Summary: | <dev-db/mysql-5.6.40: Multiple vulnerabilities (CVE-2018-2766) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mysql-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-db/mysql-5.6.40-r2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-05-07 16:24:49 UTC
CVE-2018-2766 (https://nvd.nist.gov/vuln/detail/CVE-2018-2766): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). @ Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mysql-5.6.40 alpha amd64 arm ia64 ppc ppc64 x86 # Official test instructions: # USE='embedded extraengine perl server openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-5.6.40.ebuild \ # clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" amd64 stable x86 stable Stable on alpha. arm stable ia64 stable ppc ppc64.. ping?? some tests fail, but what are you gonna do. ppc/ppc64 stable. all arches stable. I see DoS' and data loss... downgraded. tree is clean. |