Bug 1101677 – VUL-0: CVE-2018-3063: mysql: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges).

Bug 1101677 - (CVE-2018-3063) VUL-0: CVE-2018-3063: mysql: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges).

(CVE-2018-3063)
Summary:	VUL-0: CVE-2018-3063: mysql: Unspecified vulnerability in the MySQL Server co...

Status:	VERIFIED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv3:RedHat:CVE-2018-3063:4.9:(AV:N...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-07-18 14:43 UTC by Johannes Segitz
Modified:	2019-08-05 19:16 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2018-07-18 14:43:45 UTC

Oracle July 2018 Patch Day.
   
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html#MSQL

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Comment 2 Kristyna Streitova 2018-07-31 20:22:32 UTC

|     Codestream     | Request        |
|--------------------|----------------|
| SUSE:SLE-11-SP3    | #169221        |
| openSUSE:Leap:42.3 | not affected   |
| openSUSE:Factory   | not in Factory |


I'm reassigning this bug back to the security-team.

Comment 3 Swamp Workflow Management 2018-08-17 16:09:48 UTC

SUSE-SU-2018:2411-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1101676,1101677,1101678,1101679,1101680
CVE References: CVE-2018-3058,CVE-2018-3063,CVE-2018-3066,CVE-2018-3070,CVE-2018-3081
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mysql-5.5.61-0.39.15.1
SUSE Linux Enterprise Server 11-SP4 (src):    mysql-5.5.61-0.39.15.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mysql-5.5.61-0.39.15.1

Comment 4 Marcus Meissner 2018-09-10 15:09:10 UTC

released

Comment 8 Swamp Workflow Management 2018-12-04 20:09:15 UTC

SUSE-SU-2018:3972-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1013882,1101676,1101677,1101678,1103342,1112368,1112397,1112417,1112421,1112432,1116686
CVE References: CVE-2016-9843,CVE-2018-3058,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3174,CVE-2018-3251,CVE-2018-3282
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    mariadb-10.0.37-20.49.2

Comment 10 Swamp Workflow Management 2018-12-21 02:11:02 UTC

SUSE-SU-2018:4211-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013882,1101676,1101677,1101678,1103342,1112368,1112397,1112417,1112421,1112432,1116686,1118754
CVE References: CVE-2016-9843,CVE-2018-3058,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3174,CVE-2018-3251,CVE-2018-3282
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    mariadb-100-10.0.37-2.3.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    mariadb-100-10.0.37-2.3.1
SUSE Linux Enterprise Server 12-SP4 (src):    mariadb-100-10.0.37-2.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    mariadb-100-10.0.37-2.3.1

Comment 17 Swamp Workflow Management 2019-03-06 14:12:12 UTC

SUSE-SU-2019:0555-1: An update that solves 19 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1013882,1101676,1101677,1101678,1103342,1111858,1111859,1112368,1112377,1112384,1112386,1112391,1112397,1112404,1112415,1112417,1112421,1112432,1112767,1116686,1118754,1120041,1122198,1122475,1127027
CVE References: CVE-2016-9843,CVE-2018-3058,CVE-2018-3060,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3162,CVE-2018-3173,CVE-2018-3174,CVE-2018-3185,CVE-2018-3200,CVE-2018-3251,CVE-2018-3277,CVE-2018-3282,CVE-2018-3284,CVE-2019-2510,CVE-2019-2537
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    mariadb-10.2.22-3.14.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    mariadb-10.2.22-3.14.1

Comment 18 Jenny Wei 2019-03-08 18:52:25 UTC

Verified in hlm202, MU 10364

Comment 19 Swamp Workflow Management 2019-03-13 23:10:41 UTC

openSUSE-SU-2019:0327-1: An update that solves 19 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1013882,1101676,1101677,1101678,1103342,1111858,1111859,1112368,1112377,1112384,1112386,1112391,1112397,1112404,1112415,1112417,1112421,1112432,1112767,1116686,1118754,1120041,1122198,1122475,1127027
CVE References: CVE-2016-9843,CVE-2018-3058,CVE-2018-3060,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3162,CVE-2018-3173,CVE-2018-3174,CVE-2018-3185,CVE-2018-3200,CVE-2018-3251,CVE-2018-3277,CVE-2018-3282,CVE-2018-3284,CVE-2019-2510,CVE-2019-2537
Sources used:
openSUSE Leap 15.0 (src):    mariadb-10.2.22-lp150.2.9.1

Comment 21 Swamp Workflow Management 2019-06-06 22:11:31 UTC

SUSE-SU-2019:1441-1: An update that solves 24 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013882,1064113,1064114,1072167,1101676,1101677,1101678,1103342,1112368,1112377,1112384,1112386,1112391,1112397,1112404,1112415,1112417,1112421,1112432,1112767,1116686,1118754,1120041,1122198,1122475,1127027
CVE References: CVE-2016-9843,CVE-2017-10320,CVE-2017-10365,CVE-2017-15365,CVE-2018-2759,CVE-2018-2777,CVE-2018-2786,CVE-2018-2810,CVE-2018-3058,CVE-2018-3060,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3162,CVE-2018-3173,CVE-2018-3174,CVE-2018-3185,CVE-2018-3200,CVE-2018-3251,CVE-2018-3277,CVE-2018-3282,CVE-2018-3284
Sources used:
SUSE OpenStack Cloud 7 (src):    mariadb-10.2.22-10.1, mariadb-connector-c-3.0.7-1.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2019-08-05 19:16:42 UTC

SUSE-SU-2019:2048-1: An update that solves 12 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013882,1101676,1101677,1101678,1103342,1112368,1112397,1112417,1112421,1112432,1116686,1118754,1132666,1136037
CVE References: CVE-2016-9843,CVE-2018-3058,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3174,CVE-2018-3251,CVE-2018-3282,CVE-2019-2529,CVE-2019-2537
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    mariadb-10.0.38-29.27.3
SUSE OpenStack Cloud 8 (src):    mariadb-10.0.38-29.27.3
SUSE OpenStack Cloud 7 (src):    mariadb-10.0.38-29.27.3
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    mariadb-10.0.38-29.27.3
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    mariadb-10.0.38-29.27.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    mariadb-10.0.38-29.27.3
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    mariadb-10.0.38-29.27.3
SUSE Enterprise Storage 4 (src):    mariadb-10.0.38-29.27.3
HPE Helion Openstack 8 (src):    mariadb-10.0.38-29.27.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.