Security update for mariadb104 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1922-1 Final 1 1 2024-06-04T11:48:11Z current 2024-06-04T11:48:11Z 2024-06-04T11:48:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mariadb104 This update for mariadb104 fixes the following issues: - Update to 10.4.33: - CVE-2023-22084: Fixed a bug that allowed high privileged attackers with network access via multiple protocols to compromise the server. (bsc#1217405) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1922,openSUSE-SLE-15.6-2024-1922 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241922-1/ Link for SUSE-SU-2024:1922-1 https://lists.suse.com/pipermail/sle-security-updates/2024-June/018655.html E-Mail link for SUSE-SU-2024:1922-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1217405 SUSE Bug 1217405 https://www.suse.com/security/cve/CVE-2023-22084/ SUSE CVE CVE-2023-22084 page openSUSE Leap 15.6 libmariadbd104-devel-10.4.33-150100.3.8.1 libmariadbd19-10.4.33-150100.3.8.1 mariadb104-10.4.33-150100.3.8.1 mariadb104-bench-10.4.33-150100.3.8.1 mariadb104-client-10.4.33-150100.3.8.1 mariadb104-errormessages-10.4.33-150100.3.8.1 mariadb104-galera-10.4.33-150100.3.8.1 mariadb104-rpm-macros-10.4.33-150100.3.8.1 mariadb104-test-10.4.33-150100.3.8.1 mariadb104-tools-10.4.33-150100.3.8.1 libmariadbd104-devel-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-bench-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-client-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-errormessages-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-galera-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-rpm-macros-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-test-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 mariadb104-tools-10.4.33-150100.3.8.1 as a component of openSUSE Leap 15.6 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22084 openSUSE Leap 15.6:libmariadbd104-devel-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-bench-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-client-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-errormessages-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-galera-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-rpm-macros-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-test-10.4.33-150100.3.8.1 openSUSE Leap 15.6:mariadb104-tools-10.4.33-150100.3.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241922-1/ https://www.suse.com/security/cve/CVE-2023-22084.html CVE-2023-22084 https://bugzilla.suse.com/1217405 SUSE Bug 1217405