Malware Devil

Loading...

Wednesday, July 29, 2020

ESB-2020.2584 – [Ubuntu] MySQL: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2584
                     USN-4441-1: MySQL vulnerabilities
                               29 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           MySQL
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Modify Arbitrary Files   -- Existing Account      
                   Denial of Service        -- Existing Account      
                   Read-only Data Access    -- Remote/Unauthenticated
                   Access Confidential Data -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14702 CVE-2020-14697 CVE-2020-14680
                   CVE-2020-14678 CVE-2020-14663 CVE-2020-14656
                   CVE-2020-14654 CVE-2020-14651 CVE-2020-14643
                   CVE-2020-14641 CVE-2020-14634 CVE-2020-14633
                   CVE-2020-14632 CVE-2020-14631 CVE-2020-14624
                   CVE-2020-14623 CVE-2020-14620 CVE-2020-14619
                   CVE-2020-14597 CVE-2020-14591 CVE-2020-14586
                   CVE-2020-14576 CVE-2020-14575 CVE-2020-14568
                   CVE-2020-14559 CVE-2020-14553 CVE-2020-14550
                   CVE-2020-14547 CVE-2020-14540 CVE-2020-14539

Reference:         ASB-2020.0132

Original Bulletin: 
   https://usn.ubuntu.com/4441-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4441-1: MySQL vulnerabilities
28 July 2020

Several security issues were fixed in MySQL.
Releases

  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS

Packages

  o mysql-5.7 - MySQL database
  o mysql-8.0 - MySQL database

Details

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.21 in Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS have been updated to MySQL 5.7.31.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-31.html

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-21.html

https://www.oracle.com/security-alerts/cpujul2020.html

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o mysql-server-8.0 - 8.0.21-0ubuntu0.20.04.3

Ubuntu 18.04

  o mysql-server-5.7 - 5.7.31-0ubuntu0.18.04.1

Ubuntu 16.04

  o mysql-server-5.7 - 5.7.31-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

  o CVE-2020-14633
  o CVE-2020-14654
  o CVE-2020-14550
  o CVE-2020-14623
  o CVE-2020-14576
  o CVE-2020-14591
  o CVE-2020-14559
  o CVE-2020-14568
  o CVE-2020-14540
  o CVE-2020-14643
  o CVE-2020-14656
  o CVE-2020-14553
  o CVE-2020-14547
  o CVE-2020-14680
  o CVE-2020-14539
  o CVE-2020-14586
  o CVE-2020-14620
  o CVE-2020-14624
  o CVE-2020-14663
  o CVE-2020-14631
  o CVE-2020-14697
  o CVE-2020-14702
  o CVE-2020-14641
  o CVE-2020-14619
  o CVE-2020-14634
  o CVE-2020-14678
  o CVE-2020-14597
  o CVE-2020-14632
  o CVE-2020-14651
  o CVE-2020-14575

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyELKeNLKJtyKPYoAQiT5xAAqH9JNm6ekfOzOudtRUVPMCAwWVlsH48e
pVbROO2bzogGCQU7Mk2Anx8C+0T4E97bEjhO9I4Bkqk176fFZUCAYnxOs5Ouz7/u
YkgjNtLFz01Zk6tzdfOU/Ae91SEdz0BkpVoenvn8l5phuRgit+9hiorcgeohLKrm
ck+3JDPOD2C6uTjVDN9MCn8eNphxr2BI9eJEq6qxjSV2KigmwGK+iDK6DEIobJ6l
jQrEdCqAoFXyyjLTWe7t1NedES91MGWBzDuInZKgdE5PHQAyNemcxLMEbumxlq+G
mIL+/Ee7Hoj4om++9+R4UoHc9z0SwDed1DFj7/J9j74aWJOeHaN3drWqD2uXnWgS
SyQPuaRIVDzgzlLjRTW38WZbcLtMDiP8eY3LLjocfrUK3vpEiSGOI+dG7HRKc8k9
OV9kqIJrG9LsHrOM8jJiOWi9dJHypgnBqEUxoK1spqjx1FJirmPiGdGYJeGprasX
MzEoO/jxjivGQDPjil3A9OR6G2lRyeknH/gYUSIb7sEzykT1WbkjlgsOpjdyYLpM
WpYMX8ynyFvfa1x5TGRrxeRstpEN9t195nNcU+Cehb0PCJGvG/KHuzlm8WmoV7L1
tp2Bf0DR/XygIIX4B87NbZHyU3jT6g4cuNPmVvh1OA3cy1is+EuCccePjrWa8YZA
vl34y1kDzvE=
=W5CI
-----END PGP SIGNATURE-----

Read More



https://www.malwaredevil.com/2020/07/29/esb-2020-2584-ubuntu-mysql-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2584-ubuntu-mysql-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...