Red Hat update for mysql



Published: 2018-04-26
Risk Low
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2018-2755
CVE-2018-2758
CVE-2018-2761
CVE-2018-2766
CVE-2018-2771
CVE-2018-2773
CVE-2018-2781
CVE-2018-2782
CVE-2018-2784
CVE-2018-2787
CVE-2018-2805
CVE-2018-2813
CVE-2018-2817
CVE-2018-2818
CVE-2018-2819
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU12009

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2755

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Security restrictions bypass

EUVDB-ID: #VU12010

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2758

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Security restrictions bypass

EUVDB-ID: #VU12012

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2761

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Security restrictions bypass

EUVDB-ID: #VU12014

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2766

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Security restrictions bypass

EUVDB-ID: #VU12016

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2771

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Security restrictions bypass

EUVDB-ID: #VU12017

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2773

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Security restrictions bypass

EUVDB-ID: #VU12024

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2781

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Security restrictions bypass

EUVDB-ID: #VU12025

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2782

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Security restrictions bypass

EUVDB-ID: #VU12027

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2784

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Security restrictions bypass

EUVDB-ID: #VU12029

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2787

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Security restrictions bypass

EUVDB-ID: #VU12030

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2805

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Security restrictions bypass

EUVDB-ID: #VU12033

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2813

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can gain unauthorized read access to a subset of MySQL Server accessible data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Security restrictions bypass

EUVDB-ID: #VU12036

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2817

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Security restrictions bypass

EUVDB-ID: #VU12037

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2818

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Security restrictions bypass

EUVDB-ID: #VU12038

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-2819

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###