CVE-2018-3174 in Ubuntu

CVE-2018-3174

Priority

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Client programs). Supported versions that are affected are 5.5.61 and
prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult
to exploit vulnerability allows high privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
While the vulnerability is in MySQL Server, attacks may significantly
impact additional products. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://ubuntu.com/security/notices/USN-3799-1
https://ubuntu.com/security/notices/USN-3799-2

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911221

Notes

Package

Source: mariadb-10.0 (LP Ubuntu Debian)

Upstream:	released (10.0.37)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-10.1 (LP Ubuntu Debian)

Upstream:	released (10.1.37)
Ubuntu 18.04 LTS:	released (1:10.1.38-0ubuntu0.18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-5.5 (LP Ubuntu Debian)

Upstream:	released (5.5.62)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was released [5.5.63-1ubuntu0.14.04.1])

Patches:

Package

Source: mysql-5.5 (LP Ubuntu Debian)

Upstream:	released (5.5.62)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (5.5.62-0ubuntu0.14.04.1)

Patches:

Package

Source: mysql-5.6 (LP Ubuntu Debian)

Upstream:	released (5.6.42)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: mysql-5.7 (LP Ubuntu Debian)

Upstream:	released (5.7.24)
Ubuntu 18.04 LTS:	released (5.7.24-0ubuntu0.18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 16.04 ESM:	released (5.7.24-0ubuntu0.16.04.1)
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mysql-8.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected
Ubuntu 21.10:	not-affected
Ubuntu 22.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-server-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needs-triage)

Patches:

Package

Source: percona-xtradb-cluster-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-25 00:28:03 UTC (commit ecc1009cb19540b950de59270950018900f37f15)