CVE-2017-3456

Priority
Medium
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DML). Supported versions that are affected are 5.5.54 and earlier,
5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base
Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3456
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.ubuntu.com/usn/usn-3269-1
http://www.ubuntu.com/usn/usn-3357-2
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860547
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860544
https://bugs.launchpad.net/bugs/1698689
Package
Source: mariadb-10.0 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: mariadb-10.1 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (10.1.24-5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):released (10.1.25-0ubuntu0.17.04.1)
Package
Source: mariadb-5.5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.56-1ubuntu0.14.04.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: percona-xtradb-cluster-5.6 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Package
Source: percona-server-5.6 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Package
Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: mysql-5.7 (LP Ubuntu Debian)
Upstream:released (5.7.18)
Ubuntu 17.10 (Artful Aardvark):released (5.7.18-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.7.18-0ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):released (5.7.18-0ubuntu0.17.04.1)
Package
Source: mysql-5.6 (LP Ubuntu Debian)
Upstream:released (5.6.36)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: mysql-5.5 (LP Ubuntu Debian)
Upstream:released (5.5.55)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (5.5.57-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.55-0ubuntu0.14.04.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-08-11 23:25:23 UTC (commit 13081)