| Package | mariadb-10.3 |
|---|---|
| Version | 1:10.3.39-0+deb10u4 (buster) |
| Related CVEs | CVE-2023-52968 CVE-2023-52969 CVE-2023-52970 |
Multiple vulnerabilities were fixed in MariaDB 10.3, a popular database engine.
CVE-2023-52968
A Deny Of Service (DoS) was found in MariaDB. MariaDB server may call
fix_fields_if_needed under mysql_derived_prepare when derived is not yet
prepared, leading to a find_field_in_table crash.
CVE-2023-52969
MariaDB may crash with an empty backtrace log. This may be related
to make_aggr_tables_info and optimize_stage2.
CVE-2023-52968
MariaDB may crash in Item_direct_view_ref::derived_field_transformer_for_where.
For Debian 10 buster, these problems have been fixed in version 1:10.3.39-0+deb10u4.
We recommend that you upgrade your mariadb-10.3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.