| Summary: | <dev-db/mariadb-5.5.37: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | mysql-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/56675/ | ||
| Whiteboard: | ~3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 490580 | ||
| Bug Blocks: | |||
From http://secunia.com/advisories/57120/ : escription Multiple vulnerabilities have been reported in MariaDB, which can be exploited by malicious users to cause a DoS (Denial of Service). 1) A NULL pointer dereference error when handling certain prepared SELECT statements with subqueries can be exploited to cause a crash. Successful exploitation of this vulnerability requires the "materialization" and "semijoin" optimizer switches to be on. 2) An error when handling a KILL QUERY statement with certain concurrent SQL queries can be exploited to cause a crash. 3) An error when parsing NAME_CONST expression containing AND/OR expressions can be exploited to cause a crash. 4) An error when preparing SELECT statements with an invalid GROUP BY value can be exploited to trigger an assertion failure. 5) An error when handling certain SELECT statements with JOIN phrases can be exploited to cause a crash. Successful exploitation of this vulnerability requires the "sql_mode" setting to be set to "ONLY_FULL_GROUP_BY". 6) An error when handling certain concurrent UPDATE statements can be exploited to cause a crash. The vulnerabilities are reported in versions prior to 5.5.36. Solution: Update to version 5.5.36. Provided and/or discovered by: 1, 4, 6) Elena Stepanova. 2) Peter (Stig) Edwards. 3) Reported by the vendor. 5) Vasilis Lourdas. Original Advisory: https://mariadb.com/kb/en/mariadb-5536-release-notes/ https://mariadb.com/kb/en/mariadb-5536-changelog/ https://mariadb.atlassian.net/browse/MDEV-5581 https://mariadb.atlassian.net/browse/MDEV-714 https://mariadb.atlassian.net/browse/MDEV-5655 https://mariadb.atlassian.net/browse/MDEV-5505 https://mariadb.atlassian.net/browse/MDEV-5617 https://mariadb.atlassian.net/browse/MDEV-5629 I've pushed mariadb-5.5.37 into the tree. As with mysql, we're going to take care of this stabilization as this is the first 5.5 version that we're going to mark stable. (In reply to Jorge Manuel B. S. Vicetto from comment #2) > I've pushed mariadb-5.5.37 into the tree. As with mysql, we're going to take > care of this stabilization as this is the first 5.5 version that we're going > to mark stable. Ok, reclassified to B3. Feel free to add arch teams and began stabilization when you will be ready. Reclassifying to ~ again as it was determined to keep stabilization separate from previous security issues. Closing noglsa. 5.5.39 in tree and older versions removed or p.masked for removal. |
From ${URL} : Description Multiple vulnerabilities have been reported in MariaDB, which can be exploited by malicious users to manipulate certain data and cause a DoS (Denial of Service) and by malicious people to cause a DoS and compromise a vulnerable system. For more information: SA52161 SA56491 1) An error when processing certain SELECT DISTINCT statements with JOINs can be exploited to trigger a memory leak. 2) An error when processing certain SELECT queries with a WHERE expression applied to a result field can be exploited to cause a crash. 3) Some errors can be exploited to cause crashes via specially crafted sequences of statements. 4) An error when handling certain EXPLAIN statements with TokuDB tables can be exploited to trigger an assertion failure. 5) An error when handling certain CACHE INDEX statements can be exploited to cause a crash. 6) An error related to handling indexing into an InnoDB table can be exploited to cause a crash. 7) An error when handling GROUP BY clauses with WITH ROLLUP modifier can be exploited to trigger an assertion failure. 8) An error when handling certain time zone conversions can be exploited to trigger an assertion failure. 9) An error within the "create_tmp_table()" function when handling the tmp table can be exploited to cause a crash. Successful exploitation of this vulnerability requires the server to be built with Aria temporary tables. 10) An error related to "MONTHNAME()" function handling can be exploited to cause a crash. The vulnerabilities are reported in versions prior to 5.5.35. Solution: Update to version 5.5.35. Provided and/or discovered by: 1) Daniel Black in a bug report. 2) Dmitry Bakshaev in a bug report. 3) The vendor credits naox. 4, 7, 9, 10) Elena Stepanova in a bug report. 5, 6, 8) Rich Prohaska in a bug report. Original Advisory: MariaDB: https://mariadb.com/kb/en/mariadb-5535-release-notes/ https://mariadb.com/kb/en/mariadb-5535-changelog/ https://mariadb.atlassian.net/browse/MDEV-4974 https://mariadb.atlassian.net/browse/MDEV-5353 https://mariadb.atlassian.net/browse/MDEV-5356 https://mariadb.atlassian.net/browse/MDEV-5396 https://mariadb.atlassian.net/browse/MDEV-5405 https://mariadb.atlassian.net/browse/MDEV-5406 https://mariadb.atlassian.net/browse/MDEV-5453 https://mariadb.atlassian.net/browse/MDEV-5458 https://mariadb.atlassian.net/browse/MDEV-5461 https://mariadb.atlassian.net/browse/MDEV-5504 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.