Bug 1161085 - VUL-0: mysql: Oracle CPU January 2020
VUL-0: mysql: Oracle CPU January 2020
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Kristyna Streitova
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-16 12:31 UTC by Wolfgang Frisch
Modified: 2020-02-20 14:38 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-01-16 12:31:39 UTC
Oracle Critical Patch Update Advisory - January 2020
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
This advisory refers to several MySQL vulnerabilities:

CVE#            Component           CVSS 3.0    Affected versions
CVE-2019-1547   Connector/ODBC      7.4         <= 5.3.13, <= 8.0.18
CVE-2020-2579   Server: Optimizer   6.5         <= 5.6.46, <= 5.7.28, <= 8.0.18
CVE-2020-2686   Server: Optimizer   6.5         <= 8.0.18
CVE-2020-2627   Server: Parser      6.5         <= 8.0.18
CVE-2020-2570   C API               5.9         <= 5.7.28, <= 8.0.18
CVE-2020-2573   C API               5.9         <= 5.7.28, <= 8.0.18
CVE-2020-2574   C API               5.9         <= 5.6.46, <= 5.7.28, <= 8.0.18
CVE-2020-2577   InnoDB              4.9         <= 5.7.28, <= 8.0.18
CVE-2020-2589   InnoDB              4.9         <= 5.7.28, <= 8.0.17
CVE-2020-2580   Server: DDL         4.9         <= 8.0.17
CVE-2020-2588   Server: DML         4.9         <= 8.0.18
CVE-2020-2660   Server: Optimizer   4.9         <= 5.7.28, <= 8.0.18
CVE-2020-2679   Server: Optimizer   4.9         <= 8.0.18
CVE-2019-1547   Security (OpenSSL)  4.7         <= 3.12.4, <= 4.1.3 
CVE-2020-2584   Server: Options     4.4         <= 5.7.28, <= 8.0.18
CVE-2020-2694   Server: Inf. Schema 3.1         <= 8.0.18
CVE-2020-2572   Server: Audit       2.7         <= 5.7.28, <= 8.0.18