Red Hat Bugzilla – Bug 1472686
CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)
Last modified: 2018-08-20 08:42:36 EDT
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. External References: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1472716]
This issue seems to be for the following change documented in the MySQL release notes: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html mysqlaccess now looks for its configuration file only in the SYSCONFDIR directory and /etc. (Bug #25043674) and corrected via the following upstream commit: https://github.com/mysql/mysql-server/commit/788fb5bf678e2854fd2936cf6ac8d8f46f7c90c4 The problem fixed by this commit is only exploited locally (matching AV:L in the Oracle CVSS score) and does not affect MySQL 5.7, which no longer includes the mysqlaccess tool (its manual page in 5.6 notes: This utility is deprecated in MySQL 5.6.17 and removed in MySQL 5.7).
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2787
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Via RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0279
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Via RHSA-2018:0574 https://access.redhat.com/errata/RHSA-2018:0574
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2439