Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 917515 - <dev-db/mariadb-{10.6.16,10.11.6}: denial of service
Summary: <dev-db/mariadb-{10.6.16,10.11.6}: denial of service
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable]
Keywords: PullRequest
Depends on: 919865 927278 935048 947750
Blocks: CVE-2023-22084
  Show dependency tree
 
Reported: 2023-11-17 17:12 UTC by Tomáš Mózes
Modified: 2025-01-09 03:02 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Tomáš Mózes 2023-11-17 17:13:12 UTC 
10.6 / 10.11 vulnerable
Comment 3 Hans de Graaff gentoo-dev Security 2023-11-18 08:17:55 UTC 
"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. "
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-28 16:16:18 UTC 
Apparently affects mysql too, moving CVE to a tracker.
Comment 5 Larry the Git Cow gentoo-dev 2024-01-30 18:47:03 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=928db5c7c38aeffca38c5105864e2fcb67cda315

commit 928db5c7c38aeffca38c5105864e2fcb67cda315
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2024-01-11 15:03:33 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-30 18:45:57 +0000

    dev-db/mariadb: add 10.6.16, 10.11.6
    
    Bug: https://bugs.gentoo.org/917515
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/33876
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/mariadb/Manifest               |    4 +
 dev-db/mariadb/mariadb-10.11.6.ebuild | 1318 ++++++++++++++++++++++++++++++++
 dev-db/mariadb/mariadb-10.6.16.ebuild | 1329 +++++++++++++++++++++++++++++++++
 3 files changed, 2651 insertions(+)
Comment 6 Hans de Graaff gentoo-dev Security 2024-04-06 07:25:54 UTC 
I've moved this bug back to "stable?" since only amd64 and x86 were dealt with in the stable bug and arm, arm64, ppc, ppc64 still remain to be done.