CVE-2017-15365

NameCVE-2017-15365
DescriptionReplication in sql/event_data_objects.cc occurs before ACL checks
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs884065, 885345

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mariadb-10.0 (PTS)jessie10.0.30-0+deb8u2undetermined
jessie (security)10.0.32-0+deb8u1undetermined
mariadb-10.1 (PTS)stretch (security), stretch10.1.26-0+deb9u1vulnerable
buster, sid1:10.1.29-6vulnerable
mariadb-10.2 (PTS)sid10.2.7-1vulnerable
mysql-5.5 (PTS)wheezy5.5.47-0+deb7u1undetermined
wheezy (security)5.5.59-0+deb7u1undetermined
jessie5.5.58-0+deb8u1undetermined
jessie (security)5.5.59-0+deb8u1undetermined
mysql-5.7 (PTS)sid5.7.20-2undetermined
percona-xtrabackup (PTS)sid, jessie2.2.3-2.1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mariadb-10.0source(unstable)undetermined
mariadb-10.1source(unstable)(unfixed)885345
mariadb-10.2source(unstable)(unfixed)884065
mysql-5.5source(unstable)undetermined
mysql-5.7source(unstable)undetermined
percona-xtrabackupsource(unstable)undetermined

Notes

MariaDB: Fixed in 10.2.10, 10.1.30
https://bugzilla.redhat.com/show_bug.cgi?id=1524234
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified

Search for package or bug name: Reporting problems