All errata/p10/ALT-PU-2026-8415-3
ALT-PU-2026-8415-3

Package update mariadb in branch p10

Version10.6.26-alt1
Task#418913
Published2026-06-02
Max severityHIGH
Severity:

Closed issues (9)

BDU:2026-00803
HIGH7.0

Уязвимость компонента mariadb-dump системы управления базами данных MariaDB, позволяющая нарушителю выполнить произвольный код

Published: 2026-01-25Modified: 2026-05-25
CVSS 3.xHIGH 7.0
CVSS:3.x/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:C
References
BDU:2026-07584
MEDIUM4.3

Уязвимость плагина server audit plugin системы управления базами данных MariaDB, позволяющая нарушителю обойти существующие механизмы безопасности

Published: 2026-05-31
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N
References
CVE-2025-13699
HIGH7.0

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.

Published: 2025-12-23Modified: 2026-04-14
CVSS 3.xHIGH 7.0
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2026-3494
MEDIUM5.3

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

Published: 2026-03-03Modified: 2026-03-16
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 4.0MEDIUM 5.3
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References