Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 661486 (CVE-2018-3054, CVE-2018-3056, CVE-2018-3058, CVE-2018-3060, CVE-2018-3061, CVE-2018-3062, CVE-2018-3063, CVE-2018-3064, CVE-2018-3065, CVE-2018-3066, CVE-2018-3067, CVE-2018-3070, CVE-2018-3071, CVE-2018-3072, CVE-2018-3073, CVE-2018-3074, CVE-2018-3075, CVE-2018-3077, CVE-2018-3078, CVE-2018-3079, CVE-2018-3080, CVE-2018-3082, CVE-2018-3084) - <dev-db/mysql-5.6.40: multiple vulnerabilities
Summary: <dev-db/mysql-5.6.40: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-3054, CVE-2018-3056, CVE-2018-3058, CVE-2018-3060, CVE-2018-3061, CVE-2018-3062, CVE-2018-3063, CVE-2018-3064, CVE-2018-3065, CVE-2018-3066, CVE-2018-3067, CVE-2018-3070, CVE-2018-3071, CVE-2018-3072, CVE-2018-3073, CVE-2018-3074, CVE-2018-3075, CVE-2018-3077, CVE-2018-3078, CVE-2018-3079, CVE-2018-3080, CVE-2018-3082, CVE-2018-3084
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/sec...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-18 10:05 UTC by Florian Schuhmacher
Modified: 2018-11-25 04:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-07-18 10:05:21 UTC 
CVE-2018-3054:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and  8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3056:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Security: Privileges). Supported versions that are affected are 5.7.22
and prior and  8.0.11 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of MySQL Server accessible data.

CVE-2018-3058:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and
prior and  5.7.22 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of MySQL Server accessible
data.

CVE-2018-3060:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
InnoDB). Supported versions that are affected are 5.7.22 and prior and  8.0.11
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized creation,
deletion or modification access to critical data or all MySQL Server accessible
data and unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-3061:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3062:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Memcached). Supported versions that are affected are 5.6.40 and prior,
5.7.22 and prior and  8.0.11 and prior. Difficult to exploit vulnerability
allows low privileged attacker with network access via memcached to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.

CVE-2018-3063:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Security: Privileges). Supported versions that are affected are 5.5.60
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3064:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and
prior and  8.0.11 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to
some of MySQL Server accessible data.

CVE-2018-3065:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DML). Supported versions that are affected are 5.7.22 and prior and 
8.0.11 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3066:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Options). Supported versions that are affected are 5.5.60 and prior,
5.6.40 and prior and  5.7.22 and prior. Difficult to exploit vulnerability
allows high privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of MySQL Server accessible
data as well as unauthorized read access to a subset of MySQL Server accessible
data.

CVE-2018-3067:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Replication). Supported versions that are affected are 8.0.11 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3070:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Client mysqldump). Supported versions that are affected are 5.5.60 and prior,
5.6.40 and prior and  5.7.22 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.

CVE-2018-3071:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3073:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Optimizer). Supported versions that are affected are 8.0.11 and prior.
Easily exploitable vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3074:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Security: Roles). Supported versions that are affected are 8.0.11 and
prior. Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL Server.


CVE-2018-3075:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Security: Privileges). Supported versions that are affected are 8.0.11
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3077:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DDL). Supported versions that are affected are 5.7.22 and prior and 
8.0.11 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3078:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3079:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.

 CVE-2018-3080:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3082:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized read access to a subset of MySQL
Server accessible data.

CVE-2018-3084:
Vulnerability in the MySQL Server component of Oracle MySQL(subcomponent:
Shell: Core / Client). Supported versions that are affected are 8.0.11 and
prior. Easily exploitable vulnerability allows low privileged attacker with
logon to the infrastructure where MySQL Server executes to compromise MySQL
Server. Successful attacks require human interaction from a person other than
the attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS) of
MySQL Server.

Gentoo Security Scout
Florian Schuhmacher
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-11-25 04:01:29 UTC 
tree is clean