kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

security/vuxml: Document MySQL vulns from quarterly Oracle CPU

Browse source
This commit is contained in:
Bernard Spil 2018-04-21 09:07:08 +00:00
parent 76dce7de3f
commit 74dda441c9
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=467864
1 changed files with 148 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

148
security/vuxml/vuln.xml
View file

@ -58,6 +58,154 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="57aec168-453e-11e8-8777-b499baebfeaf">
<topic>MySQL -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mariadb55-server</name>
<range><lt>5.5.60</lt></range>
</package>
<package>
<name>mariadb100-server</name>
<range><lt>10.0.35</lt></range>
</package>
<package>
<name>mariadb101-server</name>
<range><lt>10.1.33</lt></range>
</package>
<package>
<name>mariadb102-server</name>
<range><lt>10.2.15</lt></range>
</package>
<package>
<name>mysql55-server</name>
<range><lt>5.5.60</lt></range>
</package>
<package>
<name>mysql56-server</name>
<range><lt>5.6.40</lt></range>
</package>
<package>
<name>mysql57-server</name>
<range><lt>5.7.22</lt></range>
</package>
<package>
<name>percona55-server</name>
<range><lt>5.5.60</lt></range>
</package>
<package>
<name>percona56-server</name>
<range><lt>5.6.40</lt></range>
</package>
<package>
<name>percona57-server</name>
<range><lt>5.7.22</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html">
<p>MySQL Multiple Flaws Let Remote Authenticated Users Access and
Modify Data, Remote and Local Users Deny Service, and Local Users
Access Data and Gain Elevated Privileges</p>
<ul>
<li>A local user can exploit a flaw in the Replication component
to gain elevated privileges [CVE-2018-2755].</li>
<li>A remote authenticated user can exploit a flaw in the GIS
Extension component to cause denial of service conditions
[CVE-2018-2805].</li>
<li>A remote authenticated user can exploit a flaw in the InnoDB
component to cause denial of service conditions [CVE-2018-2782,
CVE-2018-2784, CVE-2018-2819].</li>
<li>A remote authenticated user can exploit a flaw in the Security
Privileges component to cause denial of service conditions
[CVE-2018-2758, CVE-2018-2818].</li>
<li>A remote authenticated user can exploit a flaw in the DDL
component to cause denial of service conditions
[CVE-2018-2817].</li>
<li>A remote authenticated user can exploit a flaw in the Optimizer
component to cause denial of service conditions [CVE-2018-2775,
CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,
CVE-2018-2816].</li>
<li>A remote user can exploit a flaw in the Client programs
component to cause denial of service conditions [CVE-2018-2761,
CVE-2018-2773].</li>
<li>A remote authenticated user can exploit a flaw in the InnoDB
component to partially modify data and cause denial of service
conditions [CVE-2018-2786, CVE-2018-2787].</li>
<li>A remote authenticated user can exploit a flaw in the Optimizer
component to partially modify data and cause denial of service
conditions [CVE-2018-2812].</li>
<li>A local user can exploit a flaw in the Cluster ndbcluster/plugin
component to cause denial of service conditions [CVE-2018-2877].
</li>
<li>A remote authenticated user can exploit a flaw in the InnoDB
component to cause denial of service conditions [CVE-2018-2759,
CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].</li>
<li>A remote authenticated user can exploit a flaw in the DML
component to cause denial of service conditions [CVE-2018-2839].
</li>
<li>A remote authenticated user can exploit a flaw in the
Performance Schema component to cause denial of service conditions
[CVE-2018-2846].</li>
<li>A remote authenticated user can exploit a flaw in the Pluggable
Auth component to cause denial of service conditions
[CVE-2018-2769].</li>
<li>A remote authenticated user can exploit a flaw in the Group
Replication GCS component to cause denial of service conditions
[CVE-2018-2776].</li>
<li>A local user can exploit a flaw in the Connection component to
cause denial of service conditions [CVE-2018-2762].</li>
<li>A remote authenticated user can exploit a flaw in the Locking
component to cause denial of service conditions [CVE-2018-2771].
</li>
<li>A remote authenticated user can exploit a flaw in the DDL
component to partially access data [CVE-2018-2813].</li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html</url>
<cvename>CVE-2018-2755</cvename>
<cvename>CVE-2018-2805</cvename>
<cvename>CVE-2018-2782</cvename>
<cvename>CVE-2018-2784</cvename>
<cvename>CVE-2018-2819</cvename>
<cvename>CVE-2018-2758</cvename>
<cvename>CVE-2018-2817</cvename>
<cvename>CVE-2018-2775</cvename>
<cvename>CVE-2018-2780</cvename>
<cvename>CVE-2018-2761</cvename>
<cvename>CVE-2018-2786</cvename>
<cvename>CVE-2018-2787</cvename>
<cvename>CVE-2018-2812</cvename>
<cvename>CVE-2018-2877</cvename>
<cvename>CVE-2018-2759</cvename>
<cvename>CVE-2018-2766</cvename>
<cvename>CVE-2018-2777</cvename>
<cvename>CVE-2018-2810</cvename>
<cvename>CVE-2018-2818</cvename>
<cvename>CVE-2018-2839</cvename>
<cvename>CVE-2018-2778</cvename>
<cvename>CVE-2018-2779</cvename>
<cvename>CVE-2018-2781</cvename>
<cvename>CVE-2018-2816</cvename>
<cvename>CVE-2018-2846</cvename>
<cvename>CVE-2018-2769</cvename>
<cvename>CVE-2018-2776</cvename>
<cvename>CVE-2018-2762</cvename>
<cvename>CVE-2018-2771</cvename>
<cvename>CVE-2018-2813</cvename>
<cvename>CVE-2018-2773</cvename>
</references>
<dates>
<discovery>2018-04-17</discovery>
<entry>2018-04-21</entry>
</dates>
</vuln>
<vuln vid="be38245e-44d9-11e8-a292-00e04c1ea73d">
<topic>wordpress -- multiple issues</topic>
<affects>