MariaDB 5.5.29, 5.3.12, 5.2.14 and 5.1.67 have been released. The latest versions bring not only some new packages and a number of bug fixes, but they also address 5 security vulnerabilities.
The addressed vulnerabilities include a buffer overflow that could cause a server to crash and even allow an attacker to execute arbitrary code, and an issue which permits cybercriminals to break passwords with brute force attacks by relying on the “change user” command.
A couple of denial-of-service flaws have also been addressed. In addition, upstream security fixes from MySQL for CVE-2012-5612 and other crashes are included.
CVE-2012-5612 refers to a buffer overflow issue in MySQL 5.5.19 and MariaDB 5.5.28 (and older versions), which could have been exploited to cause a denial of service state and possibly even to execute arbitrary commands.
MariaDB is available for download here