ALT-BU-2020-3899-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2020-03228
Уязвимость системы хранения данных Ceph, связанная с непринятием мер по обработке последовательностей CRLF в HTTP-заголовках, позволяющая нарушителю внедрить произвольные HTTP-заголовки
Modified: 2024-11-21
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
- openSUSE-SU-2020:0898
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753
- [debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update
- [debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update
- FEDORA-2020-c9bff9688e
- GLSA-202105-39
- USN-4528-1
- openSUSE-SU-2020:0898
- USN-4528-1
- GLSA-202105-39
- FEDORA-2020-c9bff9688e
- [debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update
- [debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753
Closed bugs
Добавить зависимость libctl-devel
Closed vulnerabilities
BDU:2020-02373
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02644
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02648
Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02649
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-13249
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
- openSUSE-SU-2020:0738
- openSUSE-SU-2020:0870
- https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945
- https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- openSUSE-SU-2020:0738
- FEDORA-2020-ac2d47d89a
- FEDORA-2020-35f52d9370
- https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8
- https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945
- openSUSE-SU-2020:0870
Modified: 2024-11-21
CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
- openSUSE-SU-2020:0870
- openSUSE-SU-2020:0870
- FEDORA-2020-35f52d9370
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- FEDORA-2020-ac2d47d89a
- GLSA-202012-08
- GLSA-202012-08
- GLSA-202105-27
- GLSA-202105-27
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Modified: 2024-11-21
CVE-2020-2760
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
- openSUSE-SU-2020:0870
- openSUSE-SU-2020:0870
- FEDORA-2020-261c9ddd7c
- FEDORA-2020-261c9ddd7c
- FEDORA-2020-136dc82437
- FEDORA-2020-136dc82437
- FEDORA-2020-20ac7c92a1
- FEDORA-2020-20ac7c92a1
- FEDORA-2020-35f52d9370
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- FEDORA-2020-ac2d47d89a
- GLSA-202012-08
- GLSA-202012-08
- GLSA-202105-27
- GLSA-202105-27
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://security.netapp.com/advisory/ntap-20200416-0003/
- USN-4350-1
- USN-4350-1
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Modified: 2024-11-21
CVE-2020-2812
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- openSUSE-SU-2020:0870
- openSUSE-SU-2020:0870
- FEDORA-2020-261c9ddd7c
- FEDORA-2020-261c9ddd7c
- FEDORA-2020-136dc82437
- FEDORA-2020-136dc82437
- FEDORA-2020-20ac7c92a1
- FEDORA-2020-20ac7c92a1
- FEDORA-2020-35f52d9370
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- FEDORA-2020-ac2d47d89a
- GLSA-202012-08
- GLSA-202012-08
- GLSA-202105-27
- GLSA-202105-27
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://security.netapp.com/advisory/ntap-20200416-0003/
- USN-4350-1
- USN-4350-1
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Modified: 2024-11-21
CVE-2020-2814
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- openSUSE-SU-2020:0870
- openSUSE-SU-2020:0870
- FEDORA-2020-261c9ddd7c
- FEDORA-2020-261c9ddd7c
- FEDORA-2020-136dc82437
- FEDORA-2020-136dc82437
- FEDORA-2020-20ac7c92a1
- FEDORA-2020-20ac7c92a1
- FEDORA-2020-35f52d9370
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- FEDORA-2020-ac2d47d89a
- GLSA-202012-08
- GLSA-202012-08
- GLSA-202105-27
- GLSA-202105-27
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html