CVE-2021-2307 in Ubuntu

CVE-2021-2307

Priority

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Packaging). Supported versions that are affected are 5.7.33 and
prior and 8.0.23 and prior. Easily exploitable vulnerability allows
unauthenticated attacker with logon to the infrastructure where MySQL
Server executes to compromise MySQL Server. Successful attacks require
human interaction from a person other than the attacker. Successful attacks
of this vulnerability can result in unauthorized access to critical data or
complete access to all MySQL Server accessible data as well as unauthorized
update, insert or delete access to some of MySQL Server accessible data.
CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS
Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2307
https://access.redhat.com/security/cve/CVE-2021-2307
https://ubuntu.com/security/notices/USN-4952-1
https://ubuntu.com/security/notices/USN-5022-3

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325

Notes

leosilva

since 5.5 is no longer upstream supported and so far we cannot
patch it, marking it as ignored.

Package

Source: mariadb-10.0 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-10.1 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	not-affected
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-10.3 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-10.5 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mariadb-5.5 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mysql-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	ignored

Patches:

Package

Source: mysql-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mysql-5.7 (LP Ubuntu Debian)

Upstream:	released (5.7.34)
Ubuntu 18.04 LTS:	released (5.7.34-0ubuntu0.18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 16.04 ESM:	released (5.7.35-0ubuntu0.16.04.1+esm1)
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: mysql-8.0 (LP Ubuntu Debian)

Upstream:	released (8.0.24)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	released (8.0.25-0ubuntu0.20.04.1)
Ubuntu 21.10:	released (8.0.25-0ubuntu3)
Ubuntu 22.04 LTS:	released (8.0.25-0ubuntu3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-server-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: percona-xtradb-cluster-5.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-25 00:52:49 UTC (commit ecc1009cb19540b950de59270950018900f37f15)