{"cve": [{"lastseen": "2019-06-07T13:18:10", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", "modified": "2019-03-04T14:50:00", "id": "CVE-2016-5584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5584", "published": "2016-10-25T14:30:00", "title": "CVE-2016-5584", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:15:39", "bulletinFamily": "NVD", "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", "modified": "2017-07-29T01:34:00", "id": "CVE-2016-7440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7440", "published": "2016-12-13T16:59:00", "title": "CVE-2016-7440", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2017-06-08T00:16:32", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-11-21T21:57:00", "published": "2016-11-21T21:57:00", "href": "https://support.f5.com/csp/article/K62477129", "id": "F5:K62477129", "type": "f5", "title": "MySQL vulnerability CVE-2016-5584", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-11-28T21:27:11", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-11-21T00:00:00", "published": "2016-11-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/62/sol62477129.html", "id": "SOL62477129", "type": "f5", "title": "SOL62477129 - MySQL vulnerability CVE-2016-5584", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:13", "bulletinFamily": "unix", "description": "Package : mysql-5.5\nVersion : 5.5.53-0+deb7u1\nCVE ID : CVE-2016-5584 CVE-2016-7440\nDebian Bug : 841050\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n * https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\n * http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n\nAlso note that packaging will now create /var/lib/mysql-files, as\nserver will now by default restrict all import/export operations to\nthis directory.This can be changed using the secure-file-priv\nconfiguration option.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.53-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2016-11-16T10:19:39", "published": "2016-11-16T10:19:39", "id": "DEBIAN:DLA-708-1:93367", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201611/msg00015.html", "title": "[SECURITY] [DLA 708-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-30T02:22:33", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3706-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 07, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2016-5584 CVE-2016-7440\nDebian Bug : 841050\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.53-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-11-07T06:13:00", "published": "2016-11-07T06:13:00", "id": "DEBIAN:DSA-3706-1:B113D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00289.html", "title": "[SECURITY] [DSA 3706-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-30T02:22:02", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3711-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2016-3492 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624\n CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440\n CVE-2016-8283\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.28. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.28-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 10.0.28-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.28-1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-11-11T21:02:32", "published": "2016-11-11T21:02:32", "id": "DEBIAN:DSA-3711-1:38804", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00294.html", "title": "[SECURITY] [DSA 3711-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:39:12", "bulletinFamily": "scanner", "description": "The MariaDB project reports :\n\nFixes for the following security vulnerabilities :\n\n- CVE-2016-7440\n\n- CVE-2016-5584", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_9BC14850A07011E6A881B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/94458", "published": "2016-11-02T00:00:00", "title": "FreeBSD : MySQL -- multiple vulnerabilities (9bc14850-a070-11e6-a881-b499baebfeaf)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94458);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n\n script_name(english:\"FreeBSD : MySQL -- multiple vulnerabilities (9bc14850-a070-11e6-a881-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MariaDB project reports :\n\nFixes for the following security vulnerabilities :\n\n- CVE-2016-7440\n\n- CVE-2016-5584\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5553-release-notes/\"\n );\n # https://vuxml.freebsd.org/freebsd/9bc14850-a070-11e6-a881-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7995e5a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.53\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-server<5.5.53\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.34\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-11-03T12:31:11", "bulletinFamily": "scanner", "description": "Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL\n5.7.16.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-3109-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94287", "published": "2016-10-26T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3109-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3109-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94287);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n script_xref(name:\"USN\", value:\"3109-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3109-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL\n5.7.16.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3109-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected mysql-server-5.5 and / or mysql-server-5.7\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.53-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.53-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.16-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.16-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5 / mysql-server-5.7\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-11-01T02:20:40", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-708.NASL", "href": "https://www.tenable.com/plugins/nessus/94916", "published": "2016-11-16T00:00:00", "title": "Debian DLA-708-1 : mysql-5.5 security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-708-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94916);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n\n script_name(english:\"Debian DLA-708-1 : mysql-5.5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\n - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\n\n - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n\nAlso note that packaging will now create /var/lib/mysql-files, as\nserver will now by default restrict all import/export operations to\nthis directory.This can be changed using the secure-file-priv\nconfiguration option.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.53-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/11/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56b7dec5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-core-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-source-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.53-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.53-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-11-01T02:55:21", "bulletinFamily": "scanner", "description": "The version of MariaDB running on the remote host is 10.1.x prior to\n10.1.19. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n Note that this vulnerability does not affect MariaDB\n packages included in Red Hat products since they", "modified": "2019-11-02T00:00:00", "id": "MARIADB_10_1_19.NASL", "href": "https://www.tenable.com/plugins/nessus/95541", "published": "2016-12-05T00:00:00", "title": "MariaDB 10.1.x < 10.1.19 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95541);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n script_bugtraq_id(93735, 93659);\n\n script_name(english:\"MariaDB 10.1.x < 10.1.19 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 10.1.x prior to\n10.1.19. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n Note that this vulnerability does not affect MariaDB\n packages included in Red Hat products since they're\n built against system OpenSSL packages. (CVE-2016-7440)\n\n - A flaw exists in the fill_alter_inplace_info() function\n in sql_table.cc that is triggered when altering \n persistent virtual columns. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - A flaw exists in the mysql_rm_table_no_locks() function\n in sql_table.cc that is triggered during the handling of\n CREATE OR REPLACE TABLE queries. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - A flaw exists in the buf_page_is_checksum_valid*\n functions in buf0buf.cc that is triggered during the\n handling of encrypted information. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - A flaw exists in the wsrep_replicate_myisam\n functionality that is triggered when dropping MyISAM\n tables. An authenticated, remote attacker can exploit\n this to crash the database, resulting in a denial of\n service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10119-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10119-release-notes/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.1.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'10.1.19-MariaDB', min:'10.1', severity:SECURITY_WARNING);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-11-01T02:21:28", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3706.NASL", "href": "https://www.tenable.com/plugins/nessus/94589", "published": "2016-11-07T00:00:00", "title": "Debian DSA-3706-1 : mysql-5.5 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94589);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n script_xref(name:\"DSA\", value:\"3706\");\n\n script_name(english:\"Debian DSA-3706-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -53.html\n -\n http://www.oracle.com/technetwork/security-advisory/cpuo\n ct2016-2881722.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56b7dec5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.5.53-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient18\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-dev\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-pic\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-common\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite\", reference:\"5.5.53-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.53-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-11-03T12:18:35", "bulletinFamily": "scanner", "description": "This mysql version update to 5.5.53 fixes the following issues :\n\n - CVE-2016-6662: Unspecified vulnerability in subcomponent\n Logging (bsc#1005580)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558) Release Notes:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 53.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-2780-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94757", "published": "2016-11-14T00:00:00", "title": "SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2780-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2780-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94757);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/11 11:22:14\");\n\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-6662\", \"CVE-2016-7440\");\n\n script_name(english:\"SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2780-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mysql version update to 5.5.53 fixes the following issues :\n\n - CVE-2016-6662: Unspecified vulnerability in subcomponent\n Logging (bsc#1005580)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558) Release Notes:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 53.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6662/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7440/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162780-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?562a3e3d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mysql-12847=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mysql-12847=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mysql-12847=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.53-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.53-0.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:10:49", "bulletinFamily": "scanner", "description": "New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2016-305-03.NASL", "href": "https://www.tenable.com/plugins/nessus/94440", "published": "2016-11-01T00:00:00", "title": "Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-305-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94440);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:14\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n script_xref(name:\"SSA\", value:\"2016-305-03\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.484350\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c44d1a5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.53\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.53\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:35", "bulletinFamily": "scanner", "description": "This mariadb update to version 10.0.28 fixes the following issues\n(bsc#1008318): Security fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent\n Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent\n Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent\n GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent\n DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent\n MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent\n Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition\n (bsc#1001367) Bugfixes :\n\n - mysql_install_db can", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-2932-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95383", "published": "2016-11-29T00:00:00", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2932-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95383);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/11 11:22:14\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb update to version 10.0.28 fixes the following issues\n(bsc#1008318): Security fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent\n Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent\n Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent\n GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent\n DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent\n MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent\n Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition\n (bsc#1001367) Bugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic\n (bsc#1003800)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008318\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5624/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5626/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5629/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7440/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8283/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44e8bca1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1718=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1718=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-20.16.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:57:24", "bulletinFamily": "scanner", "description": "The version of MySQL running on the remote host is 5.5.x prior to\n5.5.53. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a ", "modified": "2019-11-02T00:00:00", "id": "MYSQL_5_5_53.NASL", "href": "https://www.tenable.com/plugins/nessus/94165", "published": "2016-10-20T00:00:00", "title": "MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94165);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/07 17:08:17\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5584\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 92912,\n 93612,\n 93614,\n 93638,\n 93650,\n 93659,\n 93668,\n 93735,\n 93737\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.53. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.5.53', min:'5.5', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:55:20", "bulletinFamily": "scanner", "description": "The version of MariaDB running on the remote host is 10.0.x prior to\n10.0.28. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5624)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - An unspecified flaw exists that allows an authenticated,\n remote attacker to bypass restrictions and create the\n /var/lib/mysql/my.cnf file with custom contents without\n the FILE privilege requirement. (CVE-2016-6663)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n Note that this vulnerability does not affect MariaDB\n packages included in Red Hat products since they", "modified": "2019-11-02T00:00:00", "id": "MARIADB_10_0_28.NASL", "href": "https://www.tenable.com/plugins/nessus/95540", "published": "2016-12-05T00:00:00", "title": "MariaDB 10.0.x < 10.0.28 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95540);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5584\",\n \"CVE-2016-5616\",\n \"CVE-2016-5624\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6663\",\n \"CVE-2016-7440\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 92911,\n 93614,\n 93635,\n 93638,\n 93650,\n 93659,\n 93668,\n 93735,\n 93737\n );\n script_xref(name:\"EDB-ID\", value:\"40678\");\n\n script_name(english:\"MariaDB 10.0.x < 10.0.28 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 10.0.x prior to\n10.0.28. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5624)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - An unspecified flaw exists that allows an authenticated,\n remote attacker to bypass restrictions and create the\n /var/lib/mysql/my.cnf file with custom contents without\n the FILE privilege requirement. (CVE-2016-6663)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n Note that this vulnerability does not affect MariaDB\n packages included in Red Hat products since they're\n built against system OpenSSL packages. (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-8283)\n\n - A flaw exists in the fix_after_pullout() function in\n item.cc that is triggered when handling a prepared\n statement with a conversion to semi-join. An\n authenticated, remote attacker can exploit this to crash\n the database, resulting in a denial of service\n condition.\n\n - A flaw exists in the mysql_admin_table() function in\n sql_admin.cc that is triggered when handling\n re-execution of certain ANALYZE TABLE prepared\n statements. An authenticated, remote attacker can\n exploit this to crash the database, resulting in a\n denial of service condition.\n\n - A flaw exists in the fill_alter_inplace_info() function\n in sql_table.cc that is triggered when altering \n persistent virtual columns. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - A flaw exists in the mysql_rm_table_no_locks() function\n in sql_table.cc that is triggered during the handling of\n CREATE OR REPLACE TABLE queries. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10028-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'10.0.28-MariaDB', min:'10.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310842928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842928", "title": "Ubuntu Update for mysql-5.7 USN-3109-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.7 USN-3109-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842928\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 05:00:43 +0200 (Wed, 26 Oct 2016)\");\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3109-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered\n in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\nUbuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 16.04 LTS,\n Ubuntu 16.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3109-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3109-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.53-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.53-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.16-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.16-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:54:37", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2017-07-07T00:00:00", "published": "2016-11-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703706", "id": "OPENVAS:703706", "title": "Debian Security Advisory DSA 3706-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3706.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3706-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703706);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n script_name(\"Debian Security Advisory DSA 3706-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-07 00:00:00 +0100 (Mon, 07 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3706.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.53-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.53-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.", "modified": "2019-03-18T00:00:00", "published": "2016-11-07T00:00:00", "id": "OPENVAS:1361412562310703706", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703706", "title": "Debian Security Advisory DSA 3706-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3706.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3706-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703706\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-7440\");\n script_name(\"Debian Security Advisory DSA 3706-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-07 00:00:00 +0100 (Mon, 07 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3706.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.53-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.53-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2019-01-08T00:00:00", "published": "2016-10-19T00:00:00", "id": "OPENVAS:1361412562310809386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809386", "title": "Oracle MySQL Security Updates (oct2016-2881722) 09 - Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_oct2016-2881722_09_win.nasl 12983 2019-01-08 15:30:19Z cfischer $\n#\n# Oracle MySQL Security Updates (oct2016-2881722) 09 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809386\");\n script_version(\"$Revision: 12983 $\");\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-6662\", \"CVE-2016-7440\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-08 16:30:19 +0100 (Tue, 08 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-19 15:53:59 +0530 (Wed, 19 Oct 2016)\");\n script_name(\"Oracle MySQL Security Updates (oct2016-2881722) 09 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n unspecified errors in 'Server: Security: Encryption' and 'Server: Logging'\n components.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote user to access restricted data.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.52 and earlier,\n 5.6.33 and earlier, 5.7.15 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_all_app_ports_from_list(cpe_list:cpe_list)) exit( 0 );\nCPE = infos['cpe'];\nsqlPort = infos['port'];\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.52\") ||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.33\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.15\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version:\"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2019-01-08T00:00:00", "published": "2016-10-19T00:00:00", "id": "OPENVAS:1361412562310809387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809387", "title": "Oracle MySQL Security Updates (oct2016-2881722) 09 - Linux", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_oct2016-2881722_09_lin.nasl 12983 2019-01-08 15:30:19Z cfischer $\n#\n# Oracle MySQL Security Updates (oct2016-2881722) 09 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809387\");\n script_version(\"$Revision: 12983 $\");\n script_cve_id(\"CVE-2016-5584\", \"CVE-2016-6662\", \"CVE-2016-7440\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-08 16:30:19 +0100 (Tue, 08 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-19 15:53:59 +0530 (Wed, 19 Oct 2016)\");\n script_name(\"Oracle MySQL Security Updates (oct2016-2881722) 09 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n unspecified errors in 'Server: Security: Encryption' and 'Server: Logging'\n components.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote user to access restricted data.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.52 and earlier,\n 5.6.33 and earlier, 5.7.15 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_all_app_ports_from_list(cpe_list:cpe_list)) exit( 0 );\nCPE = infos['cpe'];\nsqlPort = infos['port'];\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.52\") ||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.33\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.15\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version:\"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:08", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.28. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/", "modified": "2017-07-07T00:00:00", "published": "2016-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703711", "id": "OPENVAS:703711", "title": "Debian Security Advisory DSA 3711-1 (mariadb-10.0 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3711.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3711-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703711);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n script_name(\"Debian Security Advisory DSA 3711-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-11 00:00:00 +0100 (Fri, 11 Nov 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3711.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.28-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 10.0.28-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.28-1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.28. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.28-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmariadbclient-dev\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmariadbclient-dev-compat\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmariadbclient18\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmariadbd18\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-plugin-connect\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-plugin-mroonga\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-plugin-oqgraph\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-plugin-spider\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-plugin-tokudb\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-data\", ver:\"10.0.28-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310851507", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851507", "title": "SuSE Update for mariadb openSUSE-SU-2016:3025-1 (mariadb)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_3025_1.nasl 14110 2019-03-12 09:28:23Z cfischer $\n#\n# SuSE Update for mariadb openSUSE-SU-2016:3025-1 (mariadb)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851507\");\n script_version(\"$Revision: 14110 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 10:28:23 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:16:56 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\",\n \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\",\n \"CVE-2016-8283\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for mariadb openSUSE-SU-2016:3025-1 (mariadb)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This mariadb update to version 10.0.28 fixes the following issues\n (bsc#1008318):\n\n Security fixes:\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types\n (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated\n (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS\n (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML\n (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM\n (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer\n (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\n Bugfixes:\n\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@' with '/etc' as it\n wasn't expanded properly (bsc#990890)\n\n - Notable changes:\n\n * XtraDB updated to 5.6.33-79.0\n\n * TokuDB updated to 5.6.33-79.0\n\n * Innodb updated to 5.6.33\n\n * Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog are linked in the references.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3025_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10028-release-notes\");\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10028-changelog\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.28~15.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310851443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851443", "title": "SuSE Update for mariadb openSUSE-SU-2016:3028-1 (mariadb)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_3028_1.nasl 14110 2019-03-12 09:28:23Z cfischer $\n#\n# SuSE Update for mariadb openSUSE-SU-2016:3028-1 (mariadb)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851443\");\n script_version(\"$Revision: 14110 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 10:28:23 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:01:16 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\",\n \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\",\n \"CVE-2016-8283\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for mariadb openSUSE-SU-2016:3028-1 (mariadb)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This mariadb update to version 10.0.28 fixes the following issues\n (bsc#1008318):\n\n Security fixes:\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types\n (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated\n (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS\n (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML\n (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM\n (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer\n (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\n Bugfixes:\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@' with '/etc' as it\n wasn't expanded properly (bsc#990890)\n\n - Notable changes:\n\n * XtraDB updated to 5.6.33-79.0\n\n * TokuDB updated to 5.6.33-79.0\n\n * Innodb updated to 5.6.33\n\n * Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog are linked in the references.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3028_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10028-release-notes\");\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10028-changelog\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.28~15.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.28.", "modified": "2019-03-18T00:00:00", "published": "2016-11-11T00:00:00", "id": "OPENVAS:1361412562310703711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703711", "title": "Debian Security Advisory DSA 3711-1 (mariadb-10.0 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3711.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3711-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703711\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n script_name(\"Debian Security Advisory DSA 3711-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-11 00:00:00 +0100 (Fri, 11 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3711.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.28-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 10.0.28-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.28-1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.28.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.28-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient-dev\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient-dev-compat\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient18\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbd18\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-connect\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-mroonga\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-oqgraph\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-spider\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-tokudb\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-data\", ver:\"10.0.28-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-11-11T00:00:00", "id": "OPENVAS:1361412562310851430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851430", "title": "SuSE Update for mysql-community-server openSUSE-SU-2016:2769-1 (mysql-community-server)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_2769_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for mysql-community-server openSUSE-SU-2016:2769-1 (mysql-community-server)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851430\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-11 05:46:58 +0100 (Fri, 11 Nov 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-3459\", \"CVE-2016-3477\", \"CVE-2016-3486\",\n \"CVE-2016-3492\", \"CVE-2016-3501\", \"CVE-2016-3521\", \"CVE-2016-3614\",\n \"CVE-2016-3615\", \"CVE-2016-5439\", \"CVE-2016-5440\", \"CVE-2016-5507\",\n \"CVE-2016-5584\", \"CVE-2016-5609\", \"CVE-2016-5612\", \"CVE-2016-5616\",\n \"CVE-2016-5617\", \"CVE-2016-5626\", \"CVE-2016-5627\", \"CVE-2016-5629\",\n \"CVE-2016-5630\", \"CVE-2016-6304\", \"CVE-2016-6662\", \"CVE-2016-7440\",\n \"CVE-2016-8283\", \"CVE-2016-8284\", \"CVE-2016-8288\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for mysql-community-server openSUSE-SU-2016:2769-1 (mysql-community-server)\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"mysql-community-server was updated to 5.6.34 to fix the following issues:\n\n * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,\n CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,\n CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,\n CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,\n CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,\n CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,\n CVE-2016-3459, CVE-2016-5439, CVE-2016-5440\n\n * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581],\n [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566],\n [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582],\n [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570],\n [boo#1005583], [boo#1005586], [boo#989913], [boo#977614],\n [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921],\n [boo#989911], [boo#989925], [boo#989926]\n\n - append '--ignore-db-dir=lost+found' to the mysqld options in\n 'mysql-systemd-helper' script if 'lost+found' directory is found in\n $datadir [boo#986251]\n\n - remove syslog.target from *.service files [boo#983938]\n\n - add systemd to deps to build on leap and friends\n\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n\n - remove useless mysql@default.service [boo#971456]\n\n - replace all occurrences of the string '@sysconfdir@' with '/etc' in\n mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded\n properly [boo#990890]\n\n - remove '%define _rundir' as 13.1 is out of support scope\n\n - run 'usermod -g mysql mysql' only if mysql user is not in mysql group.\n Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have\n '/bin/false' shell set.\n\n - re-enable mysql profiling\");\n script_tag(name:\"affected\", value:\"mysql-community-server on openSUSE Leap 42.1, openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2769_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-community-server'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.34~2.23.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:15", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html> <http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html> <http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html>", "modified": "2016-10-25T00:00:00", "published": "2016-10-25T00:00:00", "id": "USN-3109-1", "href": "https://usn.ubuntu.com/3109-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2016-11-12T09:27:54", "bulletinFamily": "unix", "description": "This mysql version update to 5.5.53 fixes the following issues:\n\n - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging\n (bsc#1005580)\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n\n Release Notes:\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html</a>\n\n", "modified": "2016-11-12T08:06:44", "published": "2016-11-12T08:06:44", "id": "SUSE-SU-2016:2780-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00025.html", "title": "Security update for mysql (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-28T21:30:05", "bulletinFamily": "unix", "description": "This mariadb update to version 10.0.28 fixes the following issues\n (bsc#1008318):\n\n Security fixes:\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types\n (bsc#1005582)\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated\n (bsc#1005569)\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS\n (bsc#1005566)\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML\n (bsc#1005564)\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM\n (bsc#1005562)\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer\n (bsc#1005555)\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\n Bugfixes:\n - mysql_install_db can't find data files (bsc#1006539)\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n - Notable changes:\n * XtraDB updated to 5.6.33-79.0\n * TokuDB updated to 5.6.33-79.0\n * Innodb updated to 5.6.33\n * Performance Schema updated to 5.6.33\n - Release notes and upstream changelog:\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-release-notes\">https://kb.askmonty.org/en/mariadb-10028-release-notes</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-changelog\">https://kb.askmonty.org/en/mariadb-10028-changelog</a>\n\n", "modified": "2016-11-28T20:07:13", "published": "2016-11-28T20:07:13", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00042.html", "id": "SUSE-SU-2016:2932-1", "type": "suse", "title": "Security update for mariadb (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-28T21:30:05", "bulletinFamily": "unix", "description": "This mariadb update to version 10.0.28 fixes the following issues\n (bsc#1008318):\n\n Security fixes:\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types\n (bsc#1005582)\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated\n (bsc#1005569)\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS\n (bsc#1005566)\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML\n (bsc#1005564)\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM\n (bsc#1005562)\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer\n (bsc#1005555)\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\n Bugfixes:\n - mysql_install_db can't find data files (bsc#1006539)\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n - Remove useless mysql@default.service (bsc#1004477)\n - Replace all occurrences of the string "@sysconfdir@" with "/etc" as it\n wasn't expanded properly (bsc#990890)\n - Notable changes:\n * XtraDB updated to 5.6.33-79.0\n * TokuDB updated to 5.6.33-79.0\n * Innodb updated to 5.6.33\n * Performance Schema updated to 5.6.33\n - Release notes and upstream changelog:\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-release-notes\">https://kb.askmonty.org/en/mariadb-10028-release-notes</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-changelog\">https://kb.askmonty.org/en/mariadb-10028-changelog</a>\n\n", "modified": "2016-11-28T20:09:17", "published": "2016-11-28T20:09:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00043.html", "id": "SUSE-SU-2016:2933-1", "type": "suse", "title": "Recommended update for mariadb (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-12-06T17:29:07", "bulletinFamily": "unix", "description": "This mariadb update to version 10.0.28 fixes the following issues\n (bsc#1008318):\n\n Security fixes:\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types\n (bsc#1005582)\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated\n (bsc#1005569)\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS\n (bsc#1005566)\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML\n (bsc#1005564)\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM\n (bsc#1005562)\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer\n (bsc#1005555)\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\n Bugfixes:\n - mysql_install_db can't find data files (bsc#1006539)\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n - Remove useless mysql@default.service (bsc#1004477)\n - Replace all occurrences of the string "@sysconfdir@" with "/etc" as it\n wasn't expanded properly (bsc#990890)\n - Notable changes:\n * XtraDB updated to 5.6.33-79.0\n * TokuDB updated to 5.6.33-79.0\n * Innodb updated to 5.6.33\n * Performance Schema updated to 5.6.33\n - Release notes and upstream changelog:\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-release-notes\">https://kb.askmonty.org/en/mariadb-10028-release-notes</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-changelog\">https://kb.askmonty.org/en/mariadb-10028-changelog</a>\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "modified": "2016-12-06T16:11:11", "published": "2016-12-06T16:11:11", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00015.html", "id": "OPENSUSE-SU-2016:3028-1", "type": "suse", "title": "Security update for mariadb (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-12-06T17:29:07", "bulletinFamily": "unix", "description": "This mariadb update to version 10.0.28 fixes the following issues\n (bsc#1008318):\n\n Security fixes:\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types\n (bsc#1005582)\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005581)\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated\n (bsc#1005569)\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS\n (bsc#1005566)\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML\n (bsc#1005564)\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM\n (bsc#1005562)\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption\n (bsc#1005558)\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer\n (bsc#1005555)\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\n Bugfixes:\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n - Remove useless mysql@default.service (bsc#1004477)\n - Replace all occurrences of the string "@sysconfdir@" with "/etc" as it\n wasn't expanded properly (bsc#990890)\n - Notable changes:\n * XtraDB updated to 5.6.33-79.0\n * TokuDB updated to 5.6.33-79.0\n * Innodb updated to 5.6.33\n * Performance Schema updated to 5.6.33\n - Release notes and upstream changelog:\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-release-notes\">https://kb.askmonty.org/en/mariadb-10028-release-notes</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10028-changelog\">https://kb.askmonty.org/en/mariadb-10028-changelog</a>\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "modified": "2016-12-06T16:07:37", "published": "2016-12-06T16:07:37", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00014.html", "id": "OPENSUSE-SU-2016:3025-1", "type": "suse", "title": "Security update for mariadb (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-12T17:27:59", "bulletinFamily": "unix", "description": "mysql-community-server was updated to 5.6.34 to fix the following issues:\n\n * Changes <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html</a>\n * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,\n CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,\n CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,\n CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,\n CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,\n CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,\n CVE-2016-3459, CVE-2016-5439, CVE-2016-5440\n * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581],\n [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566],\n [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582],\n [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570],\n [boo#1005583], [boo#1005586], [boo#989913], [boo#977614],\n [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921],\n [boo#989911], [boo#989925], [boo#989926]\n - append "--ignore-db-dir=lost+found" to the mysqld options in\n "mysql-systemd-helper" script if "lost+found" directory is found in\n $datadir [boo#986251]\n - remove syslog.target from *.service files [boo#983938]\n - add systemd to deps to build on leap and friends\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n - remove useless mysql@default.service [boo#971456]\n - replace all occurrences of the string "@sysconfdir@" with "/etc" in\n mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded\n properly [boo#990890]\n - remove '%define _rundir' as 13.1 is out of support scope\n - run 'usermod -g mysql mysql' only if mysql user is not in mysql group.\n Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have\n '/bin/false' shell set.\n - re-enable mysql profiling\n\n", "modified": "2016-11-12T15:04:50", "published": "2016-11-12T15:04:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", "id": "OPENSUSE-SU-2016:2788-1", "title": "Security update for mysql-community-server (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-10T17:28:02", "bulletinFamily": "unix", "description": "mysql-community-server was updated to 5.6.34 to fix the following issues:\n\n * Changes <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html</a>\n * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,\n CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,\n CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,\n CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,\n CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,\n CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,\n CVE-2016-3459, CVE-2016-5439, CVE-2016-5440\n * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581],\n [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566],\n [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582],\n [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570],\n [boo#1005583], [boo#1005586], [boo#989913], [boo#977614],\n [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921],\n [boo#989911], [boo#989925], [boo#989926]\n - append "--ignore-db-dir=lost+found" to the mysqld options in\n "mysql-systemd-helper" script if "lost+found" directory is found in\n $datadir [boo#986251]\n - remove syslog.target from *.service files [boo#983938]\n - add systemd to deps to build on leap and friends\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n - remove useless mysql@default.service [boo#971456]\n - replace all occurrences of the string "@sysconfdir@" with "/etc" in\n mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded\n properly [boo#990890]\n - remove '%define _rundir' as 13.1 is out of support scope\n - run 'usermod -g mysql mysql' only if mysql user is not in mysql group.\n Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have\n '/bin/false' shell set.\n - re-enable mysql profiling\n\n", "modified": "2016-11-10T17:08:28", "published": "2016-11-10T17:08:28", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", "id": "OPENSUSE-SU-2016:2769-1", "type": "suse", "title": "Security update for mysql-community-server (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:25", "bulletinFamily": "unix", "description": "New mariadb packages are available for Slackware 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mariadb-10.0.28-i586-1_slack14.2.txz: Upgraded.\n This update fixes several security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663\n (* Security fix *)\npatches/packages/mariadb-10.0.28-i586-1_slack14.2.txz: Upgraded.\n This update fixes several security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.53-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.53-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.28-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.28-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.28-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.28-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nf35d96e4eeb5e2b06cf91864a2761dc9 mariadb-5.5.53-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0385be13012155e0db9df331279d5c2 mariadb-5.5.53-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ndf3be509f54385d5ab0fd7f646ec9d88 mariadb-10.0.28-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n0d6c22025351c0c82f3454700326ca3f mariadb-10.0.28-x86_64-1_slack14.2.txz\n\nSlackware -current package:\neccd4ad87dec3c55ce6f815dc1238e04 ap/mariadb-10.0.28-i586-1.txz\n\nSlackware x86_64 -current package:\nc3a298678c98073a69e9058026a2b703 ap/mariadb-10.0.28-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-10.0.28-i586-1_slack14.2.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2016-10-31T20:40:41", "published": "2016-10-31T20:40:41", "id": "SSA-2016-305-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.484350", "title": "mariadb", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2017-01-01T22:15:35", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAttackers could execute arbitrary code, escalate privileges, and impact availability via unspecified vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MariaDB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mariadb-10.0.28\"\n \n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.6.34\"", "modified": "2017-01-01T00:00:00", "published": "2017-01-01T00:00:00", "href": "https://security.gentoo.org/glsa/201701-01", "id": "GLSA-201701-01", "type": "gentoo", "title": "MariaDB and MySQL: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:59", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 253 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2019-05-16T00:00:00", "published": "2016-10-18T00:00:00", "id": "ORACLE:CPUOCT2016-2881722", "href": "", "title": "Oracle Critical Patch Update - October 2016", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
