Bug 1112398 - (CVE-2018-3247) VUL-0: CVE-2018-3247: mysql: Server: Merge unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3247)
VUL-0: CVE-2018-3247: mysql: Server: Merge unspecified vulnerability (CPU Oct...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216830/
CVSSv2:NVD:CVE-2018-3247:5.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-18 13:40 UTC by Karol Babioch
Modified: 2019-05-29 09:25 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-18 13:40:08 UTC
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and  8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

External References:
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1640317
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3247
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#CVE-2018-3247
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3247.html
Comment 1 Karol Babioch 2018-10-18 13:40:14 UTC
5.6.x is affected, so openSUSE:Leap:42.3 and up are affected.
Comment 2 Kristyna Streitova 2018-10-23 11:33:55 UTC
Submitted for openSUSE:Leap:42.3 (mr#643927).

Done, I'm reassigning it back to the security team.
Comment 3 Swamp Workflow Management 2018-10-23 11:40:30 UTC
This is an autogenerated message for OBS integration:
This bug (1112398) was mentioned in
https://build.opensuse.org/request/show/643927 42.3 / mysql-community-server
Comment 4 Andreas Stieger 2018-10-25 17:35:43 UTC
done
Comment 5 Swamp Workflow Management 2018-10-25 22:19:10 UTC
openSUSE-SU-2018:3478-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1013882,1112368,1112369,1112390,1112393,1112397,1112398,1112417,1112421,1112432
CVE References: CVE-2016-9843,CVE-2018-3133,CVE-2018-3143,CVE-2018-3156,CVE-2018-3174,CVE-2018-3247,CVE-2018-3251,CVE-2018-3276,CVE-2018-3278,CVE-2018-3282
Sources used:
openSUSE Leap 42.3 (src):    mysql-community-server-5.6.42-42.1