From secunia advisory at $URL: Description Some vulnerabilities have been reported in MariaDB, which can be exploited by malicious users to cause a DoS (Denial of Service). 1) A NULL pointer dereference error within the "test_if_skip_sort_order()" function (sql_select.cc) when executing subqueries can be exploited to crash the service via a specially crafted query. 2) An error exists within the "select_describe()" function (sql/sql_select.cc) when handling certain subqueries, which frees certain currently used tables and can be exploited to cause a crash via a specially crafted query. 3) An error when handling the query cache when running parallel queries can be exploited to cause a crash via specially crafted queries run in parallel. The vulnerabilities are reported in version 5.5.25. Other versions may also be affected. Solution Fixed in development version 5.5.27.
From https://secunia.com/advisories/51443/ : Description A vulnerability have been reported in MariaDB, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code with privileges of the mysqld daemon. The vulnerability is reported in versions prior to 5.1.66, 5.2.13, 5.3.11, and 5.5.28a. Solution Update to version 5.1.66, 5.2.13, 5.3.11, or 5.5.28a. The status remanins in [ebuild]
InCVS. No GLSA needed due to no stable versions. security: you can close
(In reply to comment #2) > security: you can close Please cleanup vulnerable versions first.
I would prefer not to help users test older versions, but I have in this case.
