Bug 1414335 (CVE-2016-8318)
Summary: | CVE-2016-8318 mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2017) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aortega, apevec, ayoung, chrisw, cvsbot-xmlrpc, databases-maint, dciabrin, hhorak, jjoyce, jorton, jschluet, jstanek, kbasil, lhh, lpeer, markmc, mbayer, mburns, mmuzila, mschorm, praiskup, rbryant, sclewis, slinaber, srevivo, tdecacqu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mysql 5.6.35, mysql 5.7.17 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-14 14:36:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1414362 |
Description
Adam Mariš
2017-01-18 10:17:44 UTC
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1414386] It seems this CVE is for this change mentioned in the MySQL 5.6.35 and 5.7.17 release notes: MySQL Enterprise Notes Enterprise Encryption for MySQL Enterprise Edition now enables server administrators to impose limits on maximum key length by setting environment variables. These can be used to prevent clients from using excessive CPU resources by passing very long key lengths to key-generation operations. For more information, see Enterprise Encryption Usage and Examples. (Bug #19687742) https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html Affected code is specific to MySQL Enterprise, not available in the community version. |