Summary: | <dev-db/mariadb-{10.6.16,10.11.6}: denial of service | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | arkamar, mysql-bugs |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/33876 | ||
Whiteboard: | B3 [stable?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 919865, 927278 | ||
Bug Blocks: | 918697 |
Description
Tomáš Mózes
2023-11-17 17:12:46 UTC
10.6 / 10.11 vulnerable https://mariadb.com/kb/en/mariadb-10-6-16-release-notes/ https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/ "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. " Apparently affects mysql too, moving CVE to a tracker. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=928db5c7c38aeffca38c5105864e2fcb67cda315 commit 928db5c7c38aeffca38c5105864e2fcb67cda315 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-01-11 15:03:33 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-30 18:45:57 +0000 dev-db/mariadb: add 10.6.16, 10.11.6 Bug: https://bugs.gentoo.org/917515 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/33876 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/mariadb/Manifest | 4 + dev-db/mariadb/mariadb-10.11.6.ebuild | 1318 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.6.16.ebuild | 1329 +++++++++++++++++++++++++++++++++ 3 files changed, 2651 insertions(+) I've moved this bug back to "stable?" since only amd64 and x86 were dealt with in the stable bug and arm, arm64, ppc, ppc64 still remain to be done. |