[debian-mysql] Bug#1141976: mariadb-server: Upgrading to 10.11.18-0+deb12u1 enables systemd socket activation unconditionally
Michael Prokop
mika at debian.org
Mon Jul 13 07:43:10 BST 2026
Hi,
* Sven Hartge [Mon Jul 13, 2026 at 06:54:43AM +0200]:
> Package: mariadb-server
> Version: 1:10.11.18-0+deb12u1
> Severity: important
>
> Hello!
>
> On Debian 12, after the upgrade to 1:10.11.18-0+deb12u1, I find that
> mariadb.socket has been activated without any input or consent from me.
>
> This results in mariadb-server now suddenly being available to *:3306
> (i.e. the Internet if no firewall is configured) instead of just
> 127.0.0.1:3306.
>
> This is very unfortunate, as this potentially exposes the server to attacks.
>
> Here is how the state of the socket looks before and after the upgrade:
[...]
> No manual change has been done my me, just "apt full-upgrade".
>
> Because mariadbd is running at the moment, this won't have an effect
> until rebooting the system, which is an additional wrinkle, masking the
> new unsafe situation even further, obscuring the reason for the change.
I can confirm this behavior, which I also just noticed on one of my
systems.
regards
-mika-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mysql-maint/attachments/20260713/8c3cd5a3/attachment-0001.sig>
More information about the pkg-mysql-maint
mailing list