Source: mariadb-10.5 Version: 1:10.5.9-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for mariadb-10.5. CVE-2021-2154[0]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DML). Supported versions that are affected are 5.7.33 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2166[1]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DML). Supported versions that are affected are 5.7.33 and | prior and 8.0.23 and prior. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). They are fixed in 10.5.10. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-2154 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2154 [1] https://security-tracker.debian.org/tracker/CVE-2021-2166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166 Regards, Salvatore