ArchLinux: 202105-14: mariadb: denial of service | LinuxSecurity.com

Advisories

Arch Linux Security Advisory ASA-202105-14
==========================================

Severity: Medium
Date    : 2021-05-19
CVE-ID  : CVE-2021-2154 CVE-2021-2166
Package : mariadb
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1882

Summary
=======

The package mariadb before version 10.5.10-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 10.5.10-1.

# pacman -Syu "mariadb>=10.5.10-1"

The problems have been fixed upstream in version 10.5.10.

Workaround
==========

None.

Description
===========

- CVE-2021-2154 (denial of service)

A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.

- CVE-2021-2166 (denial of service)

A security issue has been found in MariaDB before version 10.5.10. An
easily exploitable vulnerability allows high privileged attackers with
network access via multiple protocols to compromise the MariaDB server.
Successful attacks of this vulnerability can cause a hang or a
frequently repeatable crash (complete denial of service) of the server.

Impact
======

A privileged remote attacker could cause the MariaDB server to hang or
crash.

References
==========

https://mariadb.com/kb/en/mariadb-10510-release-notes/
https://security.archlinux.org/CVE-2021-2154
https://security.archlinux.org/CVE-2021-2166

ArchLinux: 202105-14: mariadb: denial of service

May 20, 2021
The package mariadb before version 10.5.10-1 is vulnerable to denial of service

Summary

- CVE-2021-2154 (denial of service)
A security issue has been found in MariaDB before version 10.5.10. An easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise the MariaDB server. Successful attacks of this vulnerability can cause a hang or a frequently repeatable crash (complete denial of service) of the server.
- CVE-2021-2166 (denial of service)
A security issue has been found in MariaDB before version 10.5.10. An easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise the MariaDB server. Successful attacks of this vulnerability can cause a hang or a frequently repeatable crash (complete denial of service) of the server.

Resolution

Upgrade to 10.5.10-1.
# pacman -Syu "mariadb>=10.5.10-1"
The problems have been fixed upstream in version 10.5.10.

References

https://mariadb.com/kb/en/mariadb-10510-release-notes/ https://security.archlinux.org/CVE-2021-2154 https://security.archlinux.org/CVE-2021-2166

Severity
CVE-ID : CVE-2021-2154 CVE-2021-2166
Package : mariadb
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1882

Impact

A privileged remote attacker could cause the MariaDB server to hang or crash.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.