Arch Linux Security Advisory ASA-202105-14 ========================================== Severity: Medium Date : 2021-05-19 CVE-ID : CVE-2021-2154 CVE-2021-2166 Package : mariadb Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1882 Summary ======= The package mariadb before version 10.5.10-1 is vulnerable to denial of service. Resolution ========== Upgrade to 10.5.10-1. # pacman -Syu "mariadb>=10.5.10-1" The problems have been fixed upstream in version 10.5.10. Workaround ========== None. Description =========== - CVE-2021-2154 (denial of service) A security issue has been found in MariaDB before version 10.5.10. An easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise the MariaDB server. Successful attacks of this vulnerability can cause a hang or a frequently repeatable crash (complete denial of service) of the server. - CVE-2021-2166 (denial of service) A security issue has been found in MariaDB before version 10.5.10. An easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise the MariaDB server. Successful attacks of this vulnerability can cause a hang or a frequently repeatable crash (complete denial of service) of the server. Impact ====== A privileged remote attacker could cause the MariaDB server to hang or crash. References ========== https://mariadb.com/kb/en/mariadb-10510-release-notes/ https://security.archlinux.org/CVE-2021-2154 https://security.archlinux.org/CVE-2021-2166