Ubuntu update for MySQL



Published: 2020-05-04
Risk Medium
Patch available YES
Number of vulnerabilities 25
CVE-ID CVE-2020-2759
CVE-2020-2901
CVE-2020-2930
CVE-2020-2928
CVE-2020-2926
CVE-2020-2925
CVE-2020-2924
CVE-2020-2923
CVE-2020-2922
CVE-2020-2921
CVE-2020-2904
CVE-2020-2903
CVE-2020-2898
CVE-2020-2760
CVE-2020-2897
CVE-2020-2896
CVE-2020-2895
CVE-2020-2893
CVE-2020-2892
CVE-2020-2812
CVE-2020-2804
CVE-2020-2780
CVE-2020-2765
CVE-2020-2763
CVE-2020-2762
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		mysql-8.0 (Ubuntu package)
Operating systems & Components / Operating system package or component

mysql-5.7 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 25 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU26936

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2759

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU26932

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2901

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU26946

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2930

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU26933

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2928

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU26944

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2926

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication GCS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU26935

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2925

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU26931

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2924

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU26930

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2923

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU26947

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2922

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU26945

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2921

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU26934

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2904

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU26924

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2903

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU26923

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2898

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Charsets component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU26915

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2760

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU26929

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2897

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU26925

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2896

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU26922

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2895

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU26921

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2893

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU26928

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2892

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU26942

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2812

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU26914

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2804

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Memcached component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU26911

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2780

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU26927

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2765

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU26937

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2763

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU26919

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2762

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 20.04 LTS
mysql-server-8.0 - 8.0.20-0ubuntu0.20.04.1
Ubuntu 19.10
mysql-server-8.0 - 8.0.20-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1

Vulnerable software versions

mysql-8.0 (Ubuntu package): 8.0.14-0ubuntu1 - 8.0.19-0ubuntu5

mysql-5.7 (Ubuntu package): 5.7.11 - 5.7.29-0ubuntu0.18.04.1

External links

http://usn.ubuntu.com/4350-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###