CVE-2017-3652 in Ubuntu

CVE-2017-3652

Priority

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DDL). Supported versions that are affected are 5.5.56 and earlier,
5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data as well as unauthorized read access to
a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2
(Confidentiality and Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3652
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://ubuntu.com/security/notices/USN-3357-1
https://ubuntu.com/security/notices/USN-3357-2

Notes

mdeslaur

5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier

Package

Source: mariadb-10.0 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-10.1 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	not-affected
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-5.5 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was not-affected)

Patches:

Package

Source: mysql-5.5 (LP Ubuntu Debian)

Upstream:	released (5.5.57)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (5.5.57-0ubuntu0.14.04.1)

Patches:

Package

Source: mysql-5.6 (LP Ubuntu Debian)

Upstream:	released (5.6.37)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: mysql-5.7 (LP Ubuntu Debian)

Upstream:	released (5.7.19)
Ubuntu 18.04 LTS:	released (5.7.19-0ubuntu1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 16.04 ESM:	released (5.7.19-0ubuntu0.16.04.1)
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mysql-8.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected
Ubuntu 21.10:	not-affected
Ubuntu 22.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-server-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: percona-xtradb-cluster-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-25 00:21:28 UTC (commit ecc1009cb19540b950de59270950018900f37f15)