Bug 2240246 (CVE-2023-5157)
Summary: | CVE-2023-5157 mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abobrov, hhorak, jorton, ljavorsk, midzik, mmuzila, mschorm, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mariadb 10.3.36, mariadb 10.4.26, mariadb 10.5.17, mariadb 10.6.9, mariadb 10.7.5, mariadb 10.8.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2240552, 2240553, 2240554, 2240555, 2240556, 2240557, 2240558, 2240770 | ||
Bug Blocks: | 2240248 |
Description
Dhananjay Arunesh
2023-09-22 17:39:27 UTC
Please remove the Embargoed keyword in the title. This issue is already open by upstream, so it doesn't make sense to have it embargoed here. Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 2240552] Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2240553] Created mariadb:10.6/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2240554] Created mariadb:10.7/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2240555] Created mariadb:10.8/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2240556] Created mariadb:10.9/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2240557] Please reconsider the Fedora open bugs. I've just checked the version we have in Fedora (10.5.21, 10.6.14, 10.7.7, 10.8.6 and 10.9.4). Upstream claims the CVE is fixed in the versions (10.5.17, 10.6.9, 10.7.5, 10.8.4). They don't even mention the 10.9 version is affected. This means we have had our Fedora packages fixed for a long time and that these bugs didn't even have to be reported. If there isn't another source proving otherwise, please close these bugs so they don't confuse us. This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5684 https://access.redhat.com/errata/RHSA-2023:5684 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5683 https://access.redhat.com/errata/RHSA-2023:5683 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:6821 https://access.redhat.com/errata/RHSA-2023:6821 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:6822 https://access.redhat.com/errata/RHSA-2023:6822 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6883 https://access.redhat.com/errata/RHSA-2023:6883 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:7633 https://access.redhat.com/errata/RHSA-2023:7633 |