Multiple vulnerabilities has been discovered and corrected in mariadb:

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:INNODB DML FOREIGN KEYS
(CVE-2014-6464).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,
and 5.6.20 and earlier, allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6507).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6555).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier, and 5.6.20 and earlier, allows remote attackers to affect
confidentiality via vectors related to C API SSL CERTIFICATE HANDLING
(CVE-2014-6559).

The updated packages have been upgraded to the 5.5.40 version which
is not vulnerable to these issues.

Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from
the source tarball and only builds with jemalloc if a system copy
of the jemalloc library is detecting during the build. This update
provides the jemalloc library packages to resolve this issue.