-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4190-1 [email protected] https://www.debian.org/lts/security/ Lee Garrett May 29, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : mydumper Version : 0.10.1-1+deb11u1 CVE ID : CVE-2025-30224 Debian Bug : #1102002 MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper has the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. For Debian 11 bullseye, this problem has been fixed in version 0.10.1-1+deb11u1. We recommend that you upgrade your mydumper packages. For the detailed security status of mydumper please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mydumper Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg4xIIACgkQ1gShxII+ 4PjgDh//R72J7AKViUbp3I+xiBDOLPAMuIFklMtaJsV731S6/o4mSg4jz3R14HqQ 2pcpGcTgw1IU2DyLvXSs1Y6eFVO0c0de45A6KaZX6J9WesfFMqClU9gUUud4eAHq vmJIJyFKJU9shRLuIyP32UI5cydOuhiyipY9fuqufrDB/0Lc2nR1sj0Mzurt/yGn /Eus9bFK4UbSmow22c/55rL8QYNRnG7lAyiOF8PvHkiHTURfgw/IWWFYHV+ACJD9 ar/+Jd8eqmKxO0I2ZTtvXF2WIdcS6CgUyEej0s4RF9BakB8j3f6OGsLi+w727S89 +PYbuFA+8HxXqOvXyxSfKhd7upvyvJLEm2Y8sbLS1338Qtb5XAgrEt2jEGGTCmZ9 uT+h3iO8D/hTQ7yWVfOZFxSf670WLh7mMEhFCaKEvOPfzQRLFg2RasLG2I3F8A7s JArRc12uly1X7BMPe93Omqjfnytmt7CIjH3moxIr1TGWYMugaCBof703XkpHytKL 2wWUSdHwtYTDZ0sljrxDO+BkmxDM0EmpiIF8fyrGYeR08QDxOlIqV7wLV1zV5//7 WpSpUuwSCAGFb8JsiXwSHGhLN0cAzDdxFR9KhXrim0ovCkX9gK7MlQOGF5nzQhfB 6gQwC9vajXF1jIHK2Zkn86eRtLEr652dcNARLVxVNFrsllKGi9YajwLXmXptIpBI SIEkiwqobZTmS/OFDeX1+AMXmEN4XnfqLzMFwQdpiEUxxmnPEVzpQb96Fv17bW4i V07xqm8PjnX9dRoo+7qgcR1ERV8S1FnkOYQEigLnSlSiXlzqdXX7zpJ+vxPPe5N3 9ZbN4akMeadd/wn4ixc5LDko8DiF2MeLktz7ABagMNsLeWeX6VkvmJ1QrBXRl7FC gZsPCHof6oSu02mJ2H0jDq0lKHWCdhbdB2qrzgda0VIJg5bYteF7L1rPiXgcc7w3 VADc5nCJ8r6Y1elxjgeZB4R3AxlU6PC6p/8NnxUN6GAyGq4heY3BRz8ZpovitGzB orMT5mfDVVn6kK8w/QZUlQ0ZKwb4ce890AcwIoqaENap+XcarppDB0ZD0NKRBPGX sboLh29z03Mynvt7tBX1Cnt4c5cXRfiYWh37UqXV+IohOlkrpiIMuANMbOwTeZo3 HI6U3vUqk4XGt2YlPiFVjaRDvNr6OujqQzozvydx8qzCtk45OWJam4eoCtTjX99f UvDsZxRHTaByvaj9bltv83wvB4mU373B0hJ+xuulBpEY/fp1Uw7pafGP+WlNhWrG UKtOCJwYzwNJleDLPfd3Cxp8tWT+gcT4e/uNNj6vTjUwv5KPvhabCw21lgxtfCM/ T42S8QZfa1Eulcg/Xu+A0S6bZHLrew== =7ZwP -----END PGP SIGNATURE-----
