StarlingX

[Debian] Medium CVE: CVE-2025-21490 mariadb-10.5: can result in unauthorized ability to cause a hang

Bug #2103576 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Unassigned

Bug Description

CVE-2025-21490: https://nvd.nist.gov/vuln/detail/CVE-2025-21490

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Base Score: Medium

Reference:

['libmariadb-dev_10.5.26-0+deb11u2_amd64.deb===>libmariadb-dev_1:10.5.28-0+deb11u1_amd64.deb', 'libmariadb-dev-compat_10.5.26-0+deb11u2_amd64.deb===>libmariadb-dev-compat_1:10.5.28-0+deb11u1_amd64.deb', 'libmariadb3_10.5.26-0+deb11u2_amd64.deb===>libmariadb3_1:10.5.28-0+deb11u1_amd64.deb', 'mariadb-common_10.5.26-0+deb11u2_all.deb===>mariadb-common_1:10.5.28-0+deb11u1_all.deb']
https://security-tracker.debian.org/tracker/DLA-4074-1
https://www.tenable.com/plugins/nessus/216982

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/950652

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/950652
Committed: https://opendev.org/starlingx/tools/commit/e6a06670a0249c55811a25dda6a9ce11fcbd32dd
Submitter: "Zuul (22348)"
Branch: master

commit e6a06670a0249c55811a25dda6a9ce11fcbd32dd
Author: Joao Tognolli Jr <email address hidden>
Date: Thu May 22 09:33:05 2025 -0300

    Debian: mariadb: fix multiple CVEs

    Upgrade libmariadb-dev to 10.5.28-0+deb11u2
    Upgrade libmariadb-dev-compat to 10.5.28-0+deb11u2
    Upgrade libmariadb3 to 10.5.28-0+deb11u2
    Upgrade mariadb-common to 10.5.26-0+deb11u2

    CVE-2025-21490: https://nvd.nist.gov/vuln/detail/CVE-2025-21490
    CVE-2023-52969: https://nvd.nist.gov/vuln/detail/CVE-2023-52969
    CVE-2023-52970: https://nvd.nist.gov/vuln/detail/CVE-2023-52970

    https://security-tracker.debian.org/tracker/DLA-4074-1
    https://www.tenable.com/plugins/nessus/216982
    https://security-tracker.debian.org/tracker/DLA-4154-1
    https://www.tenable.com/plugins/nessus/235499

    TestPlan:
    PASS: downloader; build-pkgs
    PASS: build-image
    PASS: install on SX-lab (VBox)

    Closes-Bug: 2103576
    Closes-Bug: 2111238

    Change-Id: I4739665d66eeb13062e7ae3c9cc206b8097694fa
    Signed-off-by: Joao Tognolli Jr <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.