First Last Prev Next    This bug is not in your last search results.
Bug 1101679 - (CVE-2018-3070) VUL-0: CVE-2018-3070: mysql: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Client mysqldump).
(CVE-2018-3070)
VUL-0: CVE-2018-3070: mysql: Unspecified vulnerability in the MySQL Server co...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2018-3070:6.5:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-18 14:44 UTC by Johannes Segitz
Modified: 2019-05-29 09:04 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-18 14:44:53 UTC 
Oracle July 2018 Patch Day.
   
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html#MSQL

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Comment 2 Kristyna Streitova 2018-07-31 20:23:45 UTC 
|     Codestream     | Request        |
|--------------------|----------------|
| SUSE:SLE-11-SP3    | #169221        |
| openSUSE:Leap:42.3 | #626778        |
| openSUSE:Factory   | not in Factory |


I'm reassigning this bug back to the security-team.
Comment 3 Swamp Workflow Management 2018-07-31 20:40:24 UTC 
This is an autogenerated message for OBS integration:
This bug (1101679) was mentioned in
https://build.opensuse.org/request/show/626778 42.3 / mysql-community-server
Comment 4 Swamp Workflow Management 2018-08-10 01:14:39 UTC 
openSUSE-SU-2018:2293-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1087102,1088681,1101676,1101678,1101679,1101680,1103342,1103344
CVE References: CVE-2018-0739,CVE-2018-2767,CVE-2018-3058,CVE-2018-3062,CVE-2018-3064,CVE-2018-3066,CVE-2018-3070,CVE-2018-3081
Sources used:
openSUSE Leap 42.3 (src):    mysql-community-server-5.6.41-39.1
Comment 5 Swamp Workflow Management 2018-08-17 16:10:01 UTC 
SUSE-SU-2018:2411-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1101676,1101677,1101678,1101679,1101680
CVE References: CVE-2018-3058,CVE-2018-3063,CVE-2018-3066,CVE-2018-3070,CVE-2018-3081
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mysql-5.5.61-0.39.15.1
SUSE Linux Enterprise Server 11-SP4 (src):    mysql-5.5.61-0.39.15.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mysql-5.5.61-0.39.15.1
Comment 6 Marcus Meissner 2018-09-10 15:10:20 UTC 
released
First Last Prev Next    This bug is not in your last search results.