ArchLinux: 201510-26: mariadb: denial of service
Summary
- CVE-2015-4913 (denial of service)
allows remote authenticated users to affect availability via
vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
- CVE-2015-4870 (denial of service)
allows remote authenticated users to affect availability via unknown vectorsrelated to Server : Parser.
- CVE-2015-4861 (denial of service)
allows remote authenticated users to affect availability via unknown vectorsrelated to Server : InnoDB.
- CVE-2015-4858 (denial of service)
allows remote authenticated users to affect availability via
vectors related to DML, a different vulnerability than CVE-2015-4913.
- CVE-2015-4836 (denial of service)
allows remote authenticated users to affect availability via unknown vectorsrelated to Server : SP.
- CVE-2015-4830 (denial of service)
allows remote authenticated users to affect integrity via unknown vectorsrelated to Server : Security : Privileges.
- CVE-2015-4826 (denial of service)
allows remote authenticated users to affect confidentiality via unknown vectorsrelated to Server : Types.
- CVE-2015-4815 (denial of service)
allows remote authenticated users to affect availability via vectors related to
Server : DDL.
- CVE-2015-4802 (denial of service)
allows remote authenticated users to affect availability via unknown vectorsrelated to Server : Partition, a different vulnerability than CVE-2015-4792.
- CVE-2015-4792 (denial of service)
allows remote authenticated users to affect availability via unknown vectorsrelated to Server : Partition, a different vulnerability than CVE-2015-4802.
Resolution
Upgrade to version 10.0.22-1.
# pacman -Syu "mariadb>=10.0.22-1"
The problems have been fixed upstream in version 10.0.22.
References
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4913 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4870 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4861 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4858 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4836 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4830 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4826 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4815 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4802 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4792 https://mariadb.com/kb/en/security/
Workaround
None.