Launchpad.net

CVE 2018-2645

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Related bugs and status

CVE-2018-2645 (Candidate) is related to these bugs:

Bug #1592669: postinst fails when daemon is not running (or is disabled by policy-rc.d)

Summary				In	Importance	Status
	1592669	postinst fails when daemon is not running (or is disabled by policy-rc.d)		mysql-5.7 (Ubuntu)	High	Fix Released
	1592669	postinst fails when daemon is not running (or is disabled by policy-rc.d)		mysql-5.7 (Debian)	Unknown	Fix Released

Bug #1721546: max open files limit prevents max_connections over 214 on systemd

		In	Importance	Status
1721546	max open files limit prevents max_connections over 214 on systemd	mysql-5.7 (Ubuntu)	Undecided	Fix Released
1721546	max open files limit prevents max_connections over 214 on systemd	mysql-5.7 (Ubuntu Artful)	Undecided	Confirmed
1721546	max open files limit prevents max_connections over 214 on systemd	mysql-5.7 (Ubuntu Xenial)	Undecided	Confirmed
1721546	max open files limit prevents max_connections over 214 on systemd	mysql-5.7 (Ubuntu Zesty)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
CONFIRM: https://security.netap...
BID: 102698
SECTRACK: 1040216
UBUNTU: USN-3537-1
REDHAT: RHSA-2018:0586
REDHAT: RHSA-2018:0587