Vulnerability CVE-2019-2739: Information

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.1) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-2739
Published: July 24, 2019
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus8.0.17-alt18.0.36-alt1ALT-PU-2019-2432-1235789Fixed
MySQLsisyphus_riscv648.0.27-alt1.0.rv648.0.30-alt0.2.rv64ALT-PU-2021-4503-1-Fixed
MySQLp108.0.17-alt18.0.36-alt1ALT-PU-2019-2432-1235789Fixed
MySQLp98.0.19-alt28.0.26-alt2ALT-PU-2020-1827-1250162Fixed
MySQLp85.7.28-alt15.7.28-alt1ALT-PU-2020-1037-1243724Fixed
MySQLc10f18.0.17-alt18.0.36-alt1ALT-PU-2019-2432-1235789Fixed
MySQLc9f28.0.19-alt28.0.36-alt0.c9.1ALT-PU-2020-1827-1250162Fixed
mariadbsisyphus10.0.21-alt110.11.7-alt2.1ALT-PU-2015-1749-1148805Fixed
mariadbp1010.0.21-alt110.6.17-alt3ALT-PU-2015-1749-1148805Fixed
mariadbp910.4.7-alt110.4.32-alt0.M90P.1ALT-PU-2019-2436-1235868Fixed
mariadbp810.1.43-alt110.1.48-alt1ALT-PU-2020-1094-1244621Fixed
mariadbc10f110.0.21-alt110.6.17-alt1ALT-PU-2015-1749-1148805Fixed
mariadbc9f210.4.7-alt110.6.15-alt1ALT-PU-2019-2436-1235868Fixed
mariadbc710.0.21-alt1.M70C.110.3.14-alt0.M70C.1ALT-PU-2015-1788-1149240Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
  • Patch
  • Vendor Advisory
USN-4070-1
  • Third Party Advisory
20190802 [slackware-security] mariadb (SSA:2019-213-01)
  • Mailing List
  • Third Party Advisory
http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
  • Third Party Advisory
  • VDB Entry
USN-4070-2
  • Third Party Advisory
USN-4070-3
  • Third Party Advisory
RHSA-2019:2484
  • Third Party Advisory
RHSA-2019:2511
  • Third Party Advisory
https://support.f5.com/csp/article/K51272092
  • Third Party Advisory
RHSA-2019:3708
  • Third Party Advisory
openSUSE-SU-2019:2698
  • Broken Link
  • Mailing List
  • Third Party Advisory
FEDORA-2019-c106e46a95
    FEDORA-2019-96516ce0ac
      https://support.f5.com/csp/article/K51272092?utm_source=f5support&amp%3Butm_medium=RSS

          1. Configuration 1

            cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
            Start including
            8.0.0
            End including
            8.0.16
            cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
            Start including
            5.7.0
            End including
            5.7.26
            cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
            Start including
            5.6.0
            End including
            5.6.44

            Configuration 2

            cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

            Configuration 3

            cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

            Configuration 5

            cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
            Start including
            10.2.0
            End excliding
            10.2.26
            cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
            Start including
            10.3.0
            End excliding
            10.3.17
            cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
            Start including
            10.4.0
            End excliding
            10.4.7
            cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
            Start including
            5.5.0
            End excliding
            5.5.65
            cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
            Start including
            10.1.0
            End excliding
            10.1.41
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.0
        Back to top