CVE-2020-2580 in Ubuntu

CVE-2020-2580

Priority

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DDL). Supported versions that are affected are 8.0.17 and prior.
Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2580
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
https://www.oracle.com/security-alerts/cpujan2020.html

Notes

leosilva	since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored.
mdeslaur	8.0 only

Package

Source: mariadb-10.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (mysql only)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mariadb-10.1 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (mysql only)
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mariadb-10.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	not-affected (mysql only)
Ubuntu 20.10 (Groovy Gorilla):	not-affected (mysql only)
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mariadb-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	ignored
Ubuntu 14.04 ESM (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-5.7 (LP Ubuntu Debian)

Upstream:	not-affected (8.0.x only)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (8.0.x only)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (8.0.x only)
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: mysql-8.0 (LP Ubuntu Debian)

Upstream:	released (8.0.18)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	released (8.0.18-0ubuntu5)
Ubuntu 20.10 (Groovy Gorilla):	released (8.0.18-0ubuntu5)
Ubuntu 21.04 (Hirsute Hippo):	released (8.0.18-0ubuntu5)

Package

Source: percona-server-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

Package

Source: percona-xtradb-cluster-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE

More Information

Updated: 2020-12-07 18:19:33 UTC (commit e14fcfad36eae582e523b3d02d87f3f6347017b4)