SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2330

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2330

Security update for mariadb

Type: security

Severity: critical

Issued: 2026-06-10

Description:

This update for mariadb fixes the following issues:

- CVE-2026-3494: audit plugin comment handling bypass (bsc#1259176).
- CVE-2026-34303: mysql: optimizer unspecified vulnerability (bsc#1266435).
- CVE-2026-35549: SHA2 auth plugin crash on large packets (bsc#1261413).
- CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side (bsc#1266442).
- CVE-2026-44169: authorization bypass in role-based routine-level privilege check exposes stored routine definitions
  (bsc#1266441).
- CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via unsanitized URL (bsc#1266440).
- CVE-2026-44171: path traversal in mbstream (bsc#1266439).
- CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5 (bsc#1266438).
- CVE-2026-44173: FILE privilege was not checked for subqueries in the FROM clause (bsc#1266437).
- CVE-2026-48163: wsrep SST unsafe parameter handling on the donor side (bsc#1266815).
- CVE-2026-48165: unsafe usage of `wsrep_sst_receive_address` values on the joiner side (bsc#1266814).
- CVE-2026-49261: unsafe parameter handling in `wsrep_notify_cmd` (bsc#1267542).

Changes for mariadb:

- Update to 11.8.8:
 https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
 https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.8
- Update to 11.8.7:
 https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
 https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.7

References

Packages

mariadb-11.8.8-150700.3.15.1