SB2026010704 - Fedora 40 update for mariadb10.11

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026010704

SB2026010704 - Fedora 40 update for mariadb10.11

Published: January 7, 2026

Security Bulletin ID SB2026010704
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Insecure automated optimizations (CVE-ID: CVE-2023-52969)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling derived tables within the SELECT clause. A remote privileged user can crash the server with a specially crafted query. 


2) Insecure automated optimizations (CVE-ID: CVE-2023-52971)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization in JOIN::fix_all_splittings_in_plan. A remote user can crash the database server.


3) Insecure automated optimizations (CVE-ID: CVE-2023-52970)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling inserts from a derived table containing insert target table. A remote privileged user can crash the server with a specially crafted query. 


Remediation

Install update from vendor's website.

References