SB2026010707 - Red Hat Enterprise Linux 10 update for mariadb10.11

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026010707

SB2026010707 - Red Hat Enterprise Linux 10 update for mariadb10.11

Published: January 7, 2026

Security Bulletin ID SB2026010707
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 43% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2025-21490)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


2) Insecure automated optimizations (CVE-ID: CVE-2023-52969)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling derived tables within the SELECT clause. A remote privileged user can crash the server with a specially crafted query. 


3) Insecure automated optimizations (CVE-ID: CVE-2023-52971)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization in JOIN::fix_all_splittings_in_plan. A remote user can crash the database server.


4) Insecure automated optimizations (CVE-ID: CVE-2023-52970)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling inserts from a derived table containing insert target table. A remote privileged user can crash the server with a specially crafted query. 


5) Improper input validation (CVE-ID: CVE-2025-30722)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.


6) Improper input validation (CVE-ID: CVE-2025-30693)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.


7) Path traversal (CVE-ID: CVE-2025-13699)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the handling of view names. A remote attacker can trick a victim to interact with the mariadb-dump utility and upload arbitrary files on the system, leading to arbitrary code execution.


Remediation

Install update from vendor's website.

References