Release date:
Updated on:
Affected Systems:
MariaDB 6.x
MariaDB 5.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55498
Cve id: CVE-2012-4414
MariaDB is a transaction-based Maria storage engine that replaces MySQL's MyISAM storage engine. It uses the XtraDB and InnoDB variants of Percona, branch developers want to provide access to the upcoming MySQL 5.4 InnoDB performance.
MariaDB has the SQL injection vulnerability, which can control applications, access or modify data, and take advantage of other vulnerabilities in lower-level databases.
<* Source: Kristian Nielsen
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
MariaDB
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://mariadb.org/