UBUNTU-CVE-2020-15180
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2020-15180
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15180.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-15180
- Related
- Published
- 2021-05-27T20:15:00Z
- Modified
- 2021-05-27T20:15:00Z
- Severity
-
- 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in
wsrep_sst_methodallows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. - References
Affected packages
Ubuntu:Pro:16.04:LTS / mariadb-10.0
Package
- Name
- mariadb-10.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.0.20-0ubuntu0.15.04.1
10.0.22-0ubuntu1
10.0.23-1
10.0.23-2
10.0.24-7
10.0.25-0ubuntu0.16.04.1
10.0.27-0ubuntu0.16.04.1
10.0.28-0ubuntu0.16.04.1
10.0.29-0ubuntu0.16.04.1
10.0.31-0ubuntu0.16.04.2
10.0.33-0ubuntu0.16.04.1
10.0.34-0ubuntu0.16.04.1
10.0.36-0ubuntu0.16.04.1
10.0.38-0ubuntu0.16.04.1
Ubuntu:18.04:LTS / mariadb-10.1
Package
- Name
- mariadb-10.1
- Purl
- pkg:deb/ubuntu/mariadb-10.1@1:10.1.47-0ubuntu0.18.04.1?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:10.1.47-0ubuntu0.18.04.1
Affected versions
10.*
10.1.25-1
1:10.*
1:10.1.29-6
1:10.1.34-0ubuntu0.18.04.1
1:10.1.38-0ubuntu0.18.04.1
1:10.1.38-0ubuntu0.18.04.2
1:10.1.40-0ubuntu0.18.04.1
1:10.1.41-0ubuntu0.18.04.1
1:10.1.43-0ubuntu0.18.04.1
1:10.1.44-0ubuntu0.18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"mariadb-client-core-10.1": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbclient18": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-client-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-oqgraph": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbclient-dev": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-common": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-cracklib-password-check": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-spider": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-gssapi-server-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-cracklib-password-check-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-client-core-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-mroonga-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-gssapi-client-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-server": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-server-10.1": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbclient-dev-compat": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-gssapi-server": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-server-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-tokudb-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-test-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-test-data": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-oqgraph-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-tokudb": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-server-core-10.1": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-gssapi-client": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbclient18-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-mroonga": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbd-dev": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-spider-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-connect": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-plugin-connect-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-client-10.1": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbd18": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-client": "1:10.1.47-0ubuntu0.18.04.1",
"libmariadbd18-dbgsym": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-test": "1:10.1.47-0ubuntu0.18.04.1",
"mariadb-server-core-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1"
}
]
}
Ubuntu:20.04:LTS / mariadb-10.3
Package
- Name
- mariadb-10.3
- Purl
- pkg:deb/ubuntu/mariadb-10.3@1:10.3.25-0ubuntu0.20.04.1?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:10.3.25-0ubuntu0.20.04.1
Affected versions
1:10.*
1:10.3.17-1
1:10.3.18-1
1:10.3.19-1
1:10.3.21-2
1:10.3.22-1
1:10.3.22-1ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libmariadb3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-oqgraph": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadbclient-dev": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadbd19": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-cracklib-password-check": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-spider": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-gssapi-server-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-cracklib-password-check-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-mroonga-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-common": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-gssapi-client-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-server": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-gssapi-server": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-client-10.3": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-client-core-10.3": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-test-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-server-10.3": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-rocksdb-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-tokudb-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-test-data": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadb-dev-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-oqgraph-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-tokudb": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-server-core-10.3": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadb-dev-compat": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-gssapi-client": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-mroonga": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-client": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-client-core-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-connect": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadb-dev": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadbd-dev": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-spider-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadbd19-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-backup-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-connect-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-backup": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-server-core-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-server-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-test": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-plugin-rocksdb": "1:10.3.25-0ubuntu0.20.04.1",
"libmariadb3": "1:10.3.25-0ubuntu0.20.04.1",
"mariadb-client-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1"
}
]
}