Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 822759

Summary: <dev-db/mariadb-{10.2.41,10.3.32,10.4.22,10.5.13}: server compromise
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hydrapolic, mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=838244
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 829392    
Bug Blocks: 822756    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-11-09 23:18:14 UTC
CVE-2021-35604:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). 

Fixed in MariaDB 10.2.41, 10.3.32, 10.4.22, 10.5.13. Please bump.
Comment 1 Tomáš Mózes 2021-12-10 10:15:04 UTC
In tree, we should stabilize.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-10 16:56:57 UTC
We should also tag security bugs when fixing them ;)

Maintainers: please stabilize.
Comment 3 Larry the Git Cow gentoo-dev 2024-05-08 08:40:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=b69f175bb86c550d8cad22e4c391edbf3ccd7c16

commit b69f175bb86c550d8cad22e4c391edbf3ccd7c16
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-08 08:40:00 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-08 08:40:18 +0000

    [ GLSA 202405-25 ] MariaDB: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/699874
    Bug: https://bugs.gentoo.org/822759
    Bug: https://bugs.gentoo.org/832490
    Bug: https://bugs.gentoo.org/838244
    Bug: https://bugs.gentoo.org/847526
    Bug: https://bugs.gentoo.org/856484
    Bug: https://bugs.gentoo.org/891781
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-25.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)