[arch-security] [ASA-201510-26] mariadb: denial of service
Christian Rebischke
Chris.Rebischke at archlinux.org
Fri Oct 30 15:47:31 UTC 2015
Arch Linux Security Advisory ASA-201510-26
=========================================
Severity: Low
Date : 2015-10-30
CVE-ID : CVE-2015-4913 CVE-2015-4870 CVE-2015-4861 CVE-2015-4858 CVE-2015-4836
CVE-2015-4830 CVE-2015-4826 CVE-2015-4815 CVE-2015-4802 CVE-2015-4792
Package : mysql
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package mysql before version 10.0.22-1 is vulnerable against different
denial of service vulnerabilities.
Resolution
==========
Upgrade to version 10.0.22-1.
# pacman -Syu "mariadb>=10.0.22-1"
The problems have been fixed upstream in version 10.0.22.
Workaround
==========
None.
Description
===========
- CVE-2015-4913 (denial of service)
allows remote authenticated users to affect availability via
vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
- CVE-2015-4870 (denial of service)
allows remote authenticated users to affect availability via unknown vectors
related to Server : Parser.
- CVE-2015-4861 (denial of service)
allows remote authenticated users to affect availability via unknown vectors
related to Server : InnoDB.
- CVE-2015-4858 (denial of service)
allows remote authenticated users to affect availability via
vectors related to DML, a different vulnerability than CVE-2015-4913.
- CVE-2015-4836 (denial of service)
allows remote authenticated users to affect availability via unknown vectors
related to Server : SP.
- CVE-2015-4830 (denial of service)
allows remote authenticated users to affect integrity via unknown vectors
related to Server : Security : Privileges.
- CVE-2015-4826 (denial of service)
allows remote authenticated users to affect confidentiality via unknown vectors
related to Server : Types.
- CVE-2015-4815 (denial of service)
allows remote authenticated users to affect availability via vectors related to
Server : DDL.
- CVE-2015-4802 (denial of service)
allows remote authenticated users to affect availability via unknown vectors
related to Server : Partition, a different vulnerability than CVE-2015-4792.
- CVE-2015-4792 (denial of service)
allows remote authenticated users to affect availability via unknown vectors
related to Server : Partition, a different vulnerability than CVE-2015-4802.
Impact
======
An authenticated remote attacker is able to affect the availability via
different attack vectors.
References
==========
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4913
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4870
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4861
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4858
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4836
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4830
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4826
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4815
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4802
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4792
https://mariadb.com/kb/en/mariadb/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151030/65e18f55/attachment.asc>
More information about the arch-security
mailing list