ArchLinux: 202105-14: mariadb: denial of service
Summary
- CVE-2021-2154 (denial of service)
A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.
- CVE-2021-2166 (denial of service)
A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.
Resolution
Upgrade to 10.5.10-1.
# pacman -Syu "mariadb>=10.5.10-1"
The problems have been fixed upstream in version 10.5.10.
References
https://mariadb.com/kb/en/mariadb-10510-release-notes/ https://security.archlinux.org/CVE-2021-2154 https://security.archlinux.org/CVE-2021-2166
Workaround
None.