[ASA-202105-14] mariadb: denial of service
Jonas Witschel
diabonas at archlinux.org
Thu May 20 18:06:25 UTC 2021
Arch Linux Security Advisory ASA-202105-14
==========================================
Severity: Medium
Date : 2021-05-19
CVE-ID : CVE-2021-2154 CVE-2021-2166
Package : mariadb
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1882
Summary
=======
The package mariadb before version 10.5.10-1 is vulnerable to denial of
service.
Resolution
==========
Upgrade to 10.5.10-1.
# pacman -Syu "mariadb>=10.5.10-1"
The problems have been fixed upstream in version 10.5.10.
Workaround
==========
None.
Description
===========
- CVE-2021-2154 (denial of service)
A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.
- CVE-2021-2166 (denial of service)
A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.
Impact
======
A privileged remote attacker could cause the MariaDB server to hang or
crash.
References
==========
https://mariadb.com/kb/en/mariadb-10510-release-notes/
https://security.archlinux.org/CVE-2021-2154
https://security.archlinux.org/CVE-2021-2166
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20210520/47d5f3a6/attachment.sig>
More information about the arch-security
mailing list