Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-3452
Vulnerability from cvelistv5
Published
2017-04-24 19:00
Modified
2024-10-07 16:20
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | MySQL Server |
Version: 5.6.35 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:30:56.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:2787", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2787" }, { "name": "1038287", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "name": "97779", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97779" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-3452", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T15:46:09.230952Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T16:20:36.858Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "MySQL Server", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "5.6.35 and earlier" } ] } ], "datePublic": "2017-04-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:2787", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2787" }, { "name": "1038287", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "name": "97779", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97779" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-3452", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MySQL Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.6.35 and earlier" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:2787", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2787" }, { "name": "1038287", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038287" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "name": "97779", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97779" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-3452", "datePublished": "2017-04-24T19:00:00", "dateReserved": "2016-12-06T00:00:00", "dateUpdated": "2024-10-07T16:20:36.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-3452\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2017-04-24T19:59:01.223\",\"lastModified\":\"2024-11-21T03:25:34.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \\\"exploitable\\\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponent: Server: Optimizer). Las versiones compatibles que son afectadas son 5.6.35 and versiones anteriores. La vulnerabilidad f\u00e1cilmente \\\"explotable\\\" permite a un atacante de bajo privilegio con acceso a la red comprometer MySQL Server a trav\u00e9s de m\u00faltiples protocolos. Los ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o un bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS 3.0 Base Score 6.5 (Impactos de disponibilidad).Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.6.35\",\"matchCriteriaId\":\"4558EEAE-8014-4623-95DC-727A89CDCA5D\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97779\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038287\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2787\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
gsd-2017-3452
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Aliases
Aliases
{ "GSD": { "alias": "CVE-2017-3452", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "id": "GSD-2017-3452", "references": [ "https://www.suse.com/security/cve/CVE-2017-3452.html", "https://access.redhat.com/errata/RHSA-2017:2787" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-3452" ], "details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "id": "GSD-2017-3452", "modified": "2023-12-13T01:21:16.895228Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-3452", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MySQL Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.6.35 and earlier" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:2787", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2787" }, { "name": "1038287", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038287" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "name": "97779", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97779" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.6.35", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-3452" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "name": "97779", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97779" }, { "name": "1038287", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1038287" }, { "name": "RHSA-2017:2787", "refsource": "REDHAT", "tags": [], "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2019-10-03T00:03Z", "publishedDate": "2017-04-24T19:59Z" } } }
ghsa-vvr7-h5qq-ccf3
Vulnerability from github
Published
2022-05-13 01:45
Modified
2022-05-13 01:45
Severity ?
Details
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
{ "affected": [], "aliases": [ "CVE-2017-3452" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-04-24T19:59:00Z", "severity": "MODERATE" }, "details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "id": "GHSA-vvr7-h5qq-ccf3", "modified": "2022-05-13T01:45:25Z", "published": "2022-05-13T01:45:25Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3452" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2787" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/97779" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1038287" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
rhsa-2017_2787
Vulnerability from csaf_redhat
Published
2017-09-21 07:42
Modified
2024-11-22 11:13
Summary
Red Hat Security Advisory: rh-mysql56-mysql security and bug fix update
Notes
Topic
An update for rh-mysql56-mysql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.37).
Security Fix(es):
* An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)
* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)
* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)
* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)
* It was discovered that the MySQL client command line tools only checked after authentication whether server supported SSL. A man-in-the-middle attacker could use this flaw to hijack client's authentication to the server even if the client was configured to require SSL connection. (CVE-2017-3305)
* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)
* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)
* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2016-8327, CVE-2017-3238, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3273, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3633, CVE-2017-3634, CVE-2017-3636, CVE-2017-3641, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653)
Red Hat would like to thank Pali Rohár for reporting CVE-2017-3305.
Bug Fix(es):
* Previously, the md5() function was blocked by MySQL in FIPS mode because the MD5 hash algorithm is considered insecure. Consequently, the mysqld daemon failed with error messages when FIPS mode was enabled. With this update, md5() is allowed in FIPS mode for non-security operations. Note that users are able to use md5() for security purposes but such usage is not supported by Red Hat. (BZ#1452469)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-mysql56-mysql is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.37).\n\nSecurity Fix(es):\n\n* An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* It was discovered that the MySQL client command line tools only checked after authentication whether server supported SSL. A man-in-the-middle attacker could use this flaw to hijack client\u0027s authentication to the server even if the client was configured to require SSL connection. (CVE-2017-3305)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2016-8327, CVE-2017-3238, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3273, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3633, CVE-2017-3634, CVE-2017-3636, CVE-2017-3641, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653)\n\nRed Hat would like to thank Pali Roh\u00e1r for reporting CVE-2017-3305.\n\nBug Fix(es):\n\n* Previously, the md5() function was blocked by MySQL in FIPS mode because the MD5 hash algorithm is considered insecure. Consequently, the mysqld daemon failed with error messages when FIPS mode was enabled. With this update, md5() is allowed in FIPS mode for non-security operations. Note that users are able to use md5() for security purposes but such usage is not supported by Red Hat. (BZ#1452469)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2787", "url": "https://access.redhat.com/errata/RHSA-2017:2787" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" }, { "category": "external", "summary": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html", "url": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html" }, { "category": "external", "summary": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html", "url": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html" }, { "category": "external", "summary": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html", "url": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html" }, { "category": "external", "summary": "1414133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414133" }, { "category": "external", "summary": "1414337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414337" }, { "category": "external", "summary": "1414338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414338" }, { "category": "external", "summary": "1414342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414342" }, { "category": "external", "summary": "1414350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414350" }, { "category": "external", "summary": "1414351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414351" }, { "category": "external", "summary": "1414352", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414352" }, { "category": "external", "summary": "1414353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414353" }, { "category": "external", "summary": "1414355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414355" }, { "category": "external", "summary": "1414357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414357" }, { "category": "external", "summary": "1414423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414423" }, { "category": "external", "summary": "1414429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414429" }, { "category": "external", "summary": "1422119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422119" }, { "category": "external", "summary": "1431690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431690" }, { "category": "external", "summary": "1433010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433010" }, { "category": "external", "summary": "1443358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443358" }, { "category": "external", "summary": "1443359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443359" }, { "category": "external", "summary": "1443363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443363" }, { "category": "external", "summary": "1443364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443364" }, { "category": "external", "summary": "1443365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443365" }, { "category": "external", "summary": "1443369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443369" }, { "category": "external", "summary": "1443376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443376" }, { "category": "external", "summary": "1443377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443377" }, { "category": "external", "summary": "1443378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443378" }, { "category": "external", "summary": "1443379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443379" }, { "category": "external", "summary": "1443386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443386" }, { "category": "external", "summary": "1472683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472683" }, { "category": "external", "summary": "1472684", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472684" }, { "category": "external", "summary": "1472686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472686" }, { "category": "external", "summary": "1472693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472693" }, { "category": "external", "summary": "1472703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472703" }, { "category": "external", "summary": "1472704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472704" }, { "category": "external", "summary": "1472705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472705" }, { "category": "external", "summary": "1472708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472708" }, { "category": "external", "summary": "1472710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472710" }, { "category": "external", "summary": "1472711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472711" }, { "category": "external", "summary": "1477575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477575" }, { "category": "external", "summary": "1482122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482122" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2787.json" } ], "title": "Red Hat Security Advisory: rh-mysql56-mysql security and bug fix update", "tracking": { "current_release_date": "2024-11-22T11:13:43+00:00", "generator": { "date": "2024-11-22T11:13:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:2787", "initial_release_date": "2017-09-21T07:42:12+00:00", "revision_history": [ { "date": "2017-09-21T07:42:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-09-21T07:42:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T11:13:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-debuginfo@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-test@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-config@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-devel@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-common@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-bench@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-server@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "product": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "product_id": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-errmsg@5.6.37-5.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-debuginfo@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-test@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-config@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-common@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-devel@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-bench@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-server@5.6.37-5.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "product": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "product_id": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql-errmsg@5.6.37-5.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-mysql56-mysql-0:5.6.37-5.el6.src", "product": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.src", "product_id": "rh-mysql56-mysql-0:5.6.37-5.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5.el6?arch=src" } } }, { "category": "product_version", "name": "rh-mysql56-mysql-0:5.6.37-5.el7.src", "product": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.src", "product_id": "rh-mysql56-mysql-0:5.6.37-5.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el6.src", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el6.src", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el6.src", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64" }, "product_reference": "rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el7.src", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el7.src", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" }, "product_reference": "rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-5483", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2017-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1433010" } ], "notes": [ { "category": "description", "text": "It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Incorrect input validation allowing code execution via mysqldump", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5483" }, { "category": "external", "summary": "RHBZ#1433010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433010" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5483", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" }, { "category": "external", "summary": "https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/", "url": "https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/" }, { "category": "external", "summary": "https://blog.tarq.io/cve-2016-5483-galera-remote-command-execution-via-crafted-database-name/", "url": "https://blog.tarq.io/cve-2016-5483-galera-remote-command-execution-via-crafted-database-name/" } ], "release_date": "2017-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Incorrect input validation allowing code execution via mysqldump" }, { "cve": "CVE-2016-8327", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414337" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Replication unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8327" }, { "category": "external", "summary": "RHBZ#1414337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8327", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8327" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8327", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8327" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Replication unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3238", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414338" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3238" }, { "category": "external", "summary": "RHBZ#1414338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3238", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3244", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414342" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DML unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3244" }, { "category": "external", "summary": "RHBZ#1414342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3244", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3244" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DML unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3257", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414350" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3257" }, { "category": "external", "summary": "RHBZ#1414350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414350" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3257", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3257" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3257", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3257" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3258", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414351" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3258" }, { "category": "external", "summary": "RHBZ#1414351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414351" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3258", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3258" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)" }, { "acknowledgments": [ { "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-3265", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2016-11-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414423" } ], "notes": [ { "category": "description", "text": "Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: unsafe chmod/chown use in init script (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3265" }, { "category": "external", "summary": "RHBZ#1414423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3265", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3265" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: unsafe chmod/chown use in init script (CPU Jan 2017)" }, { "cve": "CVE-2017-3273", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414352" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3273" }, { "category": "external", "summary": "RHBZ#1414352", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414352" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3273", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3273" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3273", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3273" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)" }, { "acknowledgments": [ { "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-3291", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2016-11-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414429" } ], "notes": [ { "category": "description", "text": "It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: unrestricted mysqld_safe\u0027s ledir (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3291" }, { "category": "external", "summary": "RHBZ#1414429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3291", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: unrestricted mysqld_safe\u0027s ledir (CPU Jan 2017)" }, { "cve": "CVE-2017-3302", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422119" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: prepared statement handle use-after-free after disconnect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3302" }, { "category": "external", "summary": "RHBZ#1422119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422119" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3302", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" } ], "release_date": "2017-01-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql: prepared statement handle use-after-free after disconnect" }, { "acknowledgments": [ { "names": [ "Pali Roh\u00e1r" ] } ], "cve": "CVE-2017-3305", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2017-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1431690" } ], "notes": [ { "category": "description", "text": "It was discovered that the MySQL client command line tools only checked after authentication whether server supported SSL. A man-in-the-middle attacker could use this flaw to hijack client\u0027s authentication to the server even if the client was configured to require SSL connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3305" }, { "category": "external", "summary": "RHBZ#1431690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431690" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3305", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" }, { "category": "external", "summary": "http://riddle.link/", "url": "http://riddle.link/" } ], "release_date": "2017-03-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6" }, { "cve": "CVE-2017-3308", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443358" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DML unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3308" }, { "category": "external", "summary": "RHBZ#1443358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3308", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DML unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3309", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443359" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3309" }, { "category": "external", "summary": "RHBZ#1443359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443359" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3309", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)" }, { "acknowledgments": [ { "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-3312", "discovery_date": "2016-11-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414133" } ], "notes": [ { "category": "description", "text": "Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3312" }, { "category": "external", "summary": "RHBZ#1414133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3312", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3312" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)" }, { "cve": "CVE-2017-3313", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414353" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3313" }, { "category": "external", "summary": "RHBZ#1414353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3313", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3313" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3317", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414355" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Logging unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3317" }, { "category": "external", "summary": "RHBZ#1414355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414355" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3317", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3317" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Logging unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3318", "discovery_date": "2017-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414357" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3318" }, { "category": "external", "summary": "RHBZ#1414357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414357" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3318", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3318" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" } ], "release_date": "2017-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)" }, { "cve": "CVE-2017-3450", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Memcached unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3450" }, { "category": "external", "summary": "RHBZ#1443363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443363" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3450" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Memcached unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3452", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443364" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3452" }, { "category": "external", "summary": "RHBZ#1443364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3452", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3452" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3453", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443365" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3453" }, { "category": "external", "summary": "RHBZ#1443365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443365" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3453", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3453" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3456", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443369" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DML unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3456" }, { "category": "external", "summary": "RHBZ#1443369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443369" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3456", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3456" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DML unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3461", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443376" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3461" }, { "category": "external", "summary": "RHBZ#1443376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3461", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3462", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443377" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3462" }, { "category": "external", "summary": "RHBZ#1443377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443377" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3462", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3463", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443378" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3463" }, { "category": "external", "summary": "RHBZ#1443378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3463", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3463" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3464", "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443379" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3464" }, { "category": "external", "summary": "RHBZ#1443379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443379" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3464", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)" }, { "cve": "CVE-2017-3599", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2017-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443386" } ], "notes": [ { "category": "description", "text": "An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3599" }, { "category": "external", "summary": "RHBZ#1443386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3599", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3599" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" }, { "category": "external", "summary": "https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/", "url": "https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/" } ], "release_date": "2017-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)" }, { "cve": "CVE-2017-3600", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2017-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1433010" } ], "notes": [ { "category": "description", "text": "It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Incorrect input validation allowing code execution via mysqldump", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3600" }, { "category": "external", "summary": "RHBZ#1433010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433010" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3600", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3600" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" }, { "category": "external", "summary": "https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/", "url": "https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/" }, { "category": "external", "summary": "https://blog.tarq.io/cve-2016-5483-galera-remote-command-execution-via-crafted-database-name/", "url": "https://blog.tarq.io/cve-2016-5483-galera-remote-command-execution-via-crafted-database-name/" } ], "release_date": "2017-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Incorrect input validation allowing code execution via mysqldump" }, { "cve": "CVE-2017-3633", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Memcached unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3633" }, { "category": "external", "summary": "RHBZ#1472683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472683" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3633", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3633" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Memcached unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3634", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472684" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DML unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3634" }, { "category": "external", "summary": "RHBZ#1472684", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472684" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3634", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3634" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3634", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3634" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DML unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3636", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472686" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Client programs unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3636" }, { "category": "external", "summary": "RHBZ#1472686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472686" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3636", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3636" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Client programs unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3641", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472693" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DML unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3641" }, { "category": "external", "summary": "RHBZ#1472693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472693" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3641", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3641" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DML unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3647", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472703" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Replication unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3647" }, { "category": "external", "summary": "RHBZ#1472703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472703" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3647", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3647" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Replication unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3648", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472704" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3648" }, { "category": "external", "summary": "RHBZ#1472704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472704" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3648", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3649", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472705" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: Replication unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3649" }, { "category": "external", "summary": "RHBZ#1472705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3649", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3649" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: Replication unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3651", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472708" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3651" }, { "category": "external", "summary": "RHBZ#1472708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472708" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3651", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3651" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3652", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472710" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3652" }, { "category": "external", "summary": "RHBZ#1472710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472710" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3652", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3652" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)" }, { "cve": "CVE-2017-3653", "discovery_date": "2017-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1472711" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3653" }, { "category": "external", "summary": "RHBZ#1472711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472711" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3653", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3653" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" } ], "release_date": "2017-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-21T07:42:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.src", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el6.x86_64", "6Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Server-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Server-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.src", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-bench-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-common-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-config-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-devel-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-errmsg-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-server-0:5.6.37-5.el7.x86_64", "7Workstation-RHSCL-2.4:rh-mysql56-mysql-test-0:5.6.37-5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.