Arch Linux Security Advisory ASA-201510-26 ========================================= Severity: Low Date : 2015-10-30 CVE-ID : CVE-2015-4913 CVE-2015-4870 CVE-2015-4861 CVE-2015-4858 CVE-2015-4836 CVE-2015-4830 CVE-2015-4826 CVE-2015-4815 CVE-2015-4802 CVE-2015-4792 Package : mysql Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package mysql before version 10.0.22-1 is vulnerable against different denial of service vulnerabilities. Resolution ========== Upgrade to version 10.0.22-1. # pacman -Syu "mariadb>=10.0.22-1" The problems have been fixed upstream in version 10.0.22. Workaround ========== None. Description =========== - CVE-2015-4913 (denial of service) allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. - CVE-2015-4870 (denial of service) allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. - CVE-2015-4861 (denial of service) allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. - CVE-2015-4858 (denial of service) allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. - CVE-2015-4836 (denial of service) allows remote authenticated users to affect availability via unknown vectors related to Server : SP. - CVE-2015-4830 (denial of service) allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. - CVE-2015-4826 (denial of service) allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. - CVE-2015-4815 (denial of service) allows remote authenticated users to affect availability via vectors related to Server : DDL. - CVE-2015-4802 (denial of service) allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. - CVE-2015-4792 (denial of service) allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. Impact ====== An authenticated remote attacker is able to affect the availability via different attack vectors. References ========== http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4913 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4870 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4861 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4858 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4836 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4830 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4826 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4815 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4802 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4792 https://mariadb.com/kb/en/mariadb/security/