Errata ALT-PU-2020-3275-1: Information
Fixes
Published: Oct. 21, 2020
BDU:2020-05020
Уязвимость системы управления базами данных MariaDB, компонента Server: FTS СУБД MySQL, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 21, 2020
BDU:2020-05076
Уязвимость компонента Server: Locking системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 21, 2020
BDU:2020-05078
Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 21, 2020
BDU:2020-05084
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 20, 2021
BDU:2021-02469
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2020
BDU:2021-03502
Уязвимость компонента mysql-wsrep СУБД MariaDB, связанная с ошибками обработки входных данных при выполнении синтаксического анализа кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.0) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Oct. 21, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14765
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://security.netapp.com/advisory/ntap-20201023-0003/
- [debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update
- GLSA-202105-27
- FEDORA-2020-eee64a579c
- FEDORA-2020-4f9ee82bc5
- FEDORA-2020-53df1c05be
- FEDORA-2020-561eed63ef
- FEDORA-2020-b995eb2973
- FEDORA-2020-ac2d47d89a
Published: Oct. 21, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14776
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 21, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14789
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 21, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14812
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 27, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Severity: CRITICAL (9.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: April 23, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-2194
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links: