MariaDB Server 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM)

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB running on the remote host is 10.0.x prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities :

• An unspecified flaw exists in the GIS component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2582)
• An unspecified flaw exists in the Security: Privileges component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2015-2620)
• An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2643)
• An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2648)
• A security feature bypass vulnerability, known as ‘BACKRONYM’, exists due to a failure to properly enforce the requirement of an SSL/TLS connection when the --ssl client option is used. A man-in-the-middle attacker can exploit this flaw to coerce the client to downgrade to an unencrypted connection, allowing the attacker to disclose data from the database or manipulate database queries. (CVE-2015-3152)
• An unspecified flaw exists in the I_S component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-4752)
• An unspecified flaw exists in the Security: Privileges component that allows an authenticated, remote attacker to impact integrity. (CVE-2015-4864)
• A denial of service vulnerability exists in the get_server_from_table_to_cache() function within file sql/sql_servers.cc when handling empty names. An authenticated attacker, remote attacker can exploit this to crash the server.
• A denial of service vulnerability exists when updating leaf tables with JOIN during list storing. An authenticated, remote attacker can exploit this to crash the server.
• A denial of service vulnerability exists within file ha_innodb.cc when handling concurrent multi-table updates. An authenticated, remote attacker can exploit this to crash the server.
• An out-of-bounds read error exists in the escape_string_hide_passwords() function within file plugin/server_audit/server_audit.c when handling specially crafted SET PASSWORD queries. An authenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.
• A denial of service vulnerability exists in the wait_for_workers_idle() function within file rpl_parallel.cc when handling worker threads. An authenticated attacker, remote attacker can exploit this to crash the database.
• A denial of service vulnerability exists in sys_var_pluginvar::plugin due to improper initialization, leading to a race condition between INSTALL PLUGIN and SET that results in an uninitialized memory reference. An authenticated attacker, remote attacker can exploit this to crash the database.