-client-10.5-dbgsym_1:10.5.23-0+deb11u1_arm64.deb
Debian	11	ppc64el	mariadb-plugin-gssapi-client-dbgsym	< 1:10.5.23-0+deb11u1	mariadb-plugin-gssapi-client-dbgsym_1:10.5.23-0+deb11u1_ppc64el.deb
Debian	10	amd64	mariadb-client-10.3	< 1:10.3.39-0+deb10u2	mariadb-client-10.3_1:10.3.39-0+deb10u2_amd64.deb
Debian	10	arm64	libmariadb-dev	< 1:10.3.39-0+deb10u2	libmariadb-dev_1:10.3.39-0+deb10u2_arm64.deb
Debian	12	s390x	mariadb-server	< 1:10.11.6-0+deb12u1	mariadb-server_1:10.11.6-0+deb12u1_s390x.deb
Debian	11	amd64	mariadb-test-dbgsym	< 1:10.5.23-0+deb11u1	mariadb-test-dbgsym_1:10.5.23-0+deb11u1_amd64.deb