[ubuntu/focal-security] mariadb-10.3 1:10.3.39-0ubuntu0.20.04.2 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Thu Jan 25 14:55:51 UTC 2024
mariadb-10.3 (1:10.3.39-0ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: New upstream version 10.3.39 includes fixes for the
following security vulnerabilities (LP: #2045452):
- CVE-2022-47015
* Add patch to revert upstream libmariadb API change (Debian Bug#1031773)
* Make SysV init script explicit on its dependencies (Debian Bug#1035949)
* Both of the changes above was included in the MariaDB Server version
1:10.3.39-0+deb10u1 in Deban Buster without any reported regressions
since June 2023 and are thus safe and appropriate to include in Ubuntu
20.04 (Focal) as well
* Include extra patch for CVE-2023-22084: A vulnerability allowed high
privileged attacker with network access via multiple protocols to compromise
the server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) the server (Debian Bug#1055034)
* According to https://mariadb.org/about/#maintenance-policy this
was the last minor maintenance release for MariaDB 10.3 series
Date: 2024-01-23 08:35:11.263632+00:00
Signed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/mariadb-10.3/1:10.3.39-0ubuntu0.20.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list