SB2017102304 - Ubuntu update for MySQL

Security Bulletin ID SB2017102304

Severity

Low

Patch available

YES

Number of vulnerabilities 16

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 16 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2017-10155)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

2) Denial of service (CVE-ID: CVE-2017-10165)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

3) Denial of service (CVE-ID: CVE-2017-10167)

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

4) Denial of service (CVE-ID: CVE-2017-10227)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

5) Information disclosure (CVE-ID: CVE-2017-10268)

The vulnerability allows a local high-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). A local attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

6) Denial of service (CVE-ID: CVE-2017-10276)

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

7) Denial of service (CVE-ID: CVE-2017-10283)

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

8) Denial of service (CVE-ID: CVE-2017-10286)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

9) Denial of service (CVE-ID: CVE-2017-10294)

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

10) Denial of service (CVE-ID: CVE-2017-10311)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

11) Denial of service (CVE-ID: CVE-2017-10313)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

12) Denial of service (CVE-ID: CVE-2017-10314)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

13) Denial of service (CVE-ID: CVE-2017-10320)

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

14) Denial of service (CVE-ID: CVE-2017-10378)

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

15) Information disclosure (CVE-ID: CVE-2017-10379)

The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). A remote attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

16) Denial of service (CVE-ID: CVE-2017-10384)

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3459-1/