CVE-2020-2579 in Ubuntu

CVE-2020-2579

Priority

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 5.6.46 and
prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base
Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2579
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
https://www.oracle.com/security-alerts/cpujan2020.html
https://usn.ubuntu.com/usn/usn-4250-1

Notes

leosilva

since 5.5 is no longer upstream supported and so far we cannot
patch it, marking it as ignored.

Package

Source: mariadb-10.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (mysql only)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mariadb-10.1 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (mysql only)
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mariadb-10.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	not-affected (mysql only)
Ubuntu 20.10 (Groovy Gorilla):	not-affected (mysql only)
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mariadb-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	ignored
Ubuntu 14.04 ESM (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-5.7 (LP Ubuntu Debian)

Upstream:	released (5.7.29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (5.7.29-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (5.7.29-0ubuntu0.18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-8.0 (LP Ubuntu Debian)

Upstream:	released (8.0.19)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	released (8.0.19-0ubuntu2)
Ubuntu 20.10 (Groovy Gorilla):	released (8.0.19-0ubuntu2)
Ubuntu 21.04 (Hirsute Hippo):	released (8.0.19-0ubuntu2)

Package

Source: percona-server-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: percona-xtradb-cluster-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

More Information

Updated: 2020-12-07 18:19:33 UTC (commit e14fcfad36eae582e523b3d02d87f3f6347017b4)