ID CVE-2015-4910 Type cve Reporter NVD Modified 2016-12-23T21:59:28
Description
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
{"f5": [{"lastseen": "2017-06-08T00:16:03", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 556684 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Medium| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for Enterprise Manager, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>). \n \nAdditionally, for Enterprise Manager, you should avoid enabling the Remote Access feature to provide remote access to the statistical database. If you have the Remote Access feature enabled, you should disable it by performing the following procedure: \n \n**Disabling the Remote Access feature** \n \n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options** > **Statistics** > **Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:32:00", "published": "2015-12-15T04:57:00", "href": "https://support.f5.com/csp/article/K08039035", "id": "F5:K08039035", "type": "f5", "title": "MySQL vulnerability CVE-2015-4910", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:08", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for Enterprise Manager, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system. \n \nAdditionally, for Enterprise Manager, you should avoid enabling the Remote Access feature to provide remote access to the statistical database. If you have the Remote Access feature enabled, you should disable it by performing the following procedure: \n \n**Disabling the Remote Access feature** \n \n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options** > **Statistics** > **Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-12-14T00:00:00", "published": "2015-12-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/08/sol08039035.html", "id": "SOL08039035", "title": "SOL08039035 - MySQL vulnerability CVE-2015-4910", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-10-22T16:36:29", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310812177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812177", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-05 Oct15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln05_oct15_lin.nasl 2015-10-28 13:07:06 +0530 Oct$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-05 Oct15 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812177\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2015-4910\", \"CVE-2015-4890\", \"CVE-2015-4862\", \"CVE-2015-4800\",\n \"CVE-2015-4791\");\n script_bugtraq_id(77234, 77231, 77216, 77213, 77147);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 15:09:17 +0530 (Wed, 22 Nov 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-05 Oct15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.6.26 and earlier\n on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(mysqlVer =~ \"^(5\\.6)\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.26\"))\n {\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:38:43", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-10-28T00:00:00", "id": "OPENVAS:1361412562310805768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805768", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-05 Oct15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln05_oct15_win.nasl 2015-10-28 13:07:06 +0530 Oct$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-05 Oct15 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805768\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-4910\", \"CVE-2015-4890\", \"CVE-2015-4862\", \"CVE-2015-4800\",\n \"CVE-2015-4791\");\n script_bugtraq_id(77234, 77231, 77216, 77213, 77147);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-28 13:07:06 +0530 (Wed, 28 Oct 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-05 Oct15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.6.26 and earlier\n on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^(5\\.6)\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.26\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n' +\n 'Fixed version: ' + \"Apply the patch\" + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:01:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-27T00:00:00", "id": "OPENVAS:1361412562310842503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842503", "title": "Ubuntu Update for mysql-5.6 USN-2781-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.6 USN-2781-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842503\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-27 07:08:00 +0100 (Tue, 27 Oct 2015)\");\n script_cve_id(\"CVE-2015-4730\", \"CVE-2015-4766\", \"CVE-2015-4792\", \"CVE-2015-4800\",\n \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\",\n \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\",\n \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4910\", \"CVE-2015-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.6 USN-2781-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\nMySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\nUbuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n script_tag(name:\"affected\", value:\"mysql-5.6 on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2781-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2781-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.6\", ver:\"5.6.27-0ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.6\", ver:\"5.6.27-0ubuntu1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:02:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-12-11T00:00:00", "id": "OPENVAS:1361412562310851141", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851141", "title": "SuSE Update for Security openSUSE-SU-2015:2243-1 (Security)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_2243_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Security openSUSE-SU-2015:2243-1 (Security)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851141\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-11 05:50:43 +0100 (Fri, 11 Dec 2015)\");\n script_cve_id(\"CVE-2015-0286\", \"CVE-2015-0288\", \"CVE-2015-1789\", \"CVE-2015-1793\",\n \"CVE-2015-3152\", \"CVE-2015-4730\", \"CVE-2015-4766\", \"CVE-2015-4792\",\n \"CVE-2015-4800\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\",\n \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\",\n \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\",\n \"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\",\n \"CVE-2015-4890\", \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\",\n \"CVE-2015-4910\", \"CVE-2015-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Security openSUSE-SU-2015:2243-1 (Security)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Security'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MySQL was updated to 5.6.27 to fix security issues and bugs.\n\n The following vulnerabilities were fixed as part of the upstream release\n [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,\n CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802,\n CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\n CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862,\n CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\n CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913\n\n Details on these and other changes can be found at:\n 'http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html'\n\n The following security relevant changes are included additionally:\n\n * CVE-2015-3152: MySQL lacked SSL enforcement. Using\n\n - -ssl-verify-server-cert and --ssl[-*] implies that the ssl connection\n is required. The mysql client will now print an error if ssl is\n required, but the server can not handle a ssl connection [boo#924663],\n [boo#928962]\");\n script_tag(name:\"affected\", value:\"Security on openSUSE 13.2, openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:2243_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE13\\.2|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.27~2.12.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.27~7.13.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-12T12:38:59", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-12T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310120674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120674", "title": "Amazon Linux Local Check: alas-2016-684", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2016-684.nasl 6574 2017-07-06 13:41:26Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120674\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:11:50 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2016-684\");\n script_tag(name:\"solution\", value:\"Run yum update mysql56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-684.html\");\n script_cve_id(\"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2016-0616\", \"CVE-2015-4910\", \"CVE-2015-4913\", \"CVE-2016-0610\", \"CVE-2016-0594\", \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\", \"CVE-2015-4792\", \"CVE-2015-4791\", \"CVE-2015-4807\", \"CVE-2015-4870\", \"CVE-2016-0599\", \"CVE-2016-0546\", \"CVE-2015-4858\", \"CVE-2015-4815\", \"CVE-2015-4833\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2016-0608\", \"CVE-2016-0609\", \"CVE-2016-0505\", \"CVE-2016-0504\", \"CVE-2015-4890\", \"CVE-2016-0601\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2016-0605\", \"CVE-2016-0606\", \"CVE-2015-7744\", \"CVE-2015-4766\", \"CVE-2016-0611\", \"CVE-2016-0607\", \"CVE-2015-4819\", \"CVE-2015-4879\", \"CVE-2016-0502\", \"CVE-2015-4895\", \"CVE-2016-0503\", \"CVE-2016-0600\", \"CVE-2015-4802\", \"CVE-2015-4800\", \"CVE-2015-4826\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"mysql56-debuginfo\", rpm:\"mysql56-debuginfo~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-common\", rpm:\"mysql56-common~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-test\", rpm:\"mysql56-test~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-errmsg\", rpm:\"mysql56-errmsg~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-server\", rpm:\"mysql56-server~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-devel\", rpm:\"mysql56-devel~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56\", rpm:\"mysql56~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-libs\", rpm:\"mysql56-libs~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-bench\", rpm:\"mysql56-bench~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-embedded-devel\", rpm:\"mysql56-embedded-devel~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql56-embedded\", rpm:\"mysql56-embedded~5.6.29~1.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:52", "bulletinFamily": "scanner", "description": "Check the version of community-mysql", "modified": "2017-07-10T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310807488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807488", "title": "Fedora Update for community-mysql FEDORA-2016-5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2016-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807488\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:12:02 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2015-4766\", \"CVE-2015-4791\", \"CVE-2015-4792\", \"CVE-2015-4800\",\n \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4819\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\",\n \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\",\n \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\",\n \"CVE-2015-4913\", \"CVE-2015-7744\", \"CVE-2016-0502\", \"CVE-2016-0503\",\n \"CVE-2016-0504\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0594\",\n \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\",\n \"CVE-2016-0599\", \"CVE-2016-0600\", \"CVE-2016-0601\", \"CVE-2016-0605\",\n \"CVE-2016-0606\", \"CVE-2016-0607\", \"CVE-2016-0608\", \"CVE-2016-0609\",\n \"CVE-2016-0610\", \"CVE-2016-0611\", \"CVE-2016-0616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2016-5\");\n script_tag(name: \"summary\", value: \"Check the version of community-mysql\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"MySQL is a multi-user, multi-threaded SQL\n database server. MySQL is a client/server implementation consisting of a server\n daemon (mysqld) and many different client programs and libraries. The base\n package contains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name: \"affected\", value: \"community-mysql on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-5\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178585.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.6.29~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:36", "bulletinFamily": "scanner", "description": "Check the version of community-mysql", "modified": "2017-07-10T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310807487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807487", "title": "Fedora Update for community-mysql FEDORA-2016-65", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2016-65\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807487\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:13:03 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2015-4766\", \"CVE-2015-4791\", \"CVE-2015-4792\", \"CVE-2015-4800\",\n \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4819\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\",\n \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\",\n \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\",\n \"CVE-2015-4913\", \"CVE-2015-7744\", \"CVE-2016-0502\", \"CVE-2016-0503\",\n \"CVE-2016-0504\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0594\",\n \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\",\n \"CVE-2016-0599\", \"CVE-2016-0600\", \"CVE-2016-0601\", \"CVE-2016-0605\",\n \"CVE-2016-0606\", \"CVE-2016-0607\", \"CVE-2016-0608\", \"CVE-2016-0609\",\n \"CVE-2016-0610\", \"CVE-2016-0611\", \"CVE-2016-0616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2016-65\");\n script_tag(name: \"summary\", value: \"Check the version of community-mysql\");\n \n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"MySQL is a multi-user, multi-threaded SQL\n database server. MySQL is a client/server implementation consisting of a\n server daemon (mysqld) and many different client programs and libraries.\n The base package contains the standard MySQL client programs and generic MySQL\n files.\");\n\n script_tag(name: \"affected\", value: \"community-mysql on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-65\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178643.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.6.29~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:22:38", "bulletinFamily": "scanner", "description": "The version of Oracle MySQL installed on the remote host is 5.6.x\nprior to 5.6.27. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Types subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4826)\n\n - An unspecified flaw exists in the Security:Privileges\n subcomponent. An authenticated, remote attacker can\n exploit this to impact integrity. (CVE-2015-4830)\n\n - An unspecified flaw exists in the Security:Encryption\n subcomponent. An unauthenticated, remote attacker can\n exploit this to gain access to sensitive information.\n (CVE-2015-7744)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3471)\n\nAdditionally, unspecified denial of service vulnerabilities exist in\nthe following MySQL subcomponents :\n\n - DDL (CVE-2015-4815)\n\n - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4913)\n\n - General (CVE-2016-0605)\n\n - InnoDB (CVE-2015-4861)\n\n - Memcached (CVE-2015-4910)\n\n - Optimizer (CVE-2015-4800)\n\n - Parser (CVE-2015-4870)\n\n - Partition (CVE-2015-4792, CVE-2015-4802)\n\n - Replication (CVE-2015-4890)\n\n - Security:Privileges (CVE-2015-4791)\n\n - SP (CVE-2015-4836)", "modified": "2018-11-15T00:00:00", "published": "2015-10-29T00:00:00", "id": "MYSQL_5_6_27_RPM.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86661", "title": "Oracle MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities (October 2015 CPU) (January 2016 CPU) (July 2016 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86661);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2015-4791\",\n \"CVE-2015-4792\",\n \"CVE-2015-4800\",\n \"CVE-2015-4802\",\n \"CVE-2015-4815\",\n \"CVE-2015-4826\",\n \"CVE-2015-4830\",\n \"CVE-2015-4836\",\n \"CVE-2015-4858\",\n \"CVE-2015-4861\",\n \"CVE-2015-4862\",\n \"CVE-2015-4870\",\n \"CVE-2015-4890\",\n \"CVE-2015-4910\",\n \"CVE-2015-4913\",\n \"CVE-2015-7744\",\n \"CVE-2016-0605\",\n \"CVE-2016-3471\"\n );\n script_bugtraq_id(\n 77137,\n 77145,\n 77147,\n 77153,\n 77165,\n 77171,\n 77190,\n 77208,\n 77213,\n 77216,\n 77222,\n 77228,\n 77231,\n 77234,\n 77237,\n 91618\n );\n\n script_name(english:\"Oracle MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities (October 2015 CPU) (January 2016 CPU) (July 2016 CPU)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL installed on the remote host is 5.6.x\nprior to 5.6.27. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Types subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4826)\n\n - An unspecified flaw exists in the Security:Privileges\n subcomponent. An authenticated, remote attacker can\n exploit this to impact integrity. (CVE-2015-4830)\n\n - An unspecified flaw exists in the Security:Encryption\n subcomponent. An unauthenticated, remote attacker can\n exploit this to gain access to sensitive information.\n (CVE-2015-7744)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3471)\n\nAdditionally, unspecified denial of service vulnerabilities exist in\nthe following MySQL subcomponents :\n\n - DDL (CVE-2015-4815)\n\n - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4913)\n\n - General (CVE-2016-0605)\n\n - InnoDB (CVE-2015-4861)\n\n - Memcached (CVE-2015-4910)\n\n - Optimizer (CVE-2015-4800)\n\n - Parser (CVE-2015-4870)\n\n - Partition (CVE-2015-4792, CVE-2015-4802)\n\n - Replication (CVE-2015-4890)\n\n - Security:Privileges (CVE-2015-4791)\n\n - SP (CVE-2015-4836)\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368795.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1de82df5\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368796.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?10ceb1c6\");\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42cde00c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2048227.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2096144.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2157431.1\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75a4a4fb\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d13bbe45\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.27 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.27\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:22:36", "bulletinFamily": "scanner", "description": "Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2015-10-27T00:00:00", "id": "UBUNTU_USN-2781-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86617", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2781-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2781-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86617);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2015-4730\", \"CVE-2015-4766\", \"CVE-2015-4792\", \"CVE-2015-4800\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\", \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4910\", \"CVE-2015-4913\");\n script_xref(name:\"USN\", value:\"2781-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2781-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2781-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected mysql-server-5.5 and / or mysql-server-5.6\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.46-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.46-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"mysql-server-5.6\", pkgver:\"5.6.27-0ubuntu0.15.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"mysql-server-5.6\", pkgver:\"5.6.27-0ubuntu1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5 / mysql-server-5.6\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:22:35", "bulletinFamily": "scanner", "description": "The version of MySQL running on the remote host is 5.6.x prior to\n5.6.27. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - A certificate validation bypass vulnerability exists in\n the Security:Encryption subcomponent due to a flaw in\n the X509_verify_cert() function in x509_vfy.c that is\n triggered when locating alternate certificate chains\n when the first attempt to build such a chain fails. A\n remote attacker can exploit this, by using a valid leaf\n certificate as a certificate authority (CA), to issue\n invalid certificates that will bypass authentication.\n (CVE-2015-1793)\n\n - An unspecified flaw exists in the Client Programs\n subcomponent. A local attacker can exploit this to gain\n elevated privileges. (CVE-2015-4819)\n\n - An unspecified flaw exists in the Types subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4826)\n\n - An unspecified flaws exist in the Security:Privileges\n subcomponent. An authenticated, remote attacker can\n exploit these to impact integrity. (CVE-2015-4830,\n CVE-2015-4864)\n\n - An unspecified flaw exists in the DLM subcomponent.\n An authenticated, remote attacker can exploit this to\n impact integrity. (CVE-2015-4879)\n\n - An unspecified flaw exists in the Server Security\n Encryption subcomponent that allows an authenticated,\n remote attacker to disclose sensitive information.\n (CVE-2015-7744)\n\nAdditionally, unspecified denial of service vulnerabilities can also\nexist in the following MySQL subcomponents :\n\n - DDL (CVE-2015-4815)\n\n - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4905,\n CVE-2015-4913)\n\n - InnoDB (CVE-2015-4861, CVE-2015-4866, CVE-2015-4895)\n\n - libmysqld (CVE-2015-4904)\n\n - Memcached (CVE-2015-4910)\n\n - Optimizer (CVE-2015-4800)\n\n - Parser (CVE-2015-4870)\n\n - Partition (CVE-2015-4792, CVE-2015-4802, CVE-2015-4833)\n\n - Query (CVE-2015-4807)\n\n - Replication (CVE-2015-4890)\n\n - Security : Firewall (CVE-2015-4766)\n\n - Server : General (CVE-2016-0605)\n\n - Security : Privileges (CVE-2015-4791)\n\n - SP (CVE-2015-4836)\n\n - Types (CVE-2015-4730)", "modified": "2018-11-15T00:00:00", "published": "2015-10-22T00:00:00", "id": "MYSQL_5_6_27.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86547", "title": "MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86547);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2015-1793\",\n \"CVE-2015-4730\",\n \"CVE-2015-4766\",\n \"CVE-2015-4791\",\n \"CVE-2015-4792\",\n \"CVE-2015-4800\",\n \"CVE-2015-4802\",\n \"CVE-2015-4807\",\n \"CVE-2015-4815\",\n \"CVE-2015-4819\",\n \"CVE-2015-4826\",\n \"CVE-2015-4830\",\n \"CVE-2015-4833\",\n \"CVE-2015-4836\",\n \"CVE-2015-4858\",\n \"CVE-2015-4861\",\n \"CVE-2015-4862\",\n \"CVE-2015-4864\",\n \"CVE-2015-4866\",\n \"CVE-2015-4870\",\n \"CVE-2015-4879\",\n \"CVE-2015-4890\",\n \"CVE-2015-4895\",\n \"CVE-2015-4904\",\n \"CVE-2015-4905\",\n \"CVE-2015-4910\",\n \"CVE-2015-4913\",\n \"CVE-2015-7744\",\n \"CVE-2016-0605\"\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.27. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - A certificate validation bypass vulnerability exists in\n the Security:Encryption subcomponent due to a flaw in\n the X509_verify_cert() function in x509_vfy.c that is\n triggered when locating alternate certificate chains\n when the first attempt to build such a chain fails. A\n remote attacker can exploit this, by using a valid leaf\n certificate as a certificate authority (CA), to issue\n invalid certificates that will bypass authentication.\n (CVE-2015-1793)\n\n - An unspecified flaw exists in the Client Programs\n subcomponent. A local attacker can exploit this to gain\n elevated privileges. (CVE-2015-4819)\n\n - An unspecified flaw exists in the Types subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4826)\n\n - An unspecified flaws exist in the Security:Privileges\n subcomponent. An authenticated, remote attacker can\n exploit these to impact integrity. (CVE-2015-4830,\n CVE-2015-4864)\n\n - An unspecified flaw exists in the DLM subcomponent.\n An authenticated, remote attacker can exploit this to\n impact integrity. (CVE-2015-4879)\n\n - An unspecified flaw exists in the Server Security\n Encryption subcomponent that allows an authenticated,\n remote attacker to disclose sensitive information.\n (CVE-2015-7744)\n\nAdditionally, unspecified denial of service vulnerabilities can also\nexist in the following MySQL subcomponents :\n\n - DDL (CVE-2015-4815)\n\n - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4905,\n CVE-2015-4913)\n\n - InnoDB (CVE-2015-4861, CVE-2015-4866, CVE-2015-4895)\n\n - libmysqld (CVE-2015-4904)\n\n - Memcached (CVE-2015-4910)\n\n - Optimizer (CVE-2015-4800)\n\n - Parser (CVE-2015-4870)\n\n - Partition (CVE-2015-4792, CVE-2015-4802, CVE-2015-4833)\n\n - Query (CVE-2015-4807)\n\n - Replication (CVE-2015-4890)\n\n - Security : Firewall (CVE-2015-4766)\n\n - Server : General (CVE-2016-0605)\n\n - Security : Privileges (CVE-2015-4791)\n\n - SP (CVE-2015-4836)\n\n - Types (CVE-2015-4730)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75a4a4fb\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6405bf15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.27 or later as referenced in the October\n2015 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.27', min:'5.6', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:22:57", "bulletinFamily": "scanner", "description": "MySQL was updated to 5.6.27 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed as part of the upstream\nrelease [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288,\nCVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792,\nCVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816,\nCVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833,\nCVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862,\nCVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879,\nCVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905,\nCVE-2015-4910, CVE-2015-4913\n\nDetails on these and other changes can be found at:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\n\nThe following security relevant changes are included additionally :\n\n - CVE-2015-3152: MySQL lacked SSL enforcement. Using\n --ssl-verify-server-cert and --ssl[-*] implies that the\n ssl connection is required. The mysql client will now\n print an error if ssl is required, but the server can\n not handle a ssl connection [boo#924663], [boo#928962]", "modified": "2018-11-19T00:00:00", "published": "2015-12-17T00:00:00", "id": "OPENSUSE-2015-889.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87442", "title": "openSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-889.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87442);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2015-0286\", \"CVE-2015-0288\", \"CVE-2015-1789\", \"CVE-2015-1793\", \"CVE-2015-3152\", \"CVE-2015-4730\", \"CVE-2015-4766\", \"CVE-2015-4792\", \"CVE-2015-4800\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\", \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\", \"CVE-2015-4913\");\n\n script_name(english:\"openSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)\");\n script_summary(english:\"Check for the openSUSE-2015-889 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MySQL was updated to 5.6.27 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed as part of the upstream\nrelease [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288,\nCVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792,\nCVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816,\nCVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833,\nCVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862,\nCVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879,\nCVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905,\nCVE-2015-4910, CVE-2015-4913\n\nDetails on these and other changes can be found at:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\n\nThe following security relevant changes are included additionally :\n\n - CVE-2015-3152: MySQL lacked SSL enforcement. Using\n --ssl-verify-server-cert and --ssl[-*] implies that the\n ssl connection is required. The mysql client will now\n print an error if ssl is required, but the server can\n not handle a ssl connection [boo#924663], [boo#928962]\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=928962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951391\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysql56client18-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysql56client18-debuginfo-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysql56client_r18-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-bench-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-bench-debuginfo-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-client-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-client-debuginfo-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-debuginfo-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-debugsource-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-errormessages-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-test-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-test-debuginfo-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-tools-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-community-server-tools-debuginfo-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.27-7.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysql56client18-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysql56client18-debuginfo-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysql56client_r18-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-bench-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-bench-debuginfo-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-client-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-client-debuginfo-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-debuginfo-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-debugsource-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-errormessages-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-test-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-test-debuginfo-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-tools-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-community-server-tools-debuginfo-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.27-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysql56client18-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysql56client18-debuginfo-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysql56client_r18-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-bench-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-bench-debuginfo-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-client-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-client-debuginfo-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-debuginfo-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-debugsource-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-errormessages-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-test-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-test-debuginfo-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-tools-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-tools-debuginfo-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.27-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.27-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysql56client18-32bit / libmysql56client18 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:22:58", "bulletinFamily": "scanner", "description": "The mysql package was updated to version 5.5.46 to fixs several\nsecurity and non security issues.\n\n - bnc#951391: update to version 5.5.46\n\n - changes:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 46.html\n\n - fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288,\n CVE-2015-1789, CVE-2015-4730, CVE-2015-4766,\n CVE-2015-4792, CVE-2015-4800, CVE-2015-4802,\n CVE-2015-4815, CVE-2015-4816, CVE-2015-4819,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4833,\n CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,\n CVE-2015-4862, CVE-2015-4864, CVE-2015-4866,\n CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\n CVE-2015-4895, CVE-2015-4904, CVE-2015-4905,\n CVE-2015-4910, CVE-2015-4913\n\n - bnc#952196: Fixed a build error for ppc*, s390* and ia64\n architectures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-29T00:00:00", "published": "2015-12-21T00:00:00", "id": "SUSE_SU-2015-2303-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87525", "title": "SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:2303-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2303-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87525);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-0286\", \"CVE-2015-0288\", \"CVE-2015-1789\", \"CVE-2015-1793\", \"CVE-2015-4730\", \"CVE-2015-4766\", \"CVE-2015-4792\", \"CVE-2015-4800\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\", \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\", \"CVE-2015-4913\");\n script_bugtraq_id(73196, 73225, 73237, 75156, 75652);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:2303-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The mysql package was updated to version 5.5.46 to fixs several\nsecurity and non security issues.\n\n - bnc#951391: update to version 5.5.46\n\n - changes:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 46.html\n\n - fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288,\n CVE-2015-1789, CVE-2015-4730, CVE-2015-4766,\n CVE-2015-4792, CVE-2015-4800, CVE-2015-4802,\n CVE-2015-4815, CVE-2015-4816, CVE-2015-4819,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4833,\n CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,\n CVE-2015-4862, CVE-2015-4864, CVE-2015-4866,\n CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\n CVE-2015-4895, CVE-2015-4904, CVE-2015-4905,\n CVE-2015-4910, CVE-2015-4913\n\n - bnc#952196: Fixed a build error for ppc*, s390* and ia64\n architectures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0286/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0288/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1789/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4792/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4800/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4802/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4819/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4826/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4861/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4864/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4866/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4870/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4904/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4913/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152303-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?108f6d5c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-mysql-12272=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-mysql-12272=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-mysql-12272=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-mysql-12272=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-mysql-12272=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-mysql-12272=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-mysql-12272=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-mysql-12272=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-mysql-12272=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libmysql55client18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libmysql55client_r18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-client-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-tools-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mysql-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mysql-client-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libmysql55client18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libmysql55client_r18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"mysql-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"mysql-client-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client_r18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mysql-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mysql-client-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libmysql55client18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libmysql55client_r18-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"mysql-5.5.46-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"mysql-client-5.5.46-0.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:23:48", "bulletinFamily": "scanner", "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults\nassociated with the Chinese Remainder Theorem (CRT) process when\nallowing ephemeral key exchange without low memory optimizations on a\nserver, which makes it easier for remote attackers to obtain private\nRSA keys by capturing TLS handshakes, also known as a Lenstra attack.\n(CVE-2015-7744)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4864)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4866)\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,\nand 5.6.26 and earlier, allows remote authenticated users to affect\navailability via unknown vectors related to Server : InnoDB.\n(CVE-2015-4861)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML. (CVE-2015-4862)\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0616)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Memcached. (CVE-2015-4910)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML, a different vulnerability than CVE-2015-4858\n. (CVE-2015-4913)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0610)\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0594)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0595)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0596)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0597)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0598)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4802 . (CVE-2015-4792)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4791)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nwhen running on Windows, allows remote authenticated users to affect\navailability via unknown vectors related to Server : Query Cache.\n(CVE-2015-4807)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Parser. (CVE-2015-4870)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Optimizer. (CVE-2016-0599)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nunknown vectors related to Client. (CVE-2016-0546)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML, a different vulnerability than CVE-2015-4913 .\n(CVE-2015-4858)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DDL. (CVE-2015-4815)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition. (CVE-2015-4833)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4830)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : SP. (CVE-2015-4836)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto UDF. (CVE-2016-0608)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to privileges. (CVE-2016-0609)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Options. (CVE-2016-0505)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0503 . (CVE-2016-0504)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Replication. (CVE-2015-4890)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Partition. (CVE-2016-0601)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to libmysqld. (CVE-2015-4904)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML. (CVE-2015-4905)\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows\nremote authenticated users to affect availability via unknown vectors.\n(CVE-2016-0605)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect integrity via unknown vectors\nrelated to encryption. (CVE-2016-0606)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect availability via unknown vectors related\nto Server : Security : Firewall. (CVE-2015-4766)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0611)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to replication. (CVE-2016-0607)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect confidentiality, integrity, and\navailability via unknown vectors related to Client programs.\n(CVE-2015-4819)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect confidentiality,\nintegrity, and availability via vectors related to DML.\n(CVE-2015-4879)\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0502)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4895)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0504 . (CVE-2016-0503)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0600)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4792 . (CVE-2015-4802)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Optimizer. (CVE-2015-4800)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect confidentiality via\nunknown vectors related to Server : Types. (CVE-2015-4826)", "modified": "2018-04-18T00:00:00", "published": "2016-04-07T00:00:00", "id": "ALA_ALAS-2016-684.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90366", "title": "Amazon Linux AMI : mysql56 (ALAS-2016-684)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-684.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90366);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-4766\", \"CVE-2015-4791\", \"CVE-2015-4792\", \"CVE-2015-4800\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\", \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\", \"CVE-2015-4913\", \"CVE-2015-7744\", \"CVE-2016-0502\", \"CVE-2016-0503\", \"CVE-2016-0504\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0594\", \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\", \"CVE-2016-0599\", \"CVE-2016-0600\", \"CVE-2016-0601\", \"CVE-2016-0605\", \"CVE-2016-0606\", \"CVE-2016-0607\", \"CVE-2016-0608\", \"CVE-2016-0609\", \"CVE-2016-0610\", \"CVE-2016-0611\", \"CVE-2016-0616\");\n script_xref(name:\"ALAS\", value:\"2016-684\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2016-684)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults\nassociated with the Chinese Remainder Theorem (CRT) process when\nallowing ephemeral key exchange without low memory optimizations on a\nserver, which makes it easier for remote attackers to obtain private\nRSA keys by capturing TLS handshakes, also known as a Lenstra attack.\n(CVE-2015-7744)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4864)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4866)\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,\nand 5.6.26 and earlier, allows remote authenticated users to affect\navailability via unknown vectors related to Server : InnoDB.\n(CVE-2015-4861)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML. (CVE-2015-4862)\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0616)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Memcached. (CVE-2015-4910)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML, a different vulnerability than CVE-2015-4858\n. (CVE-2015-4913)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0610)\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0594)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0595)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0596)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0597)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0598)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4802 . (CVE-2015-4792)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4791)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nwhen running on Windows, allows remote authenticated users to affect\navailability via unknown vectors related to Server : Query Cache.\n(CVE-2015-4807)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Parser. (CVE-2015-4870)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Optimizer. (CVE-2016-0599)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nunknown vectors related to Client. (CVE-2016-0546)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML, a different vulnerability than CVE-2015-4913 .\n(CVE-2015-4858)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DDL. (CVE-2015-4815)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition. (CVE-2015-4833)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4830)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : SP. (CVE-2015-4836)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto UDF. (CVE-2016-0608)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to privileges. (CVE-2016-0609)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Options. (CVE-2016-0505)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0503 . (CVE-2016-0504)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Replication. (CVE-2015-4890)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Partition. (CVE-2016-0601)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to libmysqld. (CVE-2015-4904)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML. (CVE-2015-4905)\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows\nremote authenticated users to affect availability via unknown vectors.\n(CVE-2016-0605)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect integrity via unknown vectors\nrelated to encryption. (CVE-2016-0606)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect availability via unknown vectors related\nto Server : Security : Firewall. (CVE-2015-4766)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0611)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to replication. (CVE-2016-0607)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect confidentiality, integrity, and\navailability via unknown vectors related to Client programs.\n(CVE-2015-4819)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect confidentiality,\nintegrity, and availability via vectors related to DML.\n(CVE-2015-4879)\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0502)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4895)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0504 . (CVE-2016-0503)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0600)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4792 . (CVE-2015-4802)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Optimizer. (CVE-2015-4800)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect confidentiality via\nunknown vectors related to Server : Types. (CVE-2015-4826)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-684.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.29-1.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:52", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html> <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html> <http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html> <http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html> <http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html>", "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "USN-2781-1", "href": "https://usn.ubuntu.com/2781-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:22:46", "bulletinFamily": "unix", "description": "MySQL was updated to 5.6.27 to fix security issues and bugs.\n\n The following vulnerabilities were fixed as part of the upstream release\n [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,\n CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802,\n CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\n CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862,\n CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\n CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913\n\n Details on these and other changes can be found at:\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html</a>\n\n The following security relevant changes are included additionally:\n\n * CVE-2015-3152: MySQL lacked SSL enforcement. Using\n --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection\n is required. The mysql client will now print an error if ssl is\n required, but the server can not handle a ssl connection [boo#924663],\n [boo#928962]\n\n", "modified": "2015-12-10T12:12:21", "published": "2015-12-10T12:12:21", "id": "OPENSUSE-SU-2015:2243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00009.html", "type": "suse", "title": "Security update to MySQL 5.6.27 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:12", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a newer upstream version: rh-mysql56-mysql (5.6.30).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4870, CVE-2015-4890, CVE-2015-4910, CVE-2015-4913, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0666, CVE-2016-0668, CVE-2016-2047)", "modified": "2018-06-13T01:28:21", "published": "2016-05-02T16:15:44", "id": "RHSA-2016:0705", "href": "https://access.redhat.com/errata/RHSA-2016:0705", "type": "redhat", "title": "(RHSA-2016:0705) Critical: rh-mysql56-mysql security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:23", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nwolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack. ([CVE-2015-7744 __](<https://access.redhat.com/security/cve/CVE-2015-7744>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4864 __](<https://access.redhat.com/security/cve/CVE-2015-4864>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4866 __](<https://access.redhat.com/security/cve/CVE-2015-4866>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4861 __](<https://access.redhat.com/security/cve/CVE-2015-4861>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2015-4862 __](<https://access.redhat.com/security/cve/CVE-2015-4862>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0616 __](<https://access.redhat.com/security/cve/CVE-2016-0616>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. ([CVE-2015-4910 __](<https://access.redhat.com/security/cve/CVE-2015-4910>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than [CVE-2015-4858 __](<https://access.redhat.com/security/cve/CVE-2015-4858>). ([CVE-2015-4913 __](<https://access.redhat.com/security/cve/CVE-2015-4913>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0610 __](<https://access.redhat.com/security/cve/CVE-2016-0610>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0594 __](<https://access.redhat.com/security/cve/CVE-2016-0594>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0595 __](<https://access.redhat.com/security/cve/CVE-2016-0595>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0596 __](<https://access.redhat.com/security/cve/CVE-2016-0596>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0597 __](<https://access.redhat.com/security/cve/CVE-2016-0597>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0598 __](<https://access.redhat.com/security/cve/CVE-2016-0598>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than [CVE-2015-4802 __](<https://access.redhat.com/security/cve/CVE-2015-4802>). ([CVE-2015-4792 __](<https://access.redhat.com/security/cve/CVE-2015-4792>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4791 __](<https://access.redhat.com/security/cve/CVE-2015-4791>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. ([CVE-2015-4807 __](<https://access.redhat.com/security/cve/CVE-2015-4807>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. ([CVE-2015-4870 __](<https://access.redhat.com/security/cve/CVE-2015-4870>))\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0599 __](<https://access.redhat.com/security/cve/CVE-2016-0599>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. ([CVE-2016-0546 __](<https://access.redhat.com/security/cve/CVE-2016-0546>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2015-4913 __](<https://access.redhat.com/security/cve/CVE-2015-4913>). ([CVE-2015-4858 __](<https://access.redhat.com/security/cve/CVE-2015-4858>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. ([CVE-2015-4815 __](<https://access.redhat.com/security/cve/CVE-2015-4815>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. ([CVE-2015-4833 __](<https://access.redhat.com/security/cve/CVE-2015-4833>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4830 __](<https://access.redhat.com/security/cve/CVE-2015-4830>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. ([CVE-2015-4836 __](<https://access.redhat.com/security/cve/CVE-2015-4836>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to UDF. ([CVE-2016-0608 __](<https://access.redhat.com/security/cve/CVE-2016-0608>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. ([CVE-2016-0609 __](<https://access.redhat.com/security/cve/CVE-2016-0609>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. ([CVE-2016-0505 __](<https://access.redhat.com/security/cve/CVE-2016-0505>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2016-0503 __](<https://access.redhat.com/security/cve/CVE-2016-0503>). ([CVE-2016-0504 __](<https://access.redhat.com/security/cve/CVE-2016-0504>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. ([CVE-2015-4890 __](<https://access.redhat.com/security/cve/CVE-2015-4890>))\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. ([CVE-2016-0601 __](<https://access.redhat.com/security/cve/CVE-2016-0601>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. ([CVE-2015-4904 __](<https://access.redhat.com/security/cve/CVE-2015-4904>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. ([CVE-2015-4905 __](<https://access.redhat.com/security/cve/CVE-2015-4905>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. ([CVE-2016-0605 __](<https://access.redhat.com/security/cve/CVE-2016-0605>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. ([CVE-2016-0606 __](<https://access.redhat.com/security/cve/CVE-2016-0606>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. ([CVE-2015-4766 __](<https://access.redhat.com/security/cve/CVE-2015-4766>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0611 __](<https://access.redhat.com/security/cve/CVE-2016-0611>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to replication. ([CVE-2016-0607 __](<https://access.redhat.com/security/cve/CVE-2016-0607>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. ([CVE-2015-4819 __](<https://access.redhat.com/security/cve/CVE-2015-4819>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. ([CVE-2015-4879 __](<https://access.redhat.com/security/cve/CVE-2015-4879>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0502 __](<https://access.redhat.com/security/cve/CVE-2016-0502>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4895 __](<https://access.redhat.com/security/cve/CVE-2015-4895>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2016-0504 __](<https://access.redhat.com/security/cve/CVE-2016-0504>). ([CVE-2016-0503 __](<https://access.redhat.com/security/cve/CVE-2016-0503>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0600 __](<https://access.redhat.com/security/cve/CVE-2016-0600>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than [CVE-2015-4792 __](<https://access.redhat.com/security/cve/CVE-2015-4792>). ([CVE-2015-4802 __](<https://access.redhat.com/security/cve/CVE-2015-4802>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. ([CVE-2015-4800 __](<https://access.redhat.com/security/cve/CVE-2015-4800>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. ([CVE-2015-4826 __](<https://access.redhat.com/security/cve/CVE-2015-4826>)) \n\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-debuginfo-5.6.29-1.14.amzn1.i686 \n mysql56-common-5.6.29-1.14.amzn1.i686 \n mysql56-test-5.6.29-1.14.amzn1.i686 \n mysql56-errmsg-5.6.29-1.14.amzn1.i686 \n mysql56-server-5.6.29-1.14.amzn1.i686 \n mysql56-devel-5.6.29-1.14.amzn1.i686 \n mysql56-5.6.29-1.14.amzn1.i686 \n mysql56-libs-5.6.29-1.14.amzn1.i686 \n mysql56-bench-5.6.29-1.14.amzn1.i686 \n mysql56-embedded-devel-5.6.29-1.14.amzn1.i686 \n mysql56-embedded-5.6.29-1.14.amzn1.i686 \n \n src: \n mysql56-5.6.29-1.14.amzn1.src \n \n x86_64: \n mysql56-test-5.6.29-1.14.amzn1.x86_64 \n mysql56-bench-5.6.29-1.14.amzn1.x86_64 \n mysql56-server-5.6.29-1.14.amzn1.x86_64 \n mysql56-5.6.29-1.14.amzn1.x86_64 \n mysql56-devel-5.6.29-1.14.amzn1.x86_64 \n mysql56-errmsg-5.6.29-1.14.amzn1.x86_64 \n mysql56-embedded-5.6.29-1.14.amzn1.x86_64 \n mysql56-debuginfo-5.6.29-1.14.amzn1.x86_64 \n mysql56-libs-5.6.29-1.14.amzn1.x86_64 \n mysql56-common-5.6.29-1.14.amzn1.x86_64 \n mysql56-embedded-devel-5.6.29-1.14.amzn1.x86_64 \n \n \n", "modified": "2016-04-06T14:40:00", "published": "2016-04-06T14:40:00", "id": "ALAS-2016-684", "href": "https://alas.aws.amazon.com/ALAS-2016-684.html", "title": "Important: mysql56", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "description": "Quarterly update closes 140 vulnerabilities in different applications.", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:56", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 153 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-09-29T00:00:00", "published": "2015-10-20T00:00:00", "id": "ORACLE:CPUOCT2015-2367953", "href": "", "title": "Oracle Critical Patch Update - October 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}