CVE-2017-3653
CVSS3.5
发布时间 :2017-08-08 11:29:08
修订时间 :2018-03-22 21:29:04
NMPS    

[原文]Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 3.5 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-284 [访问控制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:oracle:mysql:5.5.56
cpe:/a:oracle:mysql:5.6.36
cpe:/a:oracle:mysql:5.7.18

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3653
(官方数据源) NVD

- 其它链接及资源

http://www.debian.org/security/2017/dsa-3922
(UNKNOWN)  DEBIAN  DSA-3922
http://www.debian.org/security/2017/dsa-3944
(UNKNOWN)  DEBIAN  DSA-3944
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
(VENDOR_ADVISORY)  CONFIRM  http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/99810
(VENDOR_ADVISORY)  BID  99810
http://www.securitytracker.com/id/1038928
(VENDOR_ADVISORY)  SECTRACK  1038928
https://access.redhat.com/errata/RHSA-2017:2787
(UNKNOWN)  REDHAT  RHSA-2017:2787
https://access.redhat.com/errata/RHSA-2017:2886
(UNKNOWN)  REDHAT  RHSA-2017:2886
https://access.redhat.com/errata/RHSA-2018:0279
(UNKNOWN)  REDHAT  RHSA-2018:0279
https://access.redhat.com/errata/RHSA-2018:0574
(UNKNOWN)  REDHAT  RHSA-2018:0574
https://www.debian.org/security/2017/dsa-3955
(UNKNOWN)  DEBIAN  DSA-3955

- 漏洞信息 (F143412)

Ubuntu Security Notice USN-3357-1 (PacketStormID:F143412)
2017-07-20 00:00:00
Ubuntu  security.ubuntu.com
advisory
linux,ubuntu
CVE-2017-3529,CVE-2017-3633,CVE-2017-3634,CVE-2017-3635,CVE-2017-3636,CVE-2017-3637,CVE-2017-3638,CVE-2017-3639,CVE-2017-3640,CVE-2017-3641,CVE-2017-3642,CVE-2017-3643,CVE-2017-3644,CVE-2017-3645,CVE-2017-3647,CVE-2017-3648,CVE-2017-3649,CVE-2017-3650,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653
[点击下载]

Ubuntu Security Notice 3357-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3357-1
July 20, 2017

mysql-5.5, mysql-5.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.7: MySQL database
- mysql-5.5: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS
and Ubuntu 17.04 have been updated to MySQL 5.7.19.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  mysql-server-5.7                5.7.19-0ubuntu0.17.04.1

Ubuntu 16.04 LTS:
  mysql-server-5.7                5.7.19-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  mysql-server-5.5                5.5.57-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3357-1
  CVE-2017-3529, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635,
  CVE-2017-3636, CVE-2017-3637, CVE-2017-3638, CVE-2017-3639,
  CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643,
  CVE-2017-3644, CVE-2017-3645, CVE-2017-3647, CVE-2017-3648,
  CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652,
  CVE-2017-3653

Package Information:
  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.19-0ubuntu0.17.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.19-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.57-0ubuntu0.14.04.1


    

- 漏洞信息 (F143458)

Ubuntu Security Notice USN-3357-2 (PacketStormID:F143458)
2017-07-24 00:00:00
Ubuntu  security.ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2017-3302,CVE-2017-3305,CVE-2017-3308,CVE-2017-3309,CVE-2017-3329,CVE-2017-3453,CVE-2017-3456,CVE-2017-3461,CVE-2017-3462,CVE-2017-3463,CVE-2017-3464,CVE-2017-3600,CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3648,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653
[点击下载]

Ubuntu Security Notice 3357-2 - USN-3357-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3357-2
July 24, 2017

mysql-5.5 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.5: MySQL database

Details:

USN-3357-1 fixed several vulnerabilities in MySQL. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
 mysql-server-5.55.5.57-0ubuntu0.12.04.1

In general, a standard system update will make all the necessary
changes.

References:
 https://www.ubuntu.com/usn/usn-3357-2
 https://www.ubuntu.com/usn/usn-3357-1
 CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309,
 CVE-2017-3329, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461,
 CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3600,
 CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3648,
 CVE-2017-3651, CVE-2017-3652, CVE-2017-3653

    

- 漏洞信息 (F144089)

Slackware Security Advisory - mariadb Updates (PacketStormID:F144089)
2017-09-12 00:00:00
Slackware Security Team  slackware.com
advisory
linux,slackware
CVE-2017-3636,CVE-2017-3641,CVE-2017-3653
[点击下载]

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  mariadb (SSA:2017-251-02)

New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.57-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.57-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.32-x86_64-1_slack14.2.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
e18d20ce245d96764c1385e7cd48e9d5  mariadb-5.5.57-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
270fbdbb08f125c2056ee3fddc3ae9f9  mariadb-5.5.57-x86_64-1_slack14.1.txz

Slackware 14.2 package:
9152299e6b3eede1f4fe2c357b8b43c6  mariadb-10.0.32-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
b39204d2de2aacba8cc3923b0f748d98  mariadb-10.0.32-x86_64-1_slack14.2.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mariadb-10.0.32-i586-1_slack14.2.txz

Then, restart the database server:
# sh /etc/rc.d/rc.mysqld restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlmy3AAACgkQakRjwEAQIjP7hwCeKg7Hk6NazPr9oFAv+x249L3A
xikAoIf+FXywJb5kBI5uCl0UkStX+kSt
=PUOz
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F146856)

Red Hat Security Advisory 2018-0574-01 (PacketStormID:F146856)
2018-03-23 00:00:00
Red Hat  
advisory
linux,redhat
CVE-2016-5617,CVE-2016-6664,CVE-2017-10268,CVE-2017-10286,CVE-2017-10378,CVE-2017-10379,CVE-2017-10384,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3302,CVE-2017-3308,CVE-2017-3309,CVE-2017-3312,CVE-2017-3313,CVE-2017-3317,CVE-2017-3318,CVE-2017-3453,CVE-2017-3456,CVE-2017-3464,CVE-2017-3636,CVE-2017-3641,CVE-2017-3653
[点击下载]

Red Hat Security Advisory 2018-0574-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update
Advisory ID:       RHSA-2018:0574-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:0574
Issue date:        2018-03-21
CVE Names:         CVE-2016-5617 CVE-2016-6664 CVE-2017-3238 
                   CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 
                   CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 
                   CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 
                   CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 
                   CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 
                   CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 
                   CVE-2017-3653 CVE-2017-10268 CVE-2017-10286 
                   CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 
=====================================================================

1. Summary:

An update for rh-mariadb101-mariadb and rh-mariadb101-galera is now
available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server. For all
practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version:
rh-mariadb101-mariadb (10.1.29). (BZ#1463417, BZ#1517327)

Security Fix(es):

* mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)
(CVE-2016-5617, CVE-2016-6664)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3238)

* mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3243)

* mysql: Server: DML unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3244)

* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3257)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3258)

* mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
(CVE-2017-3265)

* mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) (CVE-2017-3291)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3308)

* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3309)

* mysql: insecure error log file handling in mysqld_safe, incomplete
CVE-2016-6664 fix (CPU Jan 2017) (CVE-2017-3312)

* mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3313)

* mysql: Logging unspecified vulnerability (CPU Jan 2017) (CVE-2017-3317)

* mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3318)

* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3453)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3456)

* mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3464)

* mysql: Client programs unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3636)

* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3641)

* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10268)

* mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10286)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10378)

* mysql: Client programs unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10379)

* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10384)

* mysql: prepared statement handle use-after-free after disconnect
(CVE-2017-3302)

* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3653)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Bug Fix(es):

* Previously, a syntax error in the Galera Arbitrator SysV init script
prevented the garbd daemon from being started when the SysV init script was
used. With this update, the definition of the main daemon binary in the
SysV init script has been fixed, and the described problem no longer
occurs. (BZ#1466473)

* Prior to this update, the scl macros were not set for the
rh-mariadb101-mariadb@.service file, which consequently made the service
file unusable. This bug has been fixed, and rh-mariadb101-mariadb@.service
now works as expected. (BZ#1485995)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1386564 - CVE-2016-6664 CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)
1414133 - CVE-2017-3312 mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)
1414338 - CVE-2017-3238 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)
1414340 - CVE-2017-3243 mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017)
1414342 - CVE-2017-3244 mysql: Server: DML unspecified vulnerability (CPU Jan 2017)
1414350 - CVE-2017-3257 mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)
1414351 - CVE-2017-3258 mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)
1414353 - CVE-2017-3313 mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)
1414355 - CVE-2017-3317 mysql: Logging unspecified vulnerability (CPU Jan 2017)
1414357 - CVE-2017-3318 mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)
1414423 - CVE-2017-3265 mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
1414429 - CVE-2017-3291 mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)
1422119 - CVE-2017-3302 mysql: prepared statement handle use-after-free after disconnect
1443358 - CVE-2017-3308 mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
1443359 - CVE-2017-3309 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
1443365 - CVE-2017-3453 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
1443369 - CVE-2017-3456 mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
1443379 - CVE-2017-3464 mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
1466472 - mysql_install_db does not work when --basedir is specified
1466473 - galera arbitrator service init script error on RHEL6
1472686 - CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)
1472693 - CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
1472711 - CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
1503669 - CVE-2017-10286 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)
1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-mariadb101-galera-25.3.12-12.el6.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-mariadb101-galera-25.3.12-12.el6.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-mariadb101-galera-25.3.12-12.el6.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-5617
https://access.redhat.com/security/cve/CVE-2016-6664
https://access.redhat.com/security/cve/CVE-2017-3238
https://access.redhat.com/security/cve/CVE-2017-3243
https://access.redhat.com/security/cve/CVE-2017-3244
https://access.redhat.com/security/cve/CVE-2017-3257
https://access.redhat.com/security/cve/CVE-2017-3258
https://access.redhat.com/security/cve/CVE-2017-3265
https://access.redhat.com/security/cve/CVE-2017-3291
https://access.redhat.com/security/cve/CVE-2017-3302
https://access.redhat.com/security/cve/CVE-2017-3308
https://access.redhat.com/security/cve/CVE-2017-3309
https://access.redhat.com/security/cve/CVE-2017-3312
https://access.redhat.com/security/cve/CVE-2017-3313
https://access.redhat.com/security/cve/CVE-2017-3317
https://access.redhat.com/security/cve/CVE-2017-3318
https://access.redhat.com/security/cve/CVE-2017-3453
https://access.redhat.com/security/cve/CVE-2017-3456
https://access.redhat.com/security/cve/CVE-2017-3464
https://access.redhat.com/security/cve/CVE-2017-3636
https://access.redhat.com/security/cve/CVE-2017-3641
https://access.redhat.com/security/cve/CVE-2017-3653
https://access.redhat.com/security/cve/CVE-2017-10268
https://access.redhat.com/security/cve/CVE-2017-10286
https://access.redhat.com/security/cve/CVE-2017-10378
https://access.redhat.com/security/cve/CVE-2017-10379
https://access.redhat.com/security/cve/CVE-2017-10384
https://access.redhat.com/security/updates/classification/#moderate
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
https://mariadb.com/kb/en/mariadb/mariadb-10120-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10121-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFasmU1XlSAg2UNWIIRAncTAKCA/RqsVxCbTvAulP8rkRDkBeyQswCfb4rI
rF8l/vXwVQ/qtHp2OGaOXF4=
=oIdA
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息

Oracle MySQL Server CVE-2017-3653 Remote Security Vulnerability
Unknown 99810
Yes No
2017-07-18 12:00:00 2017-07-18 12:00:00
Zuozhi Fan formerly of Alibaba

- 受影响的程序版本

Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.5.56
Oracle MySQL Server 5.5.55
Oracle MySQL Server 5.5.54
Oracle MySQL Server 5.5.53
Oracle MySQL Server 5.5.52
Oracle MySQL Server 5.5.48
Oracle MySQL Server 5.5.47
Oracle MySQL Server 5.5.46
Oracle MySQL Server 5.5.45
Oracle MySQL Server 5.5.42
Oracle MySQL Server 5.5.41
Oracle MySQL Server 5.5.40
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.5.44
Oracle MySQL Server 5.5.43
Oracle MySQL Server 5.5.36
Oracle MySQL Server 5.5.35

- 漏洞讨论

Oracle MySQL Server is prone to a remote security vulnerability in MySQL Server.

The vulnerability can be exploited over the 'MySQL' protocol. The 'Server: DDL' sub component is affected.

This vulnerability affects the following supported versions:
5.7.18 and prior
5.5.56 and prior
5.6.36 and prior

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站