Main Vulnerability Database SB2024061427

SB2024061427 - SUSE update for mariadb

Published: June 14, 2024

Security Bulletin ID SB2024061427

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2024-21096)

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20242032-1/

Vulnerable Software

Galera for Ericsson 15: SP6
SUSE Package Hub 15: 15-SP6
Server Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
mariadb-errormessages: before 10.11.8-150600.4.3.1
libmariadbd19-debuginfo: before 10.11.8-150600.4.3.1
libmariadbd19: before 10.11.8-150600.4.3.1
mariadb-debugsource: before 10.11.8-150600.4.3.1
mariadb-bench: before 10.11.8-150600.4.3.1
mariadb-client: before 10.11.8-150600.4.3.1
mariadb-galera: before 10.11.8-150600.4.3.1
mariadb-client-debuginfo: before 10.11.8-150600.4.3.1
libmariadbd-devel: before 10.11.8-150600.4.3.1
mariadb-test-debuginfo: before 10.11.8-150600.4.3.1
mariadb-debuginfo: before 10.11.8-150600.4.3.1
mariadb: before 10.11.8-150600.4.3.1
mariadb-test: before 10.11.8-150600.4.3.1
mariadb-bench-debuginfo: before 10.11.8-150600.4.3.1
mariadb-tools-debuginfo: before 10.11.8-150600.4.3.1
mariadb-tools: before 10.11.8-150600.4.3.1
mariadb-rpm-macros: before 10.11.8-150600.4.3.1