A security update for MariaDB has been released for Debian GNU/Linux 10 (Buster) under the Extended LTS (ELTS) program. This update, identified as ELA-1501-1, addresses several vulnerabilities in the MariaDB version 10.3 database engine.
The specific version affected is 1:10.3.39-0+deb10u4. The update resolves the following critical Common Vulnerabilities and Exposures (CVEs):
1. CVE-2023-52968: This vulnerability allows for a Denial of Service (DoS) attack, where the MariaDB server may crash due to an improperly handled state in the preparation of derived queries.
2. CVE-2023-52969: This issue can lead to a crash of the MariaDB server without generating a useful backtrace log, potentially complicating debugging processes.
3. CVE-2023-52970: This vulnerability results in a crash within the database engine when performing specific transformations in query handling.
To ensure the security and stability of systems running MariaDB on Debian 10, users are encouraged to apply this update promptly. Regular security updates are essential for maintaining the integrity of database systems, especially when they are exposed to potential threats. Furthermore, users should monitor the official Debian security announcements for any future vulnerabilities and updates related to MariaDB and other packages.
In addition to applying this update, it is advisable for administrators to conduct routine security assessments, implement best practices for database security, and maintain regular backups to mitigate the risks associated with database vulnerabilities
The specific version affected is 1:10.3.39-0+deb10u4. The update resolves the following critical Common Vulnerabilities and Exposures (CVEs):
1. CVE-2023-52968: This vulnerability allows for a Denial of Service (DoS) attack, where the MariaDB server may crash due to an improperly handled state in the preparation of derived queries.
2. CVE-2023-52969: This issue can lead to a crash of the MariaDB server without generating a useful backtrace log, potentially complicating debugging processes.
3. CVE-2023-52970: This vulnerability results in a crash within the database engine when performing specific transformations in query handling.
To ensure the security and stability of systems running MariaDB on Debian 10, users are encouraged to apply this update promptly. Regular security updates are essential for maintaining the integrity of database systems, especially when they are exposed to potential threats. Furthermore, users should monitor the official Debian security announcements for any future vulnerabilities and updates related to MariaDB and other packages.
In addition to applying this update, it is advisable for administrators to conduct routine security assessments, implement best practices for database security, and maintain regular backups to mitigate the risks associated with database vulnerabilities
MariaDB update for Debian 10 ELTS
A MariaDB security update has been released for Debian GNU/Linux 10 (Buster) ELTS:
ELA-1501-1 mariadb-10.3 security update
