Launchpad.net

CVE 2017-15365

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

Related bugs and status

CVE-2017-15365 (Candidate) is related to these bugs:

Bug #1735691: [SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21

		In	Importance	Status
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-galera-3 (Ubuntu)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-xtradb-cluster-5.6 (Ubuntu)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-galera-3 (Ubuntu Xenial)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-xtradb-cluster-5.6 (Ubuntu Xenial)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-galera-3 (Ubuntu Bionic)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-xtradb-cluster-5.6 (Ubuntu Bionic)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-galera-3 (Ubuntu Artful)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-xtradb-cluster-5.6 (Ubuntu Artful)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-galera-3 (Ubuntu Zesty)	High	Fix Released
1735691	[SRU] percona-xtradb-cluster 5.6.37, percona-galera 3.21	percona-xtradb-cluster-5.6 (Ubuntu Zesty)	High	Fix Released

Bug #1740768: CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks

Summary				In	Importance	Status
	1740768	CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks		mariadb-10.1 (Ubuntu)	Undecided	Fix Released

Bug #1779715: USN-3629-3: partially applies to MariaDB too

		In	Importance	Status
1779715	USN-3629-3: partially applies to MariaDB too	mariadb-5.5 (Ubuntu)	Undecided	Fix Released
1779715	USN-3629-3: partially applies to MariaDB too	mariadb-10.0 (Ubuntu)	Undecided	Fix Released
1779715	USN-3629-3: partially applies to MariaDB too	mariadb-10.1 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-15365

Related bugs and status

Related bugs

References