Launchpad.net

CVE 2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

Related bugs and status

CVE-2017-10268 (Candidate) is related to these bugs:

Bug #1735876: Server crashes in Item_func_in::val_int or Assertion `in_item' failed in virtual longlong Item_func_in::val_int

Summary				In	Importance	Status
	1735876	Server crashes in Item_func_in::val_int or Assertion `in_item' failed in virtual longlong Item_func_in::val_int		mariadb-5.5 (Ubuntu)	Undecided	Fix Released

Bug #1740608: USN-3459-1: partially applies to MariaDB too

Summary				In	Importance	Status
	1740608	USN-3459-1: partially applies to MariaDB too		mariadb-5.5 (Ubuntu)	Medium	Fix Released
	1740608	USN-3459-1: partially applies to MariaDB too		mariadb-10.0 (Ubuntu)	Undecided	Fix Released

Bug #1740768: CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks

Summary				In	Importance	Status
	1740768	CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks		mariadb-10.1 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
BID: 101390
SECTRACK: 1039597
DEBIAN: DSA-4002
CONFIRM: https://security.netap...
REDHAT: RHSA-2017:3265
REDHAT: RHSA-2017:3442
REDHAT: RHSA-2018:0279
REDHAT: RHSA-2018:0574
MLIST: [debian-lts-announce] ...
REDHAT: RHSA-2018:2439
REDHAT: RHSA-2018:2729
DEBIAN: DSA-4341
REDHAT: RHSA-2019:1258