{"id": "CVE-2014-4258", "bulletinFamily": "NVD", "title": "CVE-2014-4258", "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", "published": "2014-07-17T07:17:10", "modified": "2018-10-09T15:48:54", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4258", "reporter": "NVD", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://www.securitytracker.com/id/1030578", "http://www.debian.org/security/2014/dsa-2985", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://secunia.com/advisories/60425", "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "http://www.securityfocus.com/bid/68564", "https://exchange.xforce.ibmcloud.com/vulnerabilities/94620"], "cvelist": ["CVE-2014-4258"], "type": "cve", "lastseen": "2018-10-10T11:05:21", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:mysql:5.6.1", "cpe:/a:oracle:mysql:5.5.22", "cpe:/a:oracle:mysql:5.5.16", "cpe:/a:vmware:vcenter_server_appliance:5.1:update_2", "cpe:/a:oracle:mysql:5.6.5", "cpe:/a:oracle:mysql:5.5.13", "cpe:/a:vmware:vcenter_server_appliance:5.0:update_2", "cpe:/a:vmware:vcenter_server_appliance:5.1", "cpe:/a:mysql:mysql:5.5.4", "cpe:/o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3", "cpe:/a:oracle:mysql:5.5.10", "cpe:/a:oracle:mysql:5.5.18", "cpe:/a:oracle:mysql:5.5.19", "cpe:/o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp3", "cpe:/a:oracle:mysql:5.6.16", "cpe:/a:mysql:mysql:5.5.0", "cpe:/a:oracle:mysql:5.5.14", "cpe:/a:oracle:mysql:5.6.6", "cpe:/a:oracle:mysql:5.5.29", "cpe:/o:opensuse_project:suse_linux_enterprise_server:11.0:sp3:~~~vmware~~", "cpe:/o:opensuse_project:suse_linux_enterprise_server:11.0:sp3", "cpe:/a:oracle:mysql:5.5.15", "cpe:/a:oracle:mysql:5.5.25:a", "cpe:/a:mysql:mysql:5.5.8", "cpe:/a:oracle:mysql:5.6.8", "cpe:/a:vmware:vcenter_server_appliance:5.5", "cpe:/a:oracle:mysql:5.6.14", "cpe:/a:oracle:mysql:5.6.4", "cpe:/a:oracle:mysql:5.5.33", "cpe:/a:oracle:mysql:5.5.24", "cpe:/a:oracle:mysql:5.6.13", "cpe:/a:oracle:mysql:5.6.3", "cpe:/a:oracle:mysql:5.5.35", "cpe:/a:oracle:mysql:5.6.0", "cpe:/a:mysql:mysql:5.5.9", "cpe:/a:mysql:mysql:5.5.3", "cpe:/a:mysql:mysql:5.5.5", "cpe:/a:oracle:mysql:5.6.11", "cpe:/a:oracle:mysql:5.6.2", "cpe:/a:mysql:mysql:5.5.2", "cpe:/a:oracle:mysql:5.5.26", "cpe:/a:oracle:mysql:5.5.30", "cpe:/a:oracle:mysql:5.5.36", "cpe:/a:mysql:mysql:5.5.1", "cpe:/a:oracle:mysql:5.5.31", "cpe:/a:oracle:mysql:5.5.23", "cpe:/a:vmware:vcenter_server_appliance:5.0:update_1", "cpe:/a:oracle:mysql:5.6.9", "cpe:/a:oracle:mysql:5.5.11", "cpe:/a:oracle:mysql:5.6.7", "cpe:/a:vmware:vcenter_server_appliance:5.1:update_1", "cpe:/a:mysql:mysql:5.5.7", "cpe:/a:oracle:mysql:5.5.20", "cpe:/a:oracle:mysql:5.5.37", "cpe:/a:mysql:mysql:5.5.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:oracle:mysql:5.5.28", "cpe:/a:oracle:mysql:5.5.27", "cpe:/a:vmware:vcenter_server_appliance:5.5:update_1", "cpe:/a:vmware:vcenter_server_appliance:5.0", "cpe:/a:oracle:mysql:5.5.32", "cpe:/a:oracle:mysql:5.5.12", "cpe:/a:oracle:mysql:5.6.17", "cpe:/a:oracle:mysql:5.5.17", "cpe:/a:oracle:mysql:5.5.34", "cpe:/a:oracle:mysql:5.5.21", "cpe:/a:oracle:mysql:5.5.25", "cpe:/a:oracle:mysql:5.6.12", "cpe:/o:oracle:solaris:11.3", "cpe:/a:oracle:mysql:5.6.15", "cpe:/a:oracle:mysql:5.6.10"], "cvelist": ["CVE-2014-4258"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a06dcf83671085ff8dcc2c8190a8969e468122107473f9eeb0c9e5fdd8093bf6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "416d9cf1f08c850112bb2e62aa7f12bc", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "624ca772d8bb1cc9c6882d03a84825a9", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "ecf6375b08dc53f28f098e58c8973feb", "key": "cpe"}, {"hash": "07265d0958ffa07d3e0b9416edc24004", "key": "references"}, {"hash": "37246a70b2de47bfaa93ee47aa2cdb14", "key": "cvelist"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "29178b01f5d434de69fe73cc20ea7066", "key": "title"}, {"hash": "9644040d5d1e96ae364d4f0a3687c844", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b47359993e7a1069b42b1d15ed053f48", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4258", "id": "CVE-2014-4258", "lastseen": "2017-08-29T10:48:19", "modified": "2017-08-28T21:34:55", "objectVersion": "1.3", "published": "2014-07-17T07:17:10", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://www.securitytracker.com/id/1030578", "http://www.debian.org/security/2014/dsa-2985", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://secunia.com/advisories/60425", "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "http://www.securityfocus.com/bid/68564", "http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/94620"], "reporter": "NVD", "scanner": [], "title": "CVE-2014-4258", "type": "cve", "viewCount": 3}, "differentElements": ["references", "modified"], "edition": 3, "lastseen": "2017-08-29T10:48:19"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:mysql:5.6.1", "cpe:/a:oracle:mysql:5.5.22", "cpe:/a:oracle:mysql:5.5.16", "cpe:/a:vmware:vcenter_server_appliance:5.1:update_2", "cpe:/a:oracle:mysql:5.6.5", "cpe:/a:oracle:mysql:5.5.13", "cpe:/a:vmware:vcenter_server_appliance:5.0:update_2", "cpe:/a:vmware:vcenter_server_appliance:5.1", "cpe:/a:mysql:mysql:5.5.4", "cpe:/o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3", "cpe:/a:oracle:mysql:5.5.10", "cpe:/a:oracle:mysql:5.5.18", "cpe:/a:oracle:mysql:5.5.19", "cpe:/o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp3", "cpe:/a:oracle:mysql:5.6.16", "cpe:/a:mysql:mysql:5.5.0", "cpe:/a:oracle:mysql:5.5.14", "cpe:/a:oracle:mysql:5.6.6", "cpe:/a:oracle:mysql:5.5.29", "cpe:/o:opensuse_project:suse_linux_enterprise_server:11.0:sp3:~~~vmware~~", "cpe:/o:opensuse_project:suse_linux_enterprise_server:11.0:sp3", "cpe:/a:oracle:mysql:5.5.15", "cpe:/a:oracle:mysql:5.5.25:a", "cpe:/a:mysql:mysql:5.5.8", "cpe:/a:oracle:mysql:5.6.8", "cpe:/a:vmware:vcenter_server_appliance:5.5", "cpe:/a:oracle:mysql:5.6.14", "cpe:/a:oracle:mysql:5.6.4", "cpe:/a:oracle:mysql:5.5.33", "cpe:/a:oracle:mysql:5.5.24", "cpe:/a:oracle:mysql:5.6.13", "cpe:/a:oracle:mysql:5.6.3", "cpe:/a:oracle:mysql:5.5.35", "cpe:/a:oracle:mysql:5.6.0", "cpe:/a:mysql:mysql:5.5.9", "cpe:/a:mysql:mysql:5.5.3", "cpe:/a:mysql:mysql:5.5.5", "cpe:/a:oracle:mysql:5.6.11", "cpe:/a:oracle:mysql:5.6.2", "cpe:/a:mysql:mysql:5.5.2", "cpe:/a:oracle:mysql:5.5.26", "cpe:/a:oracle:mysql:5.5.30", "cpe:/a:oracle:mysql:5.5.36", "cpe:/a:mysql:mysql:5.5.1", "cpe:/a:oracle:mysql:5.5.31", "cpe:/a:oracle:mysql:5.5.23", "cpe:/a:vmware:vcenter_server_appliance:5.0:update_1", "cpe:/a:oracle:mysql:5.6.9", "cpe:/a:oracle:mysql:5.5.11", "cpe:/a:oracle:mysql:5.6.7", "cpe:/a:vmware:vcenter_server_appliance:5.1:update_1", "cpe:/a:mysql:mysql:5.5.7", "cpe:/a:oracle:mysql:5.5.20", "cpe:/a:oracle:mysql:5.5.37", "cpe:/a:mysql:mysql:5.5.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:oracle:mysql:5.5.28", "cpe:/a:oracle:mysql:5.5.27", "cpe:/a:vmware:vcenter_server_appliance:5.5:update_1", "cpe:/a:vmware:vcenter_server_appliance:5.0", "cpe:/a:oracle:mysql:5.5.32", "cpe:/a:oracle:mysql:5.5.12", "cpe:/a:oracle:mysql:5.6.17", "cpe:/a:oracle:mysql:5.5.17", "cpe:/a:oracle:mysql:5.5.34", "cpe:/a:oracle:mysql:5.5.21", "cpe:/a:oracle:mysql:5.5.25", "cpe:/a:oracle:mysql:5.6.12", "cpe:/o:oracle:solaris:11.3", "cpe:/a:oracle:mysql:5.6.15", "cpe:/a:oracle:mysql:5.6.10"], "cvelist": ["CVE-2014-4258"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", "edition": 2, "enchantments": {}, "hash": "bfc35965801b53adee7db98a0bcf325d311f49f6e34ea3476f8fe52ee6e63174", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "624ca772d8bb1cc9c6882d03a84825a9", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "ecf6375b08dc53f28f098e58c8973feb", "key": "cpe"}, {"hash": "37246a70b2de47bfaa93ee47aa2cdb14", "key": "cvelist"}, {"hash": "3470d3e34144cc5dbd37da436ae755c9", "key": "references"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "29178b01f5d434de69fe73cc20ea7066", "key": "title"}, {"hash": "9644040d5d1e96ae364d4f0a3687c844", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b47359993e7a1069b42b1d15ed053f48", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "950c46516b6d0be182f7bbac13a75520", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4258", "id": "CVE-2014-4258", "lastseen": "2017-04-18T15:55:03", "modified": "2017-01-06T22:00:14", "objectVersion": "1.2", "published": "2014-07-17T07:17:10", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://www.securitytracker.com/id/1030578", "http://www.debian.org/security/2014/dsa-2985", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://secunia.com/advisories/60425", "http://xforce.iss.net/xforce/xfdb/94620", "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "http://www.securityfocus.com/bid/68564", "http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2014-4258", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:55:03"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:mysql:5.6.1", "cpe:/a:oracle:mysql:5.5.22", "cpe:/a:oracle:mysql:5.5.16", "cpe:/a:oracle:mysql:5.6.5", "cpe:/a:oracle:mysql:5.5.13", "cpe:/a:mysql:mysql:5.5.4", "cpe:/a:oracle:mysql:5.5.10", "cpe:/a:oracle:mysql:5.5.18", "cpe:/a:oracle:mysql:5.5.19", "cpe:/a:oracle:mysql:5.6.16", "cpe:/a:mysql:mysql:5.5.0", "cpe:/a:oracle:mysql:5.5.14", "cpe:/a:oracle:mysql:5.6.6", "cpe:/a:oracle:mysql:5.5.29", "cpe:/a:oracle:mysql:5.5.15", "cpe:/a:oracle:mysql:5.5.25:a", "cpe:/a:mysql:mysql:5.5.8", "cpe:/a:oracle:mysql:5.6.8", "cpe:/a:oracle:mysql:5.6.14", "cpe:/a:oracle:mysql:5.6.4", "cpe:/a:oracle:mysql:5.5.33", "cpe:/a:oracle:mysql:5.5.24", "cpe:/a:oracle:mysql:5.6.13", "cpe:/a:oracle:mysql:5.6.3", "cpe:/a:oracle:mysql:5.5.35", "cpe:/a:oracle:mysql:5.6.0", "cpe:/a:mysql:mysql:5.5.9", "cpe:/a:mysql:mysql:5.5.3", "cpe:/a:mysql:mysql:5.5.5", "cpe:/a:oracle:mysql:5.6.11", "cpe:/a:oracle:mysql:5.6.2", "cpe:/a:mysql:mysql:5.5.2", "cpe:/a:oracle:mysql:5.5.26", "cpe:/a:oracle:mysql:5.5.30", "cpe:/a:oracle:mysql:5.5.36", "cpe:/a:mysql:mysql:5.5.1", "cpe:/a:oracle:mysql:5.5.31", "cpe:/a:oracle:mysql:5.5.23", "cpe:/a:oracle:mysql:5.6.9", "cpe:/a:oracle:mysql:5.5.11", "cpe:/a:oracle:mysql:5.6.7", "cpe:/a:mysql:mysql:5.5.7", "cpe:/a:oracle:mysql:5.5.20", "cpe:/a:oracle:mysql:5.5.37", "cpe:/a:mysql:mysql:5.5.6", "cpe:/a:oracle:mysql:5.5.28", "cpe:/a:oracle:mysql:5.5.27", "cpe:/a:oracle:mysql:5.5.32", "cpe:/a:oracle:mysql:5.5.12", "cpe:/a:oracle:mysql:5.6.17", "cpe:/a:oracle:mysql:5.5.17", "cpe:/a:oracle:mysql:5.5.34", "cpe:/a:oracle:mysql:5.5.21", "cpe:/a:oracle:mysql:5.5.25", "cpe:/a:oracle:mysql:5.6.12", "cpe:/a:oracle:mysql:5.6.15", "cpe:/a:oracle:mysql:5.6.10"], "cvelist": ["CVE-2014-4258"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", "edition": 1, "hash": "c167ddba64ade7f3b4049c89f33f83730b4a82b158324e83cedc0644358ca57a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "624ca772d8bb1cc9c6882d03a84825a9", "key": "published"}, {"hash": "a102a294b58e9fc4701e4a2b006dc95d", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "820d7a6ef1dcf98f973c96e9339c2586", "key": "modified"}, {"hash": "37246a70b2de47bfaa93ee47aa2cdb14", "key": "cvelist"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "29178b01f5d434de69fe73cc20ea7066", "key": "title"}, {"hash": "9644040d5d1e96ae364d4f0a3687c844", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b47359993e7a1069b42b1d15ed053f48", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "ded415cde8da49872b52d0ff8cfae196", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4258", "id": "CVE-2014-4258", "lastseen": "2016-09-03T20:36:46", "modified": "2014-12-11T22:02:59", "objectVersion": "1.2", "published": "2014-07-17T07:17:10", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://www.debian.org/security/2014/dsa-2985", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://xforce.iss.net/xforce/xfdb/94620", "http://www.securityfocus.com/bid/68564", "http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2014-4258", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified", "cpe"], "edition": 1, "lastseen": "2016-09-03T20:36:46"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ecf6375b08dc53f28f098e58c8973feb"}, {"key": "cvelist", "hash": "37246a70b2de47bfaa93ee47aa2cdb14"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "9644040d5d1e96ae364d4f0a3687c844"}, {"key": "href", "hash": "b47359993e7a1069b42b1d15ed053f48"}, {"key": "modified", "hash": "b1aca730658657271008d8727ba15557"}, {"key": "published", "hash": "624ca772d8bb1cc9c6882d03a84825a9"}, {"key": "references", "hash": "475ff0c789cf5884703e3212f224af98"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "29178b01f5d434de69fe73cc20ea7066"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cdcbcde93923e9f2c44c26856fce657f3f255b340694e5dd97d52aa9bb324545", "viewCount": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:oracle:mysql:5.6.1", "cpe:/a:oracle:mysql:5.5.22", "cpe:/a:oracle:mysql:5.5.16", "cpe:/a:vmware:vcenter_server_appliance:5.1:update_2", "cpe:/a:oracle:mysql:5.6.5", "cpe:/a:oracle:mysql:5.5.13", "cpe:/a:vmware:vcenter_server_appliance:5.0:update_2", "cpe:/a:vmware:vcenter_server_appliance:5.1", "cpe:/a:mysql:mysql:5.5.4", "cpe:/o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3", "cpe:/a:oracle:mysql:5.5.10", "cpe:/a:oracle:mysql:5.5.18", "cpe:/a:oracle:mysql:5.5.19", "cpe:/o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp3", "cpe:/a:oracle:mysql:5.6.16", "cpe:/a:mysql:mysql:5.5.0", "cpe:/a:oracle:mysql:5.5.14", "cpe:/a:oracle:mysql:5.6.6", "cpe:/a:oracle:mysql:5.5.29", "cpe:/o:opensuse_project:suse_linux_enterprise_server:11.0:sp3:~~~vmware~~", "cpe:/o:opensuse_project:suse_linux_enterprise_server:11.0:sp3", "cpe:/a:oracle:mysql:5.5.15", "cpe:/a:oracle:mysql:5.5.25:a", "cpe:/a:mysql:mysql:5.5.8", "cpe:/a:oracle:mysql:5.6.8", "cpe:/a:vmware:vcenter_server_appliance:5.5", "cpe:/a:oracle:mysql:5.6.14", "cpe:/a:oracle:mysql:5.6.4", "cpe:/a:oracle:mysql:5.5.33", "cpe:/a:oracle:mysql:5.5.24", "cpe:/a:oracle:mysql:5.6.13", "cpe:/a:oracle:mysql:5.6.3", "cpe:/a:oracle:mysql:5.5.35", "cpe:/a:oracle:mysql:5.6.0", "cpe:/a:mysql:mysql:5.5.9", "cpe:/a:mysql:mysql:5.5.3", "cpe:/a:mysql:mysql:5.5.5", "cpe:/a:oracle:mysql:5.6.11", "cpe:/a:oracle:mysql:5.6.2", "cpe:/a:mysql:mysql:5.5.2", "cpe:/a:oracle:mysql:5.5.26", "cpe:/a:oracle:mysql:5.5.30", "cpe:/a:oracle:mysql:5.5.36", "cpe:/a:mysql:mysql:5.5.1", "cpe:/a:oracle:mysql:5.5.31", "cpe:/a:oracle:mysql:5.5.23", "cpe:/a:vmware:vcenter_server_appliance:5.0:update_1", "cpe:/a:oracle:mysql:5.6.9", "cpe:/a:oracle:mysql:5.5.11", "cpe:/a:oracle:mysql:5.6.7", "cpe:/a:vmware:vcenter_server_appliance:5.1:update_1", "cpe:/a:mysql:mysql:5.5.7", "cpe:/a:oracle:mysql:5.5.20", "cpe:/a:oracle:mysql:5.5.37", "cpe:/a:mysql:mysql:5.5.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:oracle:mysql:5.5.28", "cpe:/a:oracle:mysql:5.5.27", "cpe:/a:vmware:vcenter_server_appliance:5.5:update_1", "cpe:/a:vmware:vcenter_server_appliance:5.0", "cpe:/a:oracle:mysql:5.5.32", "cpe:/a:oracle:mysql:5.5.12", "cpe:/a:oracle:mysql:5.6.17", "cpe:/a:oracle:mysql:5.5.17", "cpe:/a:oracle:mysql:5.5.34", "cpe:/a:oracle:mysql:5.5.21", "cpe:/a:oracle:mysql:5.5.25", "cpe:/a:oracle:mysql:5.6.12", "cpe:/o:oracle:solaris:11.3", "cpe:/a:oracle:mysql:5.6.15", "cpe:/a:oracle:mysql:5.6.10"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"openvas": [{"lastseen": "2018-11-13T12:48:30", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL", "http://secunia.com/advisories/59521", "http://www.computerworld.com/s/article/9249690/Oracle_to_release_115_security_patches"], "pluginID": "1361412562310808131", "description": "This host is running Oracle MySQL\n and is prone to multiple unspecified vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-03T00:00:00", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-19 Jun16 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258"], "modified": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310808131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808131", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln19_jun16_lin.nasl 39440 2014-07-24 17:08:01Z july$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-19 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808131\");\n script_version(\"$Revision: 12323 $\");\n script_cve_id(\"CVE-2014-4258\", \"CVE-2014-4260\");\n script_bugtraq_id(68564, 68573);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 16:36:30 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:35 +0530 (Fri, 03 Jun 2016)\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-19 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL\n Server component via unknown vectors related to SRINFOSC and SRCHAR.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to manipulate certain data and cause a DoS (Denial of Service).\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.37 and\n earlier and 5.6.17 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59521\");\n script_xref(name:\"URL\", value:\"http://www.computerworld.com/s/article/9249690/Oracle_to_release_115_security_patches\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.37\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.17\"))\n {\n security_message(sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:40:46", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL", "http://secunia.com/advisories/59521", "http://www.computerworld.com/s/article/9249690/Oracle_to_release_115_security_patches"], "pluginID": "1361412562310804722", "description": "This host is running Oracle MySQL and is prone to multiple unspecified\nvulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-07-24T00:00:00", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310804722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln02_july14_win.nasl 39440 2014-07-24 17:08:01Z july$\n#\n# Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804722\");\n script_version(\"$Revision: 11878 $\");\n script_cve_id(\"CVE-2014-4258\", \"CVE-2014-4260\");\n script_bugtraq_id(68564, 68573);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:40:08 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-24 17:11:25 +0530 (Thu, 24 Jul 2014)\");\n script_name(\"Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is prone to multiple unspecified\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server component via unknown vectors related\nto SRINFOSC and SRCHAR.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to manipulate certain data\nand cause a DoS (Denial of Service).\");\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.37 and earlier and 5.6.17 and earlier on Windows.\");\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59521\");\n script_xref(name:\"URL\", value:\"http://www.computerworld.com/s/article/9249690/Oracle_to_release_115_security_patches\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.37\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.17\"))\n {\n security_message(sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-02T10:49:14", "references": ["http://www.debian.org/security/2014/dsa-2985.html"], "pluginID": "702985", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-07-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2017-07-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702985", "id": "OPENVAS:702985", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2985.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2985-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"mysql-5.5 on Debian Linux\";\ntag_insight = \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.38-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\";\ntag_summary = \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702985);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n script_name(\"Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-22 00:00:00 +0200 (Tue, 22 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2985.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:03:36", "references": ["http://www.ubuntu.com/usn/usn-2291-1/", "2291-1"], "pluginID": "1361412562310841905", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-07-21T00:00:00", "title": "Ubuntu Update for mysql-5.5 USN-2291-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310841905", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2291_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for mysql-5.5 USN-2291-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841905\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-21 18:10:14 +0530 (Mon, 21 Jul 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for mysql-5.5 USN-2291-1\");\n\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in MySQL and this\nupdate includes a new upstream MySQL version to fix these issues. MySQL has\nbeen updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2291-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2291-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:01", "references": ["http://www.debian.org/security/2014/dsa-2985.html"], "pluginID": "1361412562310702985", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-07-22T00:00:00", "title": "Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310702985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702985", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2985.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2985-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"mysql-5.5 on Debian Linux\";\ntag_insight = \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.38-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\";\ntag_summary = \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702985\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n script_name(\"Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-22 00:00:00 +0200 (Tue, 22 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2985.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.38-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:01:52", "references": ["2014:1072_1", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"], "pluginID": "1361412562310850819", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for MySQL SUSE-SU-2014:1072-1 (MySQL)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1072_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for MySQL SUSE-SU-2014:1072-1 (MySQL)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850819\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-2484\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4214\", \"CVE-2014-4233\", \"CVE-2014-4238\", \"CVE-2014-4240\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MySQL SUSE-SU-2014:1072-1 (MySQL)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MySQL'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This MySQL update provides the following:\n\n * upgrade to version 5.5.39, [bnc#887580]\n\n * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260,\n CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233,\n CVE-2014-4240, CVE-2014-4214, CVE-2014-4243\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\");\n\n script_tag(name:\"affected\", value:\"MySQL on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1072_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql55client18\", rpm:\"libmysql55client18~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql55client_r18\", rpm:\"libmysql55client_r18~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient15\", rpm:\"libmysqlclient15~5.0.96~0.6.13\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r15\", rpm:\"libmysqlclient_r15~5.0.96~0.6.13\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-tools\", rpm:\"mysql-tools~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql55client18-32bit\", rpm:\"libmysql55client18-32bit~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient15-32bit\", rpm:\"libmysqlclient15-32bit~5.0.96~0.6.13\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql55client18-x86\", rpm:\"libmysql55client18-x86~5.5.39~0.7.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient15-x86\", rpm:\"libmysqlclient15-x86~5.0.96~0.6.13\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:36", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "2014:1859"], "pluginID": "1361412562310882084", "description": "Check the version of mysql55-mysql", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-18T00:00:00", "title": "CentOS Update for mysql55-mysql CESA-2014:1859 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2017-07-20T00:00:00", "id": "OPENVAS:1361412562310882084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mysql55-mysql CESA-2014:1859 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882084\");\n script_version(\"$Revision: 6769 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-20 11:56:33 +0200 (Thu, 20 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:39:13 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_name(\"CentOS Update for mysql55-mysql CESA-2014:1859 centos5 \");\n\n script_tag(name: \"summary\", value: \"Check the version of mysql55-mysql\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of\ndetect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MySQL is a multi-user, multi-threaded SQL\ndatabase server. It consists of the MySQL server daemon (mysqld) and many client\nprograms and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mysql55-mysql on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1859\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:35", "references": ["http://linux.oracle.com/errata/ELSA-2014-1859.html"], "pluginID": "1361412562310123248", "description": "Oracle Linux Local Security Checks ELSA-2014-1859", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-1859", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1859.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123248\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1859\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1859 - mysql55-mysql security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1859\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1859.html\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6559\", \"CVE-2014-6551\", \"CVE-2014-4287\", \"CVE-2014-6469\", \"CVE-2014-6507\", \"CVE-2014-6555\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:23:53", "references": ["http://linux.oracle.com/errata/ELSA-2014-1861.html"], "pluginID": "1361412562310123249", "description": "Oracle Linux Local Security Checks ELSA-2014-1861", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-1861", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123249", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1861.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123249\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1861\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1861 - mariadb security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1861\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1861.html\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:13:37", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-November/msg00031.html", "2014:1861-01"], "pluginID": "1361412562310871292", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-18T00:00:00", "title": "RedHat Update for mariadb RHSA-2014:1861-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871292", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2014:1861-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871292\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:35:36 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_name(\"RedHat Update for mariadb RHSA-2014:1861-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1861-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00031.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-12-06T13:23:50", "references": [], "description": "### *CVSS*:\n6.5\n\n### *Detect date*:\n07/17/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nUnspecified vulnerabilities were found in MySQL Server. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely at vectors related to SRCHAR, SRINFOSC and ENFED.\n\n### *Affected products*:\nOracle MySQL Server versions 5.5.37 and earlier \nOracle MySQL Server 5.6 versions 5.6.17 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MySQL](<https://threats.kaspersky.com/en/product/MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2014-4258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258>) \n[CVE-2014-4260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260>) \n[CVE-2014-4243](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243>)", "edition": 27, "reporter": "Kaspersky Lab", "published": "2014-07-17T00:00:00", "title": "\r KLA10265Multiple vulnerabilities in MySQL ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4243"], "modified": "2018-12-04T00:00:00", "id": "KLA10265", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10265", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:19", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-2494", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4207", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4260", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4258"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.5.38-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mysql-server-5.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.38-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mysql-server-5.5", "operator": "lt"}], "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html> <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html>", "edition": 3, "reporter": "Ubuntu", "published": "2014-07-17T00:00:00", "title": "MySQL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2014-07-17T00:00:00", "id": "USN-2291-1", "href": "https://usn.ubuntu.com/2291-1/", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:14", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "5.5.38-0+wheezy1", "arch": "all", "packageFilename": "mysql-5.5_5.5.38-0+wheezy1_all.deb", "packageName": "mysql-5.5", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2985-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJuly 22, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260\nDebian Bug : 754941\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle&#x27;s\nCritical Patch Update advisory for further details:\n\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.38-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-07-22T18:59:06", "title": "[SECURITY] [DSA 2985-1] mysql-5.5 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:14", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2014-07-22T18:59:06", "id": "DEBIAN:DSA-2985-1:15C60", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00167.html", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-11-17T03:12:18", "references": ["http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html", "http://www.nessus.org/u?77697fb1"], "pluginID": "76529", "description": "The version of MySQL 5.5.x installed on the remote host is prior to 5.5.38. It is, therefore, affected by errors in the following components :\n\n - ENARC\n - SRCHAR\n - SRINFOSC\n - SROPTZR", "edition": 6, "reporter": "Tenable", "published": "2014-07-16T00:00:00", "title": "MySQL 5.5.x < 5.5.38 MySQL Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_5_38.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76529);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2014-2494\",\n \"CVE-2014-4207\",\n \"CVE-2014-4258\",\n \"CVE-2014-4260\"\n );\n script_bugtraq_id(68564, 68573, 68579, 68593);\n\n script_name(english:\"MySQL 5.5.x < 5.5.38 MySQL Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL 5.5.x installed on the remote host is prior to\n5.5.38. It is, therefore, affected by errors in the following\ncomponents :\n\n - ENARC\n - SRCHAR\n - SRINFOSC\n - SROPTZR\");\n # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77697fb1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL 5.5.38 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.5.38', min:'5.5', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-20T03:36:08", "references": ["https://www.debian.org/security/2014/dsa-2985", "https://packages.debian.org/source/wheezy/mysql-5.5", "https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754941", "http://www.nessus.org/u?77697fb1"], "pluginID": "76690", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\n - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 38.html\n - http://www.oracle.com/technetwork/topics/security/cpujul 2014-1972956.html", "edition": 8, "reporter": "Tenable", "published": "2014-07-23T00:00:00", "title": "Debian DSA-2985-1 : mysql-5.5 - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2018-11-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-5.5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2985.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2985. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76690);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n script_bugtraq_id(68564, 68573, 68579, 68593);\n script_xref(name:\"DSA\", value:\"2985\");\n\n script_name(english:\"Debian DSA-2985-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 38.html\n -\n http://www.oracle.com/technetwork/topics/security/cpujul\n 2014-1972956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754941\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77697fb1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2985\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.5.38-0+wheezy1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.38-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.38-0+wheezy1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-02T15:30:12", "references": ["https://usn.ubuntu.com/2291-1/"], "pluginID": "76586", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.h tml.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2014-07-18T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2291-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2291-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2291-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76586);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n script_bugtraq_id(68564, 68573, 68579, 68593);\n script_xref(name:\"USN\", value:\"2291-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2291-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues. MySQL has\nbeen updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2291-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-server-5.5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.38-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.38-0ubuntu0.14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-17T03:09:34", "references": ["https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-19.html", "http://www.nessus.org/u?77697fb1"], "pluginID": "76530", "description": "The version of MySQL 5.6.x installed on the remote host is prior to 5.6.19. It is, therefore, affected by vulnerabilities in the following components :\n\n - SRCHAR\n - SRFTS\n - SRINFOSC\n - SROPTZR\n - SRREP\n - SRREP\n - SRSP", "edition": 6, "reporter": "Tenable", "published": "2014-07-16T00:00:00", "title": "MySQL 5.6.x < 5.6.19 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2484", "CVE-2014-4240"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_19.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76530", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76530);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2014-2484\",\n \"CVE-2014-4214\",\n \"CVE-2014-4233\",\n \"CVE-2014-4238\",\n \"CVE-2014-4240\",\n \"CVE-2014-4258\",\n \"CVE-2014-4260\"\n );\n script_bugtraq_id(68560, 68564, 68573, 68587, 68598, 68602, 68607);\n\n script_name(english:\"MySQL 5.6.x < 5.6.19 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL 5.6.x installed on the remote host is prior to\n5.6.19. It is, therefore, affected by vulnerabilities in the following\ncomponents :\n\n - SRCHAR\n - SRFTS\n - SRINFOSC\n - SROPTZR\n - SRREP\n - SRREP\n - SRSP\");\n # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77697fb1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-19.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL 5.6.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.19', min:'5.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:09", "references": ["http://support.novell.com/security/cve/CVE-2014-4260.html", "http://support.novell.com/security/cve/CVE-2014-4214.html", "http://support.novell.com/security/cve/CVE-2014-4233.html", "http://support.novell.com/security/cve/CVE-2014-4238.html", "http://support.novell.com/security/cve/CVE-2014-2494.html", "http://support.novell.com/security/cve/CVE-2014-4258.html", "http://support.novell.com/security/cve/CVE-2014-2484.html", "http://support.novell.com/security/cve/CVE-2014-4243.html", "https://bugzilla.novell.com/show_bug.cgi?id=887580", "http://support.novell.com/security/cve/CVE-2014-4207.html", "http://support.novell.com/security/cve/CVE-2014-4240.html"], "pluginID": "77435", "description": "This MySQL update provides the following :\n\n - upgrade to version 5.5.39, [bnc#887580]\n\n - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 / CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 / CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 / CVE-2014-4214 / CVE-2014-4243) See also:\n http://www.oracle.com/technetwork/topics/security/cpujul 2014-1972956.html", "edition": 4, "reporter": "Tenable", "published": "2014-08-29T00:00:00", "title": "SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "modified": "2014-10-17T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mysql-client", "p-cpe:/a:novell:suse_linux:11:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15", "p-cpe:/a:novell:suse_linux:11:libmysql55client18", "p-cpe:/a:novell:suse_linux:11:mysql-tools", "p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit", "p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit", "p-cpe:/a:novell:suse_linux:11:mysql", "p-cpe:/a:novell:suse_linux:11:libmysqlclient15"], "id": "SUSE_11_LIBMYSQL55CLIENT18-140820.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77435);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/10/17 17:39:52 $\");\n\n script_cve_id(\"CVE-2014-2484\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4214\", \"CVE-2014-4233\", \"CVE-2014-4238\", \"CVE-2014-4240\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n\n script_name(english:\"SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MySQL update provides the following :\n\n - upgrade to version 5.5.39, [bnc#887580]\n\n - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 /\n CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 /\n CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 /\n CVE-2014-4214 / CVE-2014-4243) See also:\n http://www.oracle.com/technetwork/topics/security/cpujul\n 2014-1972956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4207.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4258.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4260.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9624.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libmysql55client18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libmysql55client_r18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libmysqlclient15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libmysqlclient15-32bit-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libmysqlclient_r15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mysql-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mysql-client-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mysql-tools-5.5.39-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:15", "references": ["http://support.novell.com/security/cve/CVE-2014-4260.html", "http://support.novell.com/security/cve/CVE-2014-4214.html", "http://support.novell.com/security/cve/CVE-2014-4233.html", "http://support.novell.com/security/cve/CVE-2014-4238.html", "http://support.novell.com/security/cve/CVE-2014-2494.html", "http://support.novell.com/security/cve/CVE-2014-4258.html", "http://support.novell.com/security/cve/CVE-2014-2484.html", "http://support.novell.com/security/cve/CVE-2014-4243.html", "https://bugzilla.novell.com/show_bug.cgi?id=887580", "http://support.novell.com/security/cve/CVE-2014-4207.html", "http://support.novell.com/security/cve/CVE-2014-4240.html"], "pluginID": "77434", "description": "This MySQL update provides the following :\n\n - upgrade to version 5.5.39, [bnc#887580]\n\n - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 / CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 / CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 / CVE-2014-4214 / CVE-2014-4243) See also:\n http://www.oracle.com/technetwork/topics/security/cpujul 2014-1972956.html", "edition": 4, "reporter": "Tenable", "published": "2014-08-29T00:00:00", "title": "SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "modified": "2014-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mysql-client", "p-cpe:/a:novell:suse_linux:11:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15", "p-cpe:/a:novell:suse_linux:11:libmysql55client18", "p-cpe:/a:novell:suse_linux:11:mysql-tools", "p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit", "p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit", "p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit", "p-cpe:/a:novell:suse_linux:11:mysql", "p-cpe:/a:novell:suse_linux:11:libmysqlclient15"], "id": "SUSE_11_LIBMYSQL55CLIENT18-140819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77434);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/10/17 17:39:52 $\");\n\n script_cve_id(\"CVE-2014-2484\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4214\", \"CVE-2014-4233\", \"CVE-2014-4238\", \"CVE-2014-4240\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\");\n\n script_name(english:\"SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MySQL update provides the following :\n\n - upgrade to version 5.5.39, [bnc#887580]\n\n - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 /\n CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 /\n CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 /\n CVE-2014-4214 / CVE-2014-4243) See also:\n http://www.oracle.com/technetwork/topics/security/cpujul\n 2014-1972956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4207.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4258.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4260.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9624.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libmysql55client18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libmysql55client_r18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libmysqlclient15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libmysqlclient_r15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mysql-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mysql-client-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client_r18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient_r15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient_r15-32bit-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mysql-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mysql-client-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libmysql55client18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libmysql55client_r18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libmysqlclient15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libmysqlclient_r15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mysql-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mysql-client-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mysql-tools-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libmysql55client_r18-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libmysqlclient_r15-5.0.96-0.6.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mysql-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mysql-client-5.5.39-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mysql-tools-5.5.39-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:42", "references": ["http://www.nessus.org/u?a3ad05fe"], "pluginID": "79304", "description": "This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "edition": 4, "reporter": "Tenable", "published": "2014-11-18T00:00:00", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-18T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141117_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79304);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/18 14:25:31 $\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will\nbe restarted automatically.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=3203\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3ad05fe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:10", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-November/004646.html"], "pluginID": "79370", "description": "From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "edition": 5, "reporter": "Tenable", "published": "2014-11-21T00:00:00", "title": "Oracle Linux 7 : mariadb (ELSA-2014-1861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-test", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-bench", "p-cpe:/a:oracle:linux:mariadb-libs", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1861 and \n# Oracle Linux Security Advisory ELSA-2014-1861 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79370);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2014-1861)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004646.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:44:13", "references": ["https://access.redhat.com/security/cve/cve-2014-6530", "https://access.redhat.com/security/cve/cve-2014-6505", "https://access.redhat.com/security/cve/cve-2014-6484", "https://access.redhat.com/security/cve/cve-2012-5615", "https://access.redhat.com/security/cve/cve-2014-6469", "https://access.redhat.com/security/cve/cve-2014-6555", "https://access.redhat.com/security/cve/cve-2014-4258", "https://access.redhat.com/security/cve/cve-2014-4260", "https://access.redhat.com/security/cve/cve-2014-6507", "https://access.redhat.com/security/cve/cve-2014-6551", "https://access.redhat.com/security/cve/cve-2014-4287", "https://access.redhat.com/security/cve/cve-2014-4207", "https://access.redhat.com/security/cve/cve-2014-6464", "https://mariadb.com/kb/en/mariadb/development/release-notes/", "https://access.redhat.com/security/cve/cve-2014-4243", "https://access.redhat.com/security/cve/cve-2014-2494", "https://access.redhat.com/security/cve/cve-2014-6559", "http://www.nessus.org/u?3421cbe7", "https://access.redhat.com/security/cve/cve-2014-6463", "http://www.nessus.org/u?3e658eb0", "https://access.redhat.com/errata/RHSA-2014:1861", "https://access.redhat.com/security/cve/cve-2014-6520", "https://access.redhat.com/security/cve/cve-2014-4274"], "pluginID": "79303", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "edition": 9, "reporter": "Tenable", "published": "2014-11-18T00:00:00", "title": "RHEL 7 : mariadb (RHSA-2014:1861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:mariadb-bench", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:mariadb-test", "p-cpe:/a:redhat:enterprise_linux:mariadb-server"], "id": "REDHAT-RHSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1861. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79303);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2014:1861)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3421cbe7\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e658eb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/mariadb/development/release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6463\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1861\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:30", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-November/004647.html"], "pluginID": "79369", "description": "From Red Hat Security Advisory 2014:1859 :\n\nUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes.\n\nAll MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "edition": 5, "reporter": "Tenable", "published": "2014-11-21T00:00:00", "title": "Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mysql55-mysql", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:mysql55-mysql-libs", "p-cpe:/a:oracle:linux:mysql55-mysql-bench", "p-cpe:/a:oracle:linux:mysql55-mysql-test", "p-cpe:/a:oracle:linux:mysql55-mysql-server", "p-cpe:/a:oracle:linux:mysql55-mysql-devel"], "id": "ORACLELINUX_ELSA-2014-1859.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1859 and \n# Oracle Linux Security Advisory ELSA-2014-1859 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79369);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(68564, 68573, 68579, 68593, 68611, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1859\");\n\n script_name(english:\"Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1859 :\n\nUpdated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004647.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql55-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-devel-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-devel / etc\");\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:49:16", "references": ["https://bugzilla.novell.com/887580", "http://download.suse.com/patch/finder/?keywords=8b3fd18dd93c87bd6dd0292986f6e140"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.i586.rpm", "packageName": "mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.i586.rpm", "packageName": "libmysqlclient15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.13.s390x.rpm", "packageName": "libmysqlclient15-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient_r15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.i586.rpm", "packageName": "libmysqlclient_r15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.ia64.rpm", "packageName": "mysql-client", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.s390x.rpm", "packageName": "mysql-client", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client_r18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.i586.rpm", "packageName": "mysql-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.s390x.rpm", "packageName": "libmysqlclient_r15", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.i586.rpm", "packageName": "mysql-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-32bit-5.5.39-0.7.1.ppc64.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.ia64.rpm", "packageName": "libmysql55client_r18", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.ppc64.rpm", "packageName": "mysql", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient_r15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.s390x.rpm", "packageName": "libmysql55client18", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.ppc64.rpm", "packageName": "libmysql55client18", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.i586.rpm", "packageName": "libmysql55client18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client_r18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-32bit-5.5.39-0.7.1.s390x.rpm", "packageName": "libmysql55client18-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.ppc64.rpm", "packageName": "libmysqlclient_r15", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-32bit-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.ppc64.rpm", "packageName": "libmysql55client_r18", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-32bit-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.i586.rpm", "packageName": "libmysqlclient_r15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-32bit-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.s390x.rpm", "packageName": "libmysqlclient15", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.ia64.rpm", "packageName": "libmysqlclient_r15", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.i586.rpm", "packageName": "mysql-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.13.s390x.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.s390x.rpm", "packageName": "mysql", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.i586.rpm", "packageName": "libmysql55client_r18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-32bit-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.i586.rpm", "packageName": "libmysql55client_r18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.13.ppc64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.ia64.rpm", "packageName": "mysql", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.i586.rpm", "packageName": "libmysql55client18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.i586.rpm", "packageName": "libmysql55client18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-32bit-5.5.39-0.7.1.ppc64.rpm", "packageName": "libmysql55client18-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.13.ppc64.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.s390x.rpm", "packageName": "libmysql55client_r18", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-32bit-5.5.39-0.7.1.s390x.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-32bit-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.ppc64.rpm", "packageName": "libmysqlclient15", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-x86-5.5.39-0.7.1.ia64.rpm", "packageName": "libmysql55client_r18-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.i586.rpm", "packageName": "mysql-tools", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-x86-5.0.96-0.6.13.ia64.rpm", "packageName": "libmysqlclient_r15-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient_r15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-x86-5.0.96-0.6.13.ia64.rpm", "packageName": "libmysqlclient15-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.ppc64.rpm", "packageName": "mysql-tools", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.x86_64.rpm", "packageName": "mysql-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.i586.rpm", "packageName": "mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.x86_64.rpm", "packageName": "libmysql55client_r18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-5.5.39-0.7.1.ia64.rpm", "packageName": "libmysql55client18", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.i586.rpm", "packageName": "mysql-tools", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client_r18-5.5.39-0.7.1.i586.rpm", "packageName": "libmysql55client_r18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "libmysql55client18-x86-5.5.39-0.7.1.ia64.rpm", "packageName": "libmysql55client18-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.ia64.rpm", "packageName": "libmysqlclient15", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.s390x.rpm", "packageName": "mysql-tools", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-client-5.5.39-0.7.1.ppc64.rpm", "packageName": "mysql-client", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-5.5.39-0.7.1.i586.rpm", "packageName": "mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.13.x86_64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.13.i586.rpm", "packageName": "libmysqlclient_r15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.39-0.7.1", "packageFilename": "mysql-tools-5.5.39-0.7.1.ia64.rpm", "packageName": "mysql-tools", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.i586.rpm", "packageName": "libmysqlclient15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.13", "packageFilename": "libmysqlclient15-5.0.96-0.6.13.i586.rpm", "packageName": "libmysqlclient15", "arch": "i586", "operator": "lt"}], "description": "This MySQL update provides the following:\n\n * upgrade to version 5.5.39, [bnc#887580]\n * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260,\n CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233,\n CVE-2014-4240, CVE-2014-4214, CVE-2014-4243\n\n See also:\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a>&gt;\n\n Security Issues:\n\n * CVE-2014-2484\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484</a>&gt;\n * CVE-2014-4258\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258</a>&gt;\n * CVE-2014-4260\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260</a>&gt;\n * CVE-2014-2494\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494</a>&gt;\n * CVE-2014-4238\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238</a>&gt;\n * CVE-2014-4207\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207</a>&gt;\n * CVE-2014-4233\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233</a>&gt;\n * CVE-2014-4240\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240</a>&gt;\n * CVE-2014-4214\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214</a>&gt;\n * CVE-2014-4243\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2014-08-28T19:04:39", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Security update for MySQL (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "modified": "2014-08-28T19:04:39", "id": "SUSE-SU-2014:1072-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:23:04", "references": ["https://bugzilla.suse.com/919229", "https://bugzilla.suse.com/906194", "https://bugzilla.suse.com/896400", "https://bugzilla.suse.com/915911", "https://bugzilla.suse.com/880891", "https://bugzilla.suse.com/915912", "https://bugzilla.suse.com/904627", "https://bugzilla.suse.com/915914", "https://bugzilla.suse.com/915913", "https://bugzilla.suse.com/873351", "https://bugzilla.suse.com/911442", "https://bugzilla.suse.com/876282", "https://bugzilla.suse.com/911556", "https://bugzilla.suse.com/906117"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqld-devel-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-10.0.16-15.1.s390x.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient18-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-tools-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-client-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-tools-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-tools-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient-devel-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debugsource-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqld18-10.0.16-15.1.s390x.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqld-devel-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-tools-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debugsource-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-tools-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-client-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-errormessages-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqld18-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-errormessages-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-tools-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-32bit-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqld18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqld18-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqld18-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient-devel-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqld-devel-10.0.16-15.1.s390x.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debugsource-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqld18-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient-devel-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debugsource-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}], "description": "mariadb was updated to version 10.0.16 to fix 40 security issues.\n\n These security issues were fixed:\n - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors related\n to Server : Security : Encryption (bnc#915911).\n - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0381 (bnc#915911).\n - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0382 (bnc#915911).\n - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier allowed remote authenticated users to affect availability\n via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911).\n - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote authenticated users\n to affect availability via vectors related to Server : InnoDB : DML\n (bnc#915911).\n - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote authenticated users to\n affect confidentiality via unknown vectors related to Server : Security\n : Privileges : Foreign Key (bnc#915911).\n - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to SERVER:DML (bnc#915912).\n - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500\n (bnc#915912).\n - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491\n (bnc#915912).\n - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and eariler and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912).\n - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect confidentiality, integrity, and availability via vectors related\n to SERVER:DML (bnc#915912).\n - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n (bnc#915912).\n - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6496 (bnc#915912).\n - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6494 (bnc#915912).\n - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:INNODB DML FOREIGN\n KEYS (bnc#915912).\n - CVE-2010-5298: Race condition in the ssl3_read_bytes function in\n s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is\n enabled, allowed remote attackers to inject data across sessions or\n cause a denial of service (use-after-free and parsing error) via an SSL\n connection in a multithreaded environment (bnc#873351).\n - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allowed remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (bnc#880891).\n - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not\n properly manage a buffer pointer during certain recursive calls, which\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors that trigger an alert\n condition (bnc#876282).\n - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\n allowed remote attackers to cause a denial of service (recursion and\n client crash) via a DTLS hello message in an invalid DTLS handshake\n (bnc#915913).\n - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h did not properly restrict processing of ChangeCipherSpec\n messages, which allowed man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a\n crafted TLS handshake, aka the &quot;CCS Injection&quot; vulnerability\n (bnc#915913).\n - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h,\n when an anonymous ECDH cipher suite is used, allowed remote attackers to\n cause a denial of service (NULL pointer dereference and client crash) by\n triggering a NULL certificate value (bnc#915913).\n - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:MEMCACHED (bnc#915913).\n - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect integrity and\n availability via vectors related to SERVER:SP (bnc#915913).\n - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).\n - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and\n MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions,\n generates different error messages with different time delays depending\n on whether a user name exists, which allowed remote attackers to\n enumerate valid usernames (bnc#915913).\n - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:MyISAM (bnc#896400).\n - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:CHARACTER SETS\n (bnc#915913).\n - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:REPLICATION ROW FORMAT\n BINARY LOG DML (bnc#915913).\n - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:DML (bnc#915913).\n - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n availability via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:MEMORY STORAGE\n ENGINE (bnc#915913).\n - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:DDL (bnc#915913).\n - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to CLIENT:MYSQLDUMP (bnc#915913).\n - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913).\n - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to DDL (bnc#915913).\n - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote\n authenticated users to affect confidentiality, integrity, and\n availability via vectors related to SRINFOSC (bnc#915914).\n - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed\n remote authenticated users to affect integrity and availability via\n vectors related to SRCHAR (bnc#915914).\n - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to ENARC (bnc#915914).\n - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to SROPTZR (bnc#915914).\n\n These non-security issues were fixed:\n - Get query produced incorrect results in MariaDB 10.0.11 vs MySQL 5.5 -\n SLES12 (bnc#906194).\n - After update to version 10.0.14 mariadb did not start - Job for\n mysql.service failed (bnc#911442).\n - Fix crash when disk full situation is reached on alter table\n (bnc#904627).\n - Allow md5 in FIPS mode (bnc#911556).\n - Fixed a situation when bit and hex string literals unintentionally\n changed column names (bnc#919229).\n\n Release notes: <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10016-release-notes/\">https://kb.askmonty.org/en/mariadb-10016-release-notes/</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-21T19:05:04", "title": "Security update for mariadb (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-0224", "CVE-2014-6484", "CVE-2015-0391", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-3470", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2010-5298", "CVE-2015-0382", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-6478", "CVE-2015-0374", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6568", "CVE-2014-4207", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381"], "modified": "2015-04-21T19:05:04", "id": "SUSE-SU-2015:0743-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:12", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}], "description": "[5.5.40-2]\nfilter perl(GD) from Requires (perl-gd is not available for RHEL5)\n Resolves: #1160514\n[5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160514", "edition": 3, "reporter": "Oracle", "published": "2014-11-17T00:00:00", "title": "mysql55-mysql security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-17T00:00:00", "id": "ELSA-2014-1859", "href": "http://linux.oracle.com/errata/ELSA-2014-1859.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:23", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-server-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-test-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "src", "packageFilename": "mariadb-5.5.40-1.el7_0.src.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-devel", "operator": "lt"}], "description": "[1:5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160548\n[1:5.5.37-1]\n- Rebase to 5.5.37\n https://kb.askmonty.org/en/mariadb-5537-changelog/\n Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431\n CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419\n Resolves: #1101062", "edition": 3, "reporter": "Oracle", "published": "2014-11-17T00:00:00", "title": "mariadb security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-2440", "CVE-2014-4260", "CVE-2014-2432", "CVE-2014-2419", "CVE-2014-4258", "CVE-2014-2436", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-2431", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-2430", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2438", "CVE-2014-0384", "CVE-2014-4287"], "modified": "2014-11-17T00:00:00", "id": "ELSA-2014-1861", "href": "http://linux.oracle.com/errata/ELSA-2014-1861.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:45", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1861) Important: mariadb security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:33", "id": "RHSA-2014:1861", "href": "https://access.redhat.com/errata/RHSA-2014:1861", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-2.el6ost", "arch": "src", "packageName": "mariadb-galera", "packageFilename": "mariadb-galera-5.5.40-2.el6ost.src.rpm", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "reporter": "RedHat", "published": "2014-12-02T21:39:58", "type": "redhat", "title": "(RHSA-2014:1937) Important: mariadb-galera security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:47:55", "id": "RHSA-2014:1937", "href": "https://access.redhat.com/errata/RHSA-2014:1937", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:36", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-2.el7ost", "arch": "src", "packageName": "mariadb-galera", "packageFilename": "mariadb-galera-5.5.40-2.el7ost.src.rpm", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "reporter": "RedHat", "published": "2014-12-02T21:44:45", "type": "redhat", "title": "(RHSA-2014:1940) Important: mariadb-galera security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:26:43", "id": "RHSA-2014:1940", "href": "https://access.redhat.com/errata/RHSA-2014:1940", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:04", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageName": "mysql55-mysql-debuginfo", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm", "operator": "lt"}], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1859) Important: mysql55-mysql security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:14:29", "id": "RHSA-2014:1859", "href": "https://access.redhat.com/errata/RHSA-2014:1859", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-debuginfo", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1860) Important: mysql55-mysql security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:21", "id": "RHSA-2014:1860", "href": "https://access.redhat.com/errata/RHSA-2014:1860", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:32", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-debuginfo", "packageFilename": "mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1862) Important: mariadb55-mariadb security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:22", "id": "RHSA-2014:1862", "href": "https://access.redhat.com/errata/RHSA-2014:1862", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:41", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1861.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-5.5.40-1.el7_0.src.rpm", "packageName": "mariadb", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-server-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-test-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-bench", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1861\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1861.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-11-17T17:32:07", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "mariadb security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-17T17:32:07", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html", "id": "CESA-2014:1861", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:28", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1859.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-bench", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-bench", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1859\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1859.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-11-17T17:35:05", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "mysql55 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-17T17:35:05", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "id": "CESA-2014:1859", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "references": ["https://vulners.com/securityvulns/securityvulns:doc:30931"], "description": "Over 100 vulnerabilities in different applications are fixed in quarterly update.", "edition": 1, "reporter": "ORACLE", "published": "2014-07-21T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:56", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Hyperion Essbase", "version": "11.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN Install", "version": "9.2", "operator": "eq"}, {"name": "iPlanet Web Proxy Server", "version": "4.0", "operator": "eq"}, {"name": "Hyperion Common Admin", "version": "11.1", "operator": "eq"}, {"name": "Oracle WebCenter Portal", "version": "11.1", "operator": "eq"}, {"name": "Oracle Traffic Director", "version": "11.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "13.4", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "8.0", "operator": "eq"}, {"name": "Oracle Communications Messaging Server", "version": "7.0", "operator": "eq"}, {"name": "MySQL", "version": "5.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.2", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "12.0", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "8.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PT", "version": "8.53", "operator": "eq"}, {"name": "VirtualBox", "version": "3.2", "operator": "eq"}, {"name": "JDeveloper", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "13.4", "operator": "eq"}, {"name": "PeopleSoft Enterprise SCM Purchasing", "version": "9.2", "operator": "eq"}, {"name": "Solaris", "version": "8", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "14.0", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "2.0", "operator": "eq"}, {"name": "Oracle Virtual Desktop Infrastructure", "version": "3.5", "operator": "eq"}, {"name": "Glassfish Communications Server", "version": "2.0", "operator": "eq"}, {"name": "Hyperion Analytic Provider Services", "version": "11.1", "operator": "eq"}, {"name": "Agile Product Collaboration", "version": "9.3", "operator": "eq"}, {"name": "WebLogic Server", "version": "10.0", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "12.0", "operator": "eq"}, {"name": "WebLogic Server", "version": "12.1", "operator": "eq"}, {"name": "Hyperion Enterprise Performance Management Architect", "version": "11.1", "operator": "eq"}, {"name": "GlassFish Server", "version": "2.1", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Solaris", "version": "9", "operator": "eq"}, {"name": "Solaris", "version": "11.1", "operator": "eq"}, {"name": "VirtualBox", "version": "4.3", "operator": "eq"}, {"name": "Sun Ray", "version": "5.4", "operator": "eq"}, {"name": "JDeveloper", "version": "12.1", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "13.4", "operator": "eq"}, {"name": "BI Publisher", "version": "11.1", "operator": "eq"}, {"name": "Transportation Management", "version": "6.3", "operator": "eq"}, {"name": "Siebel Core - EAI", "version": "8.2", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Siebel Core - Server OM Frwks", "version": "8.2", "operator": "eq"}, {"name": "Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "eq"}, {"name": "Java SE", "version": "5.0", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "eq"}, {"name": "Java SE", "version": "6", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "iPlanet Web Server", "version": "6.1", "operator": "eq"}, {"name": "Java SE", "version": "7", "operator": "eq"}, {"name": "Siebel UI Framework", "version": "8.2", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "eq"}], "cvelist": ["CVE-2014-2482", "CVE-2012-3544", "CVE-2014-4224", "CVE-2014-4208", "CVE-2014-4213", "CVE-2014-4262", "CVE-2014-4242", "CVE-2014-2490", "CVE-2014-4226", "CVE-2014-4251", "CVE-2014-4263", "CVE-2014-4238", "CVE-2014-2481", "CVE-2013-3774", "CVE-2014-2480", "CVE-2014-4250", "CVE-2014-4260", "CVE-2014-2479", "CVE-2014-4218", "CVE-2014-4254", "CVE-2014-4258", "CVE-2014-4221", "CVE-2014-4255", "CVE-2014-4253", "CVE-2014-4268", "CVE-2014-4203", "CVE-2014-4265", "CVE-2014-4231", "CVE-2014-4201", "CVE-2014-4233", "CVE-2013-5855", "CVE-2014-4210", "CVE-2014-4229", "CVE-2014-0224", "CVE-2014-4267", "CVE-2014-4266", "CVE-2014-2486", "CVE-2014-4270", "CVE-2014-0098", "CVE-2014-4214", "CVE-2014-2485", "CVE-2014-4222", "CVE-2013-1741", "CVE-2014-4257", "CVE-2014-4244", "CVE-2014-2494", "CVE-2014-2487", "CVE-2014-4205", "CVE-2014-4261", "CVE-2014-0436", "CVE-2014-2493", "CVE-2014-4206", "CVE-2014-2488", "CVE-2014-4215", "CVE-2014-4209", "CVE-2014-4245", "CVE-2014-0114", "CVE-2014-0211", "CVE-2013-4286", "CVE-2014-4234", "CVE-2014-2489", "CVE-2014-4269", "CVE-2014-4216", "CVE-2014-4230", "CVE-2013-3751", "CVE-2014-4264", "CVE-2014-2477", "CVE-2014-4220", "CVE-2014-4237", "CVE-2014-4204", "CVE-2014-4243", "CVE-2014-4217", "CVE-2014-4239", "CVE-2014-4248", "CVE-2014-4211", "CVE-2014-2496", "CVE-2014-2483", "CVE-2014-4235", "CVE-2014-0033", "CVE-2014-4225", "CVE-2014-4241", "CVE-2014-4246", "CVE-2014-4207", "CVE-2014-4232", "CVE-2014-4256", "CVE-2014-4227", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-2492", "CVE-2014-4228", "CVE-2014-4202", "CVE-2014-4212", "CVE-2014-2484", "CVE-2014-4236", "CVE-2014-4240", "CVE-2014-4219", "CVE-2014-2456", "CVE-2014-4249", "CVE-2013-1620", "CVE-2014-4223", "CVE-2014-4271", "CVE-2014-2491", "CVE-2014-2495"], "modified": "2014-07-21T00:00:00", "id": "SECURITYVULNS:VULN:13868", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13868", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:14:02", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are generally cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 113 new security fixes across the product families listed below.\n\nPlease note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\nPlease note that on April 18, 2014, Oracle released a [Security Alert for CVE-2014-0160 OpenSSL \"Heartbleed\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html>). This Critical Patch Update includes an update to MySQL Enterprise Server 5.6 and this update includes a fix for vulnerability CVE-2014-0160. Customers of other Oracle products are strongly advised to apply the [fixes ](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) that were announced in the Security Alert for CVE-2014-0160.\n", "edition": 3, "reporter": "Oracle", "published": "2014-07-15T00:00:00", "title": "Oracle Critical Patch Update - July 2014", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Java SE, JRockit", "version": "28.3.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.3", "operator": "le"}, {"name": "Hyperion Enterprise Performance Management Architect", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop (SGD)", "version": "5.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.1", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "13.4", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Virtual Desktop Infrastructure (VDI)", "version": "3.5.1", "operator": "le"}, {"name": "Siebel Travel & Transportation", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.3", "operator": "le"}, {"name": "Java SE, JRockit", "version": "8u5", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "12.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.37", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "13.1", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "2.1.1", "operator": "le"}, {"name": "RDBMS Core", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Concurrent Processing", "version": "12.2.2", "operator": "le"}, {"name": "Java SE", "version": "7u60", "operator": "le"}, {"name": "Hyperion Analytic Provider Services", "version": "11.1.2.2", "operator": "le"}, {"name": "Solaris", "version": "8", "operator": "le"}, {"name": "Solaris", "version": "2.3.1.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "8.0", "operator": "le"}, {"name": "Solaris", "version": "2.4.2.0", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM Purchasing", "version": "9.2", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.2", "operator": "le"}, {"name": "RDBMS Core", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.3", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "le"}, {"name": "RDBMS Core", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.1.34", "operator": "le"}, {"name": "Solaris", "version": "11.1", "operator": "le"}, {"name": "Solaris", "version": "2.3.1.1", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.3", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "13.3", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.12", "operator": "le"}, {"name": "Hyperion Common Admin", "version": "11.1.2.3", "operator": "le"}, {"name": "Java SE, JRockit", "version": "6u75", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "le"}, {"name": "Oracle Agile Product Collaboration", "version": "9.3.3", "operator": "le"}, {"name": "Siebel Core - Server OM Frwks", "version": "8.1.1", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.2.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.2.26", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.2", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.2.4.0", "operator": "le"}, {"name": "Java SE", "version": "8u5", "operator": "le"}, {"name": "Hyperion Common Admin", "version": "11.1.2.2", "operator": "le"}, {"name": "PeopleSoft Enterprise ELS Enterprise Learning Management", "version": "9.2", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.1.3", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Siebel Travel & Transportation", "version": "8.1.1", "operator": "le"}, {"name": "Oracle iStore", "version": "11.5.10.2", "operator": "le"}, {"name": "Java SE", "version": "6u75", "operator": "le"}, {"name": "Hyperion BI+", "version": "11.1.2.3", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "11.5.10.2", "operator": "le"}, {"name": "XML Parser", "version": "12.1.0.1", "operator": "le"}, {"name": "Hyperion Enterprise Performance Management Architect", "version": "11.1.2.3", "operator": "le"}, {"name": "RDBMS Core", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Concurrent Processing", "version": "12.2.3", "operator": "le"}, {"name": "Solaris", "version": "2.4.0.0", "operator": "le"}, {"name": "Solaris", "version": "2.4.1.0", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.2", "operator": "le"}, {"name": "BI Publisher", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Secure Global Desktop (SGD)", "version": "4.63", "operator": "le"}, {"name": "Hyperion BI+", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Concurrent Processing", "version": "12.1.3", "operator": "le"}, {"name": "Solaris", "version": "9", "operator": "le"}, {"name": "Oracle Traffic Director", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "2.0", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.4", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.2", "operator": "le"}, {"name": "Siebel Core - Server OM Frwks", "version": "8.2.2", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.1.2.0.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.1.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Network Layer", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "14.0", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0.26", "operator": "le"}, {"name": "Oracle iPlanet Web Proxy Server", "version": "4.0.24", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop (SGD)", "version": "4.71", "operator": "le"}, {"name": "PeopleSoft Enterprise ELS Enterprise Learning Management", "version": "9.1", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.1.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.14", "operator": "le"}, {"name": "Oracle iPlanet Web Server", "version": "6.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2.0", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "12.0.9IN", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.0.6", "operator": "le"}, {"name": "Hyperion Analytic Provider Services", "version": "11.1.2.3", "operator": "le"}, {"name": "Solaris", "version": "2.3.1.2", "operator": "le"}, {"name": "Java SE", "version": "5.0u65", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.3", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "11.1.1.7.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.52", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "7.0.5.30.0", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.1", "operator": "le"}, {"name": "Java SE, JRockit", "version": "27.8.2", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "GlassFish Communications Server", "version": "2.0", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.0", "operator": "le"}, {"name": "Siebel Core - EAI", "version": "8.2.2", "operator": "le"}, {"name": "Sun Ray Software", "version": "5.4.3", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle iStore", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.2", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "8.0", "operator": "le"}, {"name": "Oracle iPlanet Web Server", "version": "7.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.17", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "11.1.1.8", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "12.0", "operator": "le"}, {"name": "PeopleSoft Enterprise FIN Install", "version": "9.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.2.24", "operator": "le"}, {"name": "Siebel Core - EAI", "version": "8.1.1", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.15", "operator": "le"}, {"name": "Java SE, JRockit", "version": "7u60", "operator": "le"}, {"name": "Hyperion Essbase", "version": "11.1.2.3", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "11.5.10.2", "operator": "le"}, {"name": "Java SE, JRockit", "version": "5.0u65", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "13.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.35", "operator": "le"}, {"name": "Oracle Fusion Middleware", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "12.0.9IN", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "11.1.1.7", "operator": "le"}, {"name": "Hyperion Essbase", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.4", "operator": "le"}, {"name": "PeopleSoft Enterprise FIN Install", "version": "9.1", "operator": "le"}, {"name": "Oracle Secure Global Desktop (SGD)", "version": "5.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM Purchasing", "version": "9.1", "operator": "le"}], "cvelist": ["CVE-2014-2482", "CVE-2012-3544", "CVE-2014-4224", "CVE-2014-4208", "CVE-2014-4213", "CVE-2014-4262", "CVE-2014-4242", "CVE-2014-2490", "CVE-2014-4226", "CVE-2014-4251", "CVE-2014-4263", "CVE-2014-4238", "CVE-2014-2481", "CVE-2013-3774", "CVE-2014-2480", "CVE-2014-4250", "CVE-2014-4260", "CVE-2014-2479", "CVE-2014-4218", "CVE-2014-4254", "CVE-2014-4258", "CVE-2014-4221", "CVE-2013-6449", "CVE-2014-4255", "CVE-2014-4253", "CVE-2014-4268", "CVE-2013-2172", "CVE-2014-4203", "CVE-2014-4265", "CVE-2014-4231", "CVE-2014-4201", "CVE-2014-4233", "CVE-2013-5855", "CVE-2014-4210", "CVE-2014-4229", "CVE-2013-5605", "CVE-2014-0224", "CVE-2014-4267", "CVE-2014-4266", "CVE-2014-2486", "CVE-2014-4270", "CVE-2014-0098", "CVE-2014-4214", "CVE-2014-2485", "CVE-2014-4222", "CVE-2013-1741", "CVE-2014-4257", "CVE-2014-4244", "CVE-2014-2494", "CVE-2014-2487", "CVE-2014-4205", "CVE-2014-4261", "CVE-2014-0436", "CVE-2013-1740", "CVE-2014-2493", "CVE-2014-4206", "CVE-2014-0099", "CVE-2013-6438", "CVE-2014-3470", "CVE-2014-2488", "CVE-2013-1739", "CVE-2014-4215", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-4209", "CVE-2013-6450", "CVE-2014-4245", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-0211", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2461", "CVE-2014-1490", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4286", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-4234", "CVE-2014-2489", "CVE-2014-0195", "CVE-2014-4269", "CVE-2014-0198", "CVE-2014-4216", "CVE-2014-4230", "CVE-2013-3751", "CVE-2014-4264", "CVE-2014-2477", "CVE-2014-4220", "CVE-2014-4237", "CVE-2014-4204", "CVE-2014-0096", "CVE-2014-4243", "CVE-2014-4217", "CVE-2014-4239", "CVE-2014-4248", "CVE-2014-0075", "CVE-2014-4211", "CVE-2014-2496", "CVE-2014-2483", "CVE-2014-4235", "CVE-2014-0033", "CVE-2014-4225", "CVE-2014-4241", "CVE-2014-4246", "CVE-2014-4207", "CVE-2014-4232", "CVE-2014-4256", "CVE-2014-1491", "CVE-2014-4227", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-2492", "CVE-2014-4228", "CVE-2014-4202", "CVE-2014-4212", "CVE-2014-2484", "CVE-2014-4236", "CVE-2014-4240", "CVE-2014-4219", "CVE-2014-2456", "CVE-2014-4249", "CVE-2013-1620", "CVE-2014-4223", "CVE-2014-4271", "CVE-2014-0221", "CVE-2014-2491", "CVE-2014-2495"], "modified": "2014-07-24T00:00:00", "id": "ORACLE:CPUJUL2014-1972956", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}