An update for hsqldb is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1490 Final 1.0 1.0 2026-03-06 Initial 2026-03-06 2026-03-06 openEuler SA Tool V1.0 2026-03-06 hsqldb security update An update for hsqldb is now available for openEuler-24.03-LTS HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small (about 100k), fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as a minimal web server, in-memory query and management tools (can be run as applets or servlets, too) and a number of demonstration examples. Downloaded code should be regarded as being of production quality. The product is currently being used as a database and persistence engine in many Open Source Software projects and even in commercial projects and products! In it's current version it is extremely stable and reliable. It is best known for its small size, ability to execute completely in memory and its speed. Yet it is a completely functional relational database management system that is completely free under the Modified BSD License. Yes, that's right, completely free of cost or restrictions! Security Fix(es): A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183) An update for hsqldb is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium hsqldb https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1490 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-1183 https://nvd.nist.gov/vuln/detail/CVE-2023-1183 openEuler-24.03-LTS hsqldb-2.4.0-6.oe2403.noarch.rpm hsqldb-demo-2.4.0-6.oe2403.noarch.rpm hsqldb-javadoc-2.4.0-6.oe2403.noarch.rpm hsqldb-lib-2.4.0-6.oe2403.noarch.rpm hsqldb-manual-2.4.0-6.oe2403.noarch.rpm hsqldb-2.4.0-6.oe2403.src.rpm A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. 2026-03-06 CVE-2023-1183 openEuler-24.03-LTS Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N hsqldb security update 2026-03-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1490