Bug 1112409 - (CVE-2018-3171) VUL-0: CVE-2018-3171: mysql: Server: Partition unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3171)
VUL-0: CVE-2018-3171: mysql: Server: Partition unspecified vulnerability (CPU...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Kristyna Streitova
Security Team bot
https://smash.suse.de/issue/216760/
CVSSv2:NVD:CVE-2018-3171:4.9:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-18 13:50 UTC by Karol Babioch
Modified: 2019-05-29 09:25 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-18 13:50:51 UTC
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

External References:
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1640334
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3171
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#CVE-2018-3171
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3171.html
Comment 1 Karol Babioch 2018-10-18 13:54:25 UTC
We only ship 5.5.x, so this does not affect us.