Launchpad.net

CVE 2017-3653

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

Related bugs and status

CVE-2017-3653 (Candidate) is related to these bugs:

Bug #1705944: USN-3357-1: partially applies to MariaDB too

Summary				In	Importance	Status
	1705944	USN-3357-1: partially applies to MariaDB too		mariadb-5.5 (Ubuntu)	Medium	Fix Released

Bug #1740608: USN-3459-1: partially applies to MariaDB too

Summary				In	Importance	Status
	1740608	USN-3459-1: partially applies to MariaDB too		mariadb-5.5 (Ubuntu)	Medium	Fix Released
	1740608	USN-3459-1: partially applies to MariaDB too		mariadb-10.0 (Ubuntu)	Undecided	Fix Released

Bug #1740768: CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks

Summary				In	Importance	Status
	1740768	CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks		mariadb-10.1 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
BID: 99810
SECTRACK: 1038928
DEBIAN: DSA-3922
DEBIAN: DSA-3944
DEBIAN: DSA-3955
REDHAT: RHSA-2017:2886
REDHAT: RHSA-2017:2787
REDHAT: RHSA-2018:0279
REDHAT: RHSA-2018:0574
REDHAT: RHSA-2018:2439
REDHAT: RHSA-2018:2729