svn commit: r446202 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Wed Jul 19 14:45:33 UTC 2017
Author: brnrd
Date: Wed Jul 19 14:45:31 2017
New Revision: 446202
URL: https://svnweb.freebsd.org/changeset/ports/446202
Log:
security/vuxml: Document MySQL vulnerabilities
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jul 19 14:37:44 2017 (r446201)
+++ head/security/vuxml/vuln.xml Wed Jul 19 14:45:31 2017 (r446202)
@@ -58,6 +58,115 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="cda2f3c2-6c8b-11e7-867f-b499baebfeaf">
+ <topic>MySQL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.57</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.31</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.23</lt></range>
+ </package>
+ <package>
+ <name>mariadb102-server</name>
+ <range><lt>10.2.6</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.55</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.36</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL">
+ <ul>
+ <li>Reserved [CVE-2017-3629]</li>
+ <li>A remote user can exploit a flaw in the Server: Memcached component to partially
+ modify data and cause denial of service conditions [CVE-2017-3633].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DML component to
+ cause denial of service conditions [CVE-2017-3634].</li>
+ <li>A remote authenticated user can exploit a flaw in the Connector/C component to
+ cause denial of service conditions [CVE-2017-3635].</li>
+ <li>A remote authenticated user can exploit a flaw in the C API component to cause
+ denial of service conditions [CVE-2017-3635].</li>
+ <li>A local user can exploit a flaw in the Client programs component to partially
+ access data, partially modify data, and partially deny service
+ [CVE-2017-3636].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: UDF component to
+ cause denial of service conditions [CVE-2017-3529].</li>
+ <li>A remote authenticated user can exploit a flaw in the X Plugin component to
+ cause denial of service conditions [CVE-2017-3637].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DML component to
+ cause denial of service conditions [CVE-2017-3639, CVE-2017-3640, CVE-2017-3641,
+ CVE-2017-3643, CVE-2017-3644].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: Optimizer
+ component to cause denial of service conditions [CVE-2017-3638, CVE-2017-3642,
+ CVE-2017-3645].</li>
+ <li>A remote authenticated user can exploit a flaw in the X Plugin component to
+ cause denial of service conditions [CVE-2017-3646].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: Charsets component
+ to cause denial of service conditions [CVE-2017-3648].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: Replication
+ component to cause denial of service conditions [CVE-2017-3647,
+ CVE-2017-3649].</li>
+ <li>A remote authenticated user can exploit a flaw in the Client mysqldump component
+ to partially modify data [CVE-2017-3651].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
+ partially access and partially modify data [CVE-2017-3652].</li>
+ <li>A remote user can exploit a flaw in the C API component to partially access data
+ [CVE-2017-3650].</li>
+ <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
+ partially modify data [CVE-2017-3653].</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL</url>
+ <cvename>CVE-2017-3529</cvename>
+ <cvename>CVE-2017-3633</cvename>
+ <cvename>CVE-2017-3634</cvename>
+ <cvename>CVE-2017-3635</cvename>
+ <cvename>CVE-2017-3636</cvename>
+ <cvename>CVE-2017-3637</cvename>
+ <cvename>CVE-2017-3638</cvename>
+ <cvename>CVE-2017-3639</cvename>
+ <cvename>CVE-2017-3640</cvename>
+ <cvename>CVE-2017-3641</cvename>
+ <cvename>CVE-2017-3642</cvename>
+ <cvename>CVE-2017-3643</cvename>
+ <cvename>CVE-2017-3644</cvename>
+ <cvename>CVE-2017-3645</cvename>
+ <cvename>CVE-2017-3646</cvename>
+ <cvename>CVE-2017-3647</cvename>
+ <cvename>CVE-2017-3648</cvename>
+ <cvename>CVE-2017-3649</cvename>
+ <cvename>CVE-2017-3650</cvename>
+ <cvename>CVE-2017-3651</cvename>
+ <cvename>CVE-2017-3652</cvename>
+ <cvename>CVE-2017-3653</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-19</discovery>
+ <entry>2017-07-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="08a2df48-6c6a-11e7-9b01-2047478f2f70">
<topic>collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures</topic>
<affects>
More information about the svn-ports-all
mailing list