Security update for mariadb SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4907-1 Final 1 1 2023-12-19T14:58:20Z current 2023-12-19T14:58:20Z 2023-12-19T14:58:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb This update for mariadb fixes the following issues: - CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server (bsc#1217405). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4907,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4907,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4907,SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-4907,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4907,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4907,SUSE-Storage-7.1-2023-4907 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234907-1/ Link for SUSE-SU-2023:4907-1 https://lists.suse.com/pipermail/sle-security-updates/2023-December/017490.html E-Mail link for SUSE-SU-2023:4907-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1217405 SUSE Bug 1217405 https://www.suse.com/security/cve/CVE-2023-22084/ SUSE CVE CVE-2023-22084 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 libmariadbd-devel-10.5.23-150300.3.38.1 libmariadbd19-10.5.23-150300.3.38.1 mariadb-10.5.23-150300.3.38.1 mariadb-bench-10.5.23-150300.3.38.1 mariadb-client-10.5.23-150300.3.38.1 mariadb-errormessages-10.5.23-150300.3.38.1 mariadb-galera-10.5.23-150300.3.38.1 mariadb-rpm-macros-10.5.23-150300.3.38.1 mariadb-test-10.5.23-150300.3.38.1 mariadb-tools-10.5.23-150300.3.38.1 libmariadbd-devel-10.5.23-150300.3.38.1 as a component of SUSE Enterprise Storage 7.1 libmariadbd19-10.5.23-150300.3.38.1 as a component of SUSE Enterprise Storage 7.1 mariadb-10.5.23-150300.3.38.1 as a component of SUSE Enterprise Storage 7.1 mariadb-client-10.5.23-150300.3.38.1 as a component of SUSE Enterprise Storage 7.1 mariadb-errormessages-10.5.23-150300.3.38.1 as a component of SUSE Enterprise Storage 7.1 mariadb-tools-10.5.23-150300.3.38.1 as a component of SUSE Enterprise Storage 7.1 libmariadbd-devel-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS libmariadbd19-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS mariadb-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS mariadb-client-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS mariadb-errormessages-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS mariadb-tools-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS libmariadbd-devel-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libmariadbd19-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS mariadb-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS mariadb-client-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS mariadb-errormessages-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS mariadb-tools-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libmariadbd-devel-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libmariadbd19-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS mariadb-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS mariadb-client-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS mariadb-errormessages-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS mariadb-tools-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libmariadbd-devel-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libmariadbd19-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 mariadb-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 mariadb-client-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 mariadb-errormessages-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 mariadb-tools-10.5.23-150300.3.38.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22084 SUSE Enterprise Storage 7.1:libmariadbd-devel-10.5.23-150300.3.38.1 SUSE Enterprise Storage 7.1:libmariadbd19-10.5.23-150300.3.38.1 SUSE Enterprise Storage 7.1:mariadb-10.5.23-150300.3.38.1 SUSE Enterprise Storage 7.1:mariadb-client-10.5.23-150300.3.38.1 SUSE Enterprise Storage 7.1:mariadb-errormessages-10.5.23-150300.3.38.1 SUSE Enterprise Storage 7.1:mariadb-tools-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libmariadbd-devel-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libmariadbd19-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:mariadb-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:mariadb-client-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:mariadb-errormessages-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:mariadb-tools-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libmariadbd-devel-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libmariadbd19-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:mariadb-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:mariadb-client-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:mariadb-errormessages-10.5.23-150300.3.38.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:mariadb-tools-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libmariadbd-devel-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libmariadbd19-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server 15 SP3-LTSS:mariadb-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server 15 SP3-LTSS:mariadb-client-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server 15 SP3-LTSS:mariadb-errormessages-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server 15 SP3-LTSS:mariadb-tools-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libmariadbd-devel-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libmariadbd19-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:mariadb-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:mariadb-client-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:mariadb-errormessages-10.5.23-150300.3.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:mariadb-tools-10.5.23-150300.3.38.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234907-1/ https://www.suse.com/security/cve/CVE-2023-22084.html CVE-2023-22084 https://bugzilla.suse.com/1217405 SUSE Bug 1217405