[FREEBSD:E3445736-FD01-11E7-AC58-B499BAEBFEAF] MySQL -- multiple vulnerabilities

Severity High

Affected Packages 10

CVEs 20

Oracle reports:

  Not all vulnerabilities are relevant for all flavors/versions of the
     servers and clients

    Vulnerability allows low privileged attacker with network access
      via multiple protocols to compromise MySQL Server. Successful attacks
      of this vulnerability can result in unauthorized ability to cause a
      hang or frequently repeatable crash (complete DOS) of MySQL Server.
      GIS: CVE-2018-2573, DDL CVE-2018-2622, Optimizer: CVE-2018-2640,
      CVE-2018-2665, CVE-2018-2668, Security:Privileges: CVE-2018-2703,
      Partition: CVE-2018-2562.
    Vulnerability allows high privileged attacker with network access
      via multiple protocols to compromise MySQL Server. Successful attacks
      of this vulnerability can result in unauthorized ability to cause a
      hang or frequently repeatable crash (complete DOS) of MySQL Server.
      InnoDB: CVE-2018-2565, CVE-2018-2612 DML: CVE-2018-2576,
      CVE-2018-2646, Stored Procedure: CVE-2018-2583, Performance Schema:
      CVE-2018-2590, Partition: CVE-2018-2591, Optimizer: CVE-2018-2600,
      CVE-2018-2667, Security:Privileges: CVE-2018-2696, Replication:
      CVE-2018-2647.
    Vulnerability allows a low or high privileged attacker with network
      access via multiple protocols to compromise MySQL Server with
      unauthorized creation, deletion, modification or access to data/
      critical data. InnoDB: CVE-2018-2612, Performance Schema:
      CVE-2018-2645, Replication: CVE-2018-2647, Partition: CVE-2018-2562.

Package	Affected Version
pkg:freebsd/percona57-server	< 5.7.21
pkg:freebsd/percona56-server	< 5.6.39
pkg:freebsd/percona55-server	< 5.5.59
pkg:freebsd/mysql57-server	< 5.7.21
pkg:freebsd/mysql56-server	< 5.6.39
pkg:freebsd/mysql55-server	< 5.5.59
pkg:freebsd/mariadb55-server	< 5.5.59
pkg:freebsd/mariadb102-server	< 10.2.13
pkg:freebsd/mariadb101-server	< 10.1.31
pkg:freebsd/mariadb100-server	< 10.0.34

ID

FREEBSD:E3445736-FD01-11E7-AC58-B499BAEBFEAF

Severity

high

Severity from

CVE-2018-2696

URL

http://vuxml.freebsd.org/freebsd/e3445736-fd01-11e7-ac58-b499baebfeaf.html

Published

2017-01-18T00:00:00
(7 years ago)

Modified

2018-01-19T00:00:00
(6 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
FreeBSD VuXML			https://mariadb.com/kb/en/library/mariadb-5559-release-notes/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/percona57-server	percona57-server	< 5.7.21
Affected	pkg:freebsd/percona56-server	percona56-server	< 5.6.39
Affected	pkg:freebsd/percona55-server	percona55-server	< 5.5.59
Affected	pkg:freebsd/mysql57-server	mysql57-server	< 5.7.21
Affected	pkg:freebsd/mysql56-server	mysql56-server	< 5.6.39
Affected	pkg:freebsd/mysql55-server	mysql55-server	< 5.5.59
Affected	pkg:freebsd/mariadb55-server	mariadb55-server	< 5.5.59
Affected	pkg:freebsd/mariadb102-server	mariadb102-server	< 10.2.13
Affected	pkg:freebsd/mariadb101-server	mariadb101-server	< 10.1.31
Affected	pkg:freebsd/mariadb100-server	mariadb100-server	< 10.0.34

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date