The Ultimate Guide to High Availability with MariaDB

Security Vulnerabilities Fixed in MariaDB

You are viewing an old version of this article. View the current version here.

This page is about security vulnerabilities fixed in MariaDB. If you are looking for information on securing your MariaDB installation, see Securing MariaDB.

Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.

About CVEs

Contents

  1. About CVEs
  2. Full List of CVEs fixed in MariaDB
    1. CVEs without specific version numbers:
    2. CVE's affecting Oracle MySQL

CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at https://cve.mitre.org/

On this page is the master list of CVEs fixed across all versions of MariaDB. Follow the links to more information on a particular CVE or specific version of MariaDB.

Separate lists of CVEs fixed in specific MariaDB series are maintained on their individual "What is MariaDB x.x?" pages:

Full List of CVEs fixed in MariaDB

Note about CVE-2016-6664: It is NOT exploitable by itself. Shell access must first be obtained through a vulnerability like CVE-2016-6663. Because CVE-2016-6663 has been fixed and is no longer exploitable, we’ve determined that CVE-2016-6664 is not critical on it’s own and doesn’t warrant an immediate fix to be released. A fix will be included in the next upcoming maintenance releases of MariaDB Server 5.5, 10.0 and 10.1.

CVEs without specific version numbers:

The following CVEs were fixed in MariaDB 5.1 and/or MariaDB 5.5 as indicated, but the fix is not tied to a specific MariaDB version.

CVE's affecting Oracle MySQL

Oracle do not disclose vulnerability details, so there's no meaningful assessment that MariaDB can do based on the information that Oracle disclose. MariaDB is however based on MySQL 5.5, and is not believed to be affected by the following CVE's, which affect MySQL 5.6 only:

Comments

 
No comments
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.
Back to Top