Launchpad.net

CVE 2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Related bugs and status

CVE-2017-10379 (Candidate) is related to these bugs:

Bug #1740608: USN-3459-1: partially applies to MariaDB too

Summary				In	Importance	Status
	1740608	USN-3459-1: partially applies to MariaDB too		mariadb-5.5 (Ubuntu)	Medium	Fix Released
	1740608	USN-3459-1: partially applies to MariaDB too		mariadb-10.0 (Ubuntu)	Undecided	Fix Released

Bug #1740768: CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks

Summary				In	Importance	Status
	1740768	CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks		mariadb-10.1 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
BID: 101415
SECTRACK: 1039597
DEBIAN: DSA-4002
CONFIRM: https://security.netap...
REDHAT: RHSA-2017:3265
REDHAT: RHSA-2017:3442
REDHAT: RHSA-2018:0279
REDHAT: RHSA-2018:0574
REDHAT: RHSA-2018:2439
REDHAT: RHSA-2018:2729