MySQL and MariaDB: Multiple vulnerabilities — GLSA 201504-05

Multiple vulnerabilities have been found in MySQL and MariaDB, the worst of which can allow remote attackers to cause a Denial of Service condition.

Affected packages

dev-db/mysql on all architectures
Affected versions < 5.6.22
Unaffected versions >= 5.6.22
dev-db/mariadb on all architectures
Affected versions < 10.0.16
Unaffected versions >= 10.0.16
revision >= 5.5.49

Background

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL.

Description

Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could exploit vulnerabilities to possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All MySQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.22"
 

All MariaDB users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.16"
 

References

Release date
April 11, 2015

Latest revision
April 11, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries