Arch Linux Security Advisory ASA-202105-14
==========================================

Severity: Medium
Date    : 2021-05-19
CVE-ID  : CVE-2021-2154 CVE-2021-2166
Package : mariadb
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1882

Summary
=======

The package mariadb before version 10.5.10-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 10.5.10-1.

# pacman -Syu "mariadb>=10.5.10-1"

The problems have been fixed upstream in version 10.5.10.

Workaround
==========

None.

Description
===========

- CVE-2021-2154 (denial of service)

A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.

- CVE-2021-2166 (denial of service)

A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.

Impact
======

A privileged remote attacker could cause the MariaDB server to hang or
crash.

References
==========

https://mariadb.com/kb/en/mariadb-10510-release-notes/
https://security.archlinux.org/CVE-2021-2154
https://security.archlinux.org/CVE-2021-2166