Candidate: CVE-2020-2853
PublicDate: 2020-04-15 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2853
 https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
Description:
 Vulnerability in the MySQL Server product of Oracle MySQL (component:
 Server: Security: Privileges). Supported versions that are affected are
 8.0.18 and prior. Easily exploitable vulnerability allows high privileged
 attacker with network access via multiple protocols to compromise MySQL
 Server. Successful attacks of this vulnerability can result in unauthorized
 ability to cause a hang or frequently repeatable crash (complete DOS) of
 MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:
 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Ubuntu-Description:
Notes:
 leosilva> since 5.5 is no longer upstream supported and so far we cannot
  patch it, marking it as ignored.
 mdeslaur> MySQL 8.0 only
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H [4.9 MEDIUM]

Patches_mysql-5.5:
upstream_mysql-5.5: needs-triage
precise/esm_mysql-5.5: ignored
trusty_mysql-5.5: ignored (out of standard support)
trusty/esm_mysql-5.5: ignored
vivid_mysql-5.5: DNE
xenial_mysql-5.5: DNE
bionic_mysql-5.5: DNE
eoan_mysql-5.5: DNE
focal_mysql-5.5: DNE
groovy_mysql-5.5: DNE
hirsute_mysql-5.5: DNE
impish_mysql-5.5: DNE
jammy_mysql-5.5: DNE
devel_mysql-5.5: DNE

Patches_mysql-5.6:
upstream_mysql-5.6: needs-triage
precise/esm_mysql-5.6: DNE
trusty_mysql-5.6: ignored (out of standard support)
trusty/esm_mysql-5.6: DNE
xenial_mysql-5.6: DNE
bionic_mysql-5.6: DNE
eoan_mysql-5.6: DNE
focal_mysql-5.6: DNE
groovy_mysql-5.6: DNE
hirsute_mysql-5.6: DNE
impish_mysql-5.6: DNE
jammy_mysql-5.6: DNE
devel_mysql-5.6: DNE

Patches_mysql-5.7:
upstream_mysql-5.7: not-affected (code not present)
precise/esm_mysql-5.7: DNE
trusty_mysql-5.7: DNE
trusty/esm_mysql-5.7: DNE
xenial_mysql-5.7: not-affected (code not present)
esm-infra/xenial_mysql-5.7: not-affected (code not present)
bionic_mysql-5.7: not-affected (code not present)
eoan_mysql-5.7: DNE
focal_mysql-5.7: DNE
groovy_mysql-5.7: DNE
hirsute_mysql-5.7: DNE
impish_mysql-5.7: DNE
jammy_mysql-5.7: DNE
devel_mysql-5.7: DNE

Patches_mysql-8.0:
upstream_mysql-8.0: released (8.0.19)
precise/esm_mysql-8.0: DNE
trusty_mysql-8.0: DNE
trusty/esm_mysql-8.0: DNE
xenial_mysql-8.0: DNE
bionic_mysql-8.0: DNE
eoan_mysql-8.0: released (8.0.19-0ubuntu0.19.10.3)
focal_mysql-8.0: released (8.0.19-0ubuntu4)
groovy_mysql-8.0: released (8.0.19-0ubuntu4)
hirsute_mysql-8.0: released (8.0.19-0ubuntu4)
impish_mysql-8.0: released (8.0.19-0ubuntu4)
jammy_mysql-8.0: released (8.0.19-0ubuntu4)
devel_mysql-8.0: released (8.0.19-0ubuntu4)

Patches_mariadb-5.5:
upstream_mariadb-5.5: not-affected
precise/esm_mariadb-5.5: DNE
trusty_mariadb-5.5: ignored (out of standard support)
trusty/esm_mariadb-5.5: DNE
xenial_mariadb-5.5: DNE
bionic_mariadb-5.5: DNE
eoan_mariadb-5.5: DNE
focal_mariadb-5.5: DNE
groovy_mariadb-5.5: DNE
hirsute_mariadb-5.5: DNE
impish_mariadb-5.5: DNE
jammy_mariadb-5.5: DNE
devel_mariadb-5.5: DNE

Patches_mariadb-10.0:
upstream_mariadb-10.0: not-affected
precise/esm_mariadb-10.0: DNE
trusty_mariadb-10.0: DNE
trusty/esm_mariadb-10.0: DNE
xenial_mariadb-10.0: ignored (end of standard support, was needs-triage)
bionic_mariadb-10.0: DNE
eoan_mariadb-10.0: DNE
focal_mariadb-10.0: DNE
groovy_mariadb-10.0: DNE
hirsute_mariadb-10.0: DNE
impish_mariadb-10.0: DNE
jammy_mariadb-10.0: DNE
devel_mariadb-10.0: DNE

Patches_mariadb-10.1:
upstream_mariadb-10.1: not-affected
precise/esm_mariadb-10.1: DNE
trusty_mariadb-10.1: DNE
trusty/esm_mariadb-10.1: DNE
xenial_mariadb-10.1: DNE
bionic_mariadb-10.1: not-affected
eoan_mariadb-10.1: DNE
focal_mariadb-10.1: DNE
groovy_mariadb-10.1: DNE
hirsute_mariadb-10.1: DNE
impish_mariadb-10.1: DNE
jammy_mariadb-10.1: DNE
devel_mariadb-10.1: DNE

Patches_mariadb-10.3:
upstream_mariadb-10.3: not-affected
precise/esm_mariadb-10.3: DNE
trusty_mariadb-10.3: DNE
trusty/esm_mariadb-10.3: DNE
xenial_mariadb-10.3: DNE
bionic_mariadb-10.3: DNE
eoan_mariadb-10.3: ignored (reached end-of-life)
focal_mariadb-10.3: not-affected
groovy_mariadb-10.3: ignored (reached end-of-life)
hirsute_mariadb-10.3: DNE
impish_mariadb-10.3: DNE
jammy_mariadb-10.3: DNE
devel_mariadb-10.3: DNE

Patches_percona-xtradb-cluster-5.5:
upstream_percona-xtradb-cluster-5.5: needs-triage
precise/esm_percona-xtradb-cluster-5.5: DNE
trusty_percona-xtradb-cluster-5.5: ignored (out of standard support)
trusty/esm_percona-xtradb-cluster-5.5: DNE
xenial_percona-xtradb-cluster-5.5: DNE
bionic_percona-xtradb-cluster-5.5: DNE
eoan_percona-xtradb-cluster-5.5: DNE
focal_percona-xtradb-cluster-5.5: DNE
groovy_percona-xtradb-cluster-5.5: DNE
hirsute_percona-xtradb-cluster-5.5: DNE
impish_percona-xtradb-cluster-5.5: DNE
jammy_percona-xtradb-cluster-5.5: DNE
devel_percona-xtradb-cluster-5.5: DNE

Patches_percona-xtradb-cluster-5.6:
upstream_percona-xtradb-cluster-5.6: needs-triage
precise/esm_percona-xtradb-cluster-5.6: DNE
trusty_percona-xtradb-cluster-5.6: DNE
trusty/esm_percona-xtradb-cluster-5.6: DNE
xenial_percona-xtradb-cluster-5.6: ignored (end of standard support, was needs-triage)
bionic_percona-xtradb-cluster-5.6: DNE
eoan_percona-xtradb-cluster-5.6: DNE
focal_percona-xtradb-cluster-5.6: DNE
groovy_percona-xtradb-cluster-5.6: DNE
hirsute_percona-xtradb-cluster-5.6: DNE
impish_percona-xtradb-cluster-5.6: DNE
jammy_percona-xtradb-cluster-5.6: DNE
devel_percona-xtradb-cluster-5.6: DNE

Patches_percona-server-5.6:
upstream_percona-server-5.6: needs-triage
precise/esm_percona-server-5.6: DNE
trusty_percona-server-5.6: DNE
trusty/esm_percona-server-5.6: DNE
xenial_percona-server-5.6: ignored (end of standard support, was needs-triage)
bionic_percona-server-5.6: DNE
eoan_percona-server-5.6: DNE
focal_percona-server-5.6: DNE
groovy_percona-server-5.6: DNE
hirsute_percona-server-5.6: DNE
impish_percona-server-5.6: DNE
jammy_percona-server-5.6: DNE
devel_percona-server-5.6: DNE