Arch Linux Security Advisory ASA-201505-3 ========================================= Severity: Medium Date : 2015-05-08 CVE-ID : CVE-2014-8964 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2571 Package : mariadb Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package mariadb before version 10.0.18-1 is vulnerable to denial of service. Resolution ========== Upgrade to 10.0.18-1. # pacman -Syu "mariadb>=10.0.18-1" The problems have been fixed upstream in version 10.0.18. Workaround ========== None. Description =========== - CVE-2014-8964 (denial of service) A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats. - CVE-2015-0499 (denial of service) Unspecified vulnerability allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. - CVE-2015-0501 (denial of service) Unspecified vulnerability allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. - CVE-2015-0505 (denial of service) Unspecified vulnerability allows remote authenticated users to affect availability via unknown vectors related to Server : DDL. - CVE-2015-2571 (denial of service) Unspecified vulnerability allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Impact ====== A remote authenticated attacker is able to cause a server crash leading to denial of service via malicious regular expressions and various unspecified vectors. References ========== https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8964 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0499 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0501 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0505 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2571