ID ALA_ALAS-2017-888.NASL Type nessus Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-02-02T00:00:00
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Charsets). Supported versions that are affected
are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Difficult to exploit vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Server. (CVE-2017-3648)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are
affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2017-3649)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client mysqldump). Supported versions that are affected
are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible
data. (CVE-2017-3651)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible
data. (CVE-2017-3653)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2017-3641)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are
affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2017-3647)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Memcached). Supported versions that are
affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via Memcached to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well
as unauthorized update, insert or delete access to some of MySQL
Server accessible data. (CVE-2017-3633)
C API unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/C). Supported versions that are affected are
6.1.10 and earlier. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to
compromise MySQL Connectors. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Connectors. Note: The
documentation has also been updated for the correct way to use
mysql_stmt_close(). Please see:
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.
(CVE-2017-3635)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server.
(CVE-2017-3634)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible
data as well as unauthorized read access to a subset of MySQL Server
accessible data. (CVE-2017-3652)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-888.
#
include("compat.inc");
if (description)
{
script_id(102876);
script_version("3.4");
script_cvs_date("Date: 2019/07/10 16:04:12");
script_cve_id("CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653");
script_xref(name:"ALAS", value:"2017-888");
script_name(english:"Amazon Linux AMI : mysql56 (ALAS-2017-888)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Server: Charsets unspecified vulnerability (CPU Jul 2017) :
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Charsets). Supported versions that are affected
are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Difficult to exploit vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Server. (CVE-2017-3648)
Server: Replication unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are
affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2017-3649)
Client mysqldump unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client mysqldump). Supported versions that are affected
are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible
data. (CVE-2017-3651)
Server: DDL unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible
data. (CVE-2017-3653)
Server: DML unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2017-3641)
Replication unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are
affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2017-3647)
Server: Memcached unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Memcached). Supported versions that are
affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via Memcached to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well
as unauthorized update, insert or delete access to some of MySQL
Server accessible data. (CVE-2017-3633)
C API unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/C). Supported versions that are affected are
6.1.10 and earlier. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to
compromise MySQL Connectors. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Connectors. Note: The
documentation has also been updated for the correct way to use
mysql_stmt_close(). Please see:
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html,
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and
https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.
(CVE-2017-3635)
Server: DML unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server.
(CVE-2017-3634)
Server: DDL unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.
Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible
data as well as unauthorized read access to a subset of MySQL Server
accessible data. (CVE-2017-3652)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2017-888.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update mysql56' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-errmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"mysql56-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-bench-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-common-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-debuginfo-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-devel-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-embedded-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-embedded-devel-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-errmsg-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-libs-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-server-5.6.37-1.26.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql56-test-5.6.37-1.26.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc");
}
{"id": "ALA_ALAS-2017-888.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : mysql56 (ALAS-2017-888)", "description": "Server: Charsets unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Charsets). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. (CVE-2017-3648)\n\nServer: Replication unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to\nexploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3649)\n\nClient mysqldump unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3651)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3653)\n\nServer: DML unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily\nexploitable vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3641)\n\nReplication unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to\nexploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3647)\n\nServer: Memcached unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Memcached). Supported versions that are\naffected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to\nexploit vulnerability allows unauthenticated attacker with network\naccess via Memcached to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server as well\nas unauthorized update, insert or delete access to some of MySQL\nServer accessible data. (CVE-2017-3633)\n\nC API unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Connectors component of Oracle MySQL\n(subcomponent: Connector/C). Supported versions that are affected are\n6.1.10 and earlier. Difficult to exploit vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors. Successful attacks of this vulnerability\ncan result in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Connectors. Note: The\ndocumentation has also been updated for the correct way to use\nmysql_stmt_close(). Please see:\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.\n(CVE-2017-3635)\n\nServer: DML unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server.\n(CVE-2017-3634)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata as well as unauthorized read access to a subset of MySQL Server\naccessible data. (CVE-2017-3652)", "published": "2017-09-01T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/102876", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://alas.aws.amazon.com/ALAS-2017-888.html"], "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3634"], "type": "nessus", "lastseen": "2021-02-01T01:21:39", "edition": 25, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2017-7C039552FA.NASL", "DEBIAN_DLA-1043.NASL", "MYSQL_5_5_57_RPM.NASL", "DEBIAN_DSA-3922.NASL", "MYSQL_5_6_37_RPM.NASL", "OPENSUSE-2017-866.NASL", "FEDORA_2017-EE93493BEA.NASL", "MYSQL_5_6_37.NASL", "SUSE_SU-2017-2290-1.NASL", "MYSQL_5_5_57.NASL"]}, {"type": "amazon", "idList": ["ALAS-2017-887", "ALAS-2017-888", "ALAS2-2018-1078"]}, {"type": "fedora", "idList": ["FEDORA:B70CB604EC19", "FEDORA:CF9346049DCC", "FEDORA:8DE4F613FFDF"]}, {"type": "f5", "idList": ["F5:K92307453", "F5:K73761475", "F5:K04327352"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843246", "OPENVAS:1361412562310873242", "OPENVAS:1361412562310811433", "OPENVAS:1361412562310811432", "OPENVAS:703922", "OPENVAS:1361412562310811436", "OPENVAS:1361412562310811437", "OPENVAS:1361412562310891043", "OPENVAS:1361412562310703922", "OPENVAS:1361412562310873246"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1043-1:9386A", "DEBIAN:DSA-3922-1:71332", "DEBIAN:DSA-3944-1:A4058", "DEBIAN:DSA-3955-1:FFC41"]}, {"type": "cve", "idList": ["CVE-2017-3641", "CVE-2017-3649", "CVE-2017-3648", "CVE-2017-3635", "CVE-2017-3634", "CVE-2017-3651", "CVE-2017-3653", "CVE-2017-3633", "CVE-2017-3652", "CVE-2017-3647"]}, {"type": "ubuntu", "idList": ["USN-3357-1", "USN-3357-2"]}, {"type": "freebsd", "idList": ["CDA2F3C2-6C8B-11E7-867F-B499BAEBFEAF"]}, {"type": "slackware", "idList": ["SSA-2017-251-02"]}, {"type": "redhat", "idList": ["RHSA-2017:2192", "RHSA-2018:2729", "RHSA-2017:2787", "RHSA-2018:2439", "RHSA-2016:2928", "RHSA-2016:2927", "RHSA-2018:0574", "RHSA-2018:0279", "RHSA-2017:2886"]}, {"type": "gentoo", "idList": ["GLSA-201802-04"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-2439"]}, {"type": "centos", "idList": ["CESA-2018:2439", "CESA-2017:2192"]}], "modified": "2021-02-01T01:21:39", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-01T01:21:39", "rev": 2}, "vulnersScore": 5.8}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-888.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102876);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3641\", \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_xref(name:\"ALAS\", value:\"2017-888\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2017-888)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server: Charsets unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Charsets). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. (CVE-2017-3648)\n\nServer: Replication unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to\nexploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3649)\n\nClient mysqldump unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3651)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3653)\n\nServer: DML unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily\nexploitable vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3641)\n\nReplication unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to\nexploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3647)\n\nServer: Memcached unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Memcached). Supported versions that are\naffected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to\nexploit vulnerability allows unauthenticated attacker with network\naccess via Memcached to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server as well\nas unauthorized update, insert or delete access to some of MySQL\nServer accessible data. (CVE-2017-3633)\n\nC API unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Connectors component of Oracle MySQL\n(subcomponent: Connector/C). Supported versions that are affected are\n6.1.10 and earlier. Difficult to exploit vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors. Successful attacks of this vulnerability\ncan result in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Connectors. Note: The\ndocumentation has also been updated for the correct way to use\nmysql_stmt_close(). Please see:\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.\n(CVE-2017-3635)\n\nServer: DML unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server.\n(CVE-2017-3634)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata as well as unauthorized read access to a subset of MySQL Server\naccessible data. (CVE-2017-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-888.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.37-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.37-1.26.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "102876", "cpe": ["p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-test", "p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-server", "cpe:/o:amazon:linux"], "scheme": null, "cvss3": {"score": 6.5, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}}
{"nessus": [{"lastseen": "2021-01-07T10:11:39", "description": "**Update to version 5.7.19**\n\nReplication tests in the testsuite enabled, they don't fail anymore\n\n**Resolves:**\n\n#1462688; /run #1406172; random failures of the testsuite #1417880,\n#1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894,\n#1417896; replication tests\n\n**CVE fixes:** #1472716\n\nCVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3641,\nCVE-2017-3647 CVE-2017-3648, CVE-2017-3649, CVE-2017-3651,\nCVE-2017-3652, CVE-2017-3653\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 22, "cvss3": {"score": 6.5, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}, "published": "2017-08-10T00:00:00", "title": "Fedora 25 : community-mysql (2017-7c039552fa)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3634"], "modified": "2017-08-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:community-mysql"], "id": "FEDORA_2017-7C039552FA.NASL", "href": "https://www.tenable.com/plugins/nessus/102328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7c039552fa.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102328);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3641\", \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_xref(name:\"FEDORA\", value:\"2017-7c039552fa\");\n\n script_name(english:\"Fedora 25 : community-mysql (2017-7c039552fa)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Update to version 5.7.19**\n\nReplication tests in the testsuite enabled, they don't fail anymore\n\n**Resolves:**\n\n#1462688; /run #1406172; random failures of the testsuite #1417880,\n#1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894,\n#1417896; replication tests\n\n**CVE fixes:** #1472716\n\nCVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3641,\nCVE-2017-3647 CVE-2017-3648, CVE-2017-3649, CVE-2017-3651,\nCVE-2017-3652, CVE-2017-3653\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c039552fa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"community-mysql-5.7.19-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T10:14:32", "description": "**Update to version 5.7.19**\n\nReplication tests in the testsuite enabled, they don't fail anymore\n\n**Resolves:**\n\n#1462688; /run #1406172; random failures of the testsuite #1417880,\n#1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894,\n#1417896; replication tests\n\n**CVE fixes:** #1472716\n\nCVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3641,\nCVE-2017-3647 CVE-2017-3648, CVE-2017-3649, CVE-2017-3651,\nCVE-2017-3652, CVE-2017-3653\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 22, "cvss3": {"score": 6.5, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}, "published": "2017-08-10T00:00:00", "title": "Fedora 26 : community-mysql (2017-ee93493bea)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3634"], "modified": "2017-08-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-EE93493BEA.NASL", "href": "https://www.tenable.com/plugins/nessus/102329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ee93493bea.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102329);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3641\", \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_xref(name:\"FEDORA\", value:\"2017-ee93493bea\");\n\n script_name(english:\"Fedora 26 : community-mysql (2017-ee93493bea)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Update to version 5.7.19**\n\nReplication tests in the testsuite enabled, they don't fail anymore\n\n**Resolves:**\n\n#1462688; /run #1406172; random failures of the testsuite #1417880,\n#1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894,\n#1417896; replication tests\n\n**CVE fixes:** #1472716\n\nCVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3641,\nCVE-2017-3647 CVE-2017-3648, CVE-2017-3649, CVE-2017-3651,\nCVE-2017-3652, CVE-2017-3653\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ee93493bea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"community-mysql-5.7.19-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T12:33:23", "description": "This update for mysql-community-server to version 5.6.37 fixes\nsecurity issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2017-3633: Memcached unspecified vulnerability\n (boo#1049394) \n\n - CVE-2017-3634: DML unspecified vulnerability\n (boo#1049396) \n\n - CVE-2017-3635: C API unspecified vulnerability\n (boo#1049398) \n\n - CVE-2017-3636: Client programs unspecified vulnerability\n (boo#1049399) \n\n - CVE-2017-3641: DML unspecified vulnerability\n (boo#1049404) \n\n - CVE-2017-3647: Replication unspecified vulnerability\n (boo#1049410) \n\n - CVE-2017-3648: Charsets unspecified vulnerability\n (boo#1049411) \n\n - CVE-2017-3649: Replication unspecified vulnerability\n (boo#1049412) \n\n - CVE-2017-3651: Client mysqldump unspecified\n vulnerability (boo#1049415) \n\n - CVE-2017-3652: DDL unspecified vulnerability\n (boo#1049416) \n\n - CVE-2017-3653: DDL unspecified vulnerability\n (boo#1049417) \n\n - CVE-2017-3732: Security, Encryption unspecified\n vulnerability (boo#1049421) The following general\n changes are included :\n\n - switch systemd unit file from 'Restart=on-failure' to\n 'Restart=on-abort'\n\n - update file lists for new man-pages and tools (for\n mariadb) \n\nFor a list of upstream changes in this release, see:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html", "edition": 22, "cvss3": {"score": 6.5, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}, "published": "2017-07-31T00:00:00", "title": "openSUSE Security Update : mysql-community-server (openSUSE-2017-866)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3732", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3634"], "modified": "2017-07-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysql56client18", "p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysql56client_r18", "p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-client", "p-cpe:/a:novell:opensuse:libmysql56client18-32bit", "p-cpe:/a:novell:opensuse:mysql-community-server-tools", "p-cpe:/a:novell:opensuse:mysql-community-server-errormessages", "p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit", "p-cpe:/a:novell:opensuse:mysql-community-server-bench", "p-cpe:/a:novell:opensuse:mysql-community-server-debugsource", "p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-test"], "id": "OPENSUSE-2017-866.NASL", "href": "https://www.tenable.com/plugins/nessus/102056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-866.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102056);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\", \"CVE-2017-3732\");\n\n script_name(english:\"openSUSE Security Update : mysql-community-server (openSUSE-2017-866)\");\n script_summary(english:\"Check for the openSUSE-2017-866 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mysql-community-server to version 5.6.37 fixes\nsecurity issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2017-3633: Memcached unspecified vulnerability\n (boo#1049394) \n\n - CVE-2017-3634: DML unspecified vulnerability\n (boo#1049396) \n\n - CVE-2017-3635: C API unspecified vulnerability\n (boo#1049398) \n\n - CVE-2017-3636: Client programs unspecified vulnerability\n (boo#1049399) \n\n - CVE-2017-3641: DML unspecified vulnerability\n (boo#1049404) \n\n - CVE-2017-3647: Replication unspecified vulnerability\n (boo#1049410) \n\n - CVE-2017-3648: Charsets unspecified vulnerability\n (boo#1049411) \n\n - CVE-2017-3649: Replication unspecified vulnerability\n (boo#1049412) \n\n - CVE-2017-3651: Client mysqldump unspecified\n vulnerability (boo#1049415) \n\n - CVE-2017-3652: DDL unspecified vulnerability\n (boo#1049416) \n\n - CVE-2017-3653: DDL unspecified vulnerability\n (boo#1049417) \n\n - CVE-2017-3732: Security, Encryption unspecified\n vulnerability (boo#1049421) The following general\n changes are included :\n\n - switch systemd unit file from 'Restart=on-failure' to\n 'Restart=on-abort'\n\n - update file lists for new man-pages and tools (for\n mariadb) \n\nFor a list of upstream changes in this release, see:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049422\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-community-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysql56client18-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysql56client18-debuginfo-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysql56client_r18-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-bench-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-bench-debuginfo-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-client-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-client-debuginfo-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-debuginfo-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-debugsource-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-errormessages-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-test-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-test-debuginfo-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-tools-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-tools-debuginfo-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.37-24.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysql56client18-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysql56client18-debuginfo-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysql56client_r18-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-bench-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-bench-debuginfo-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-client-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-client-debuginfo-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-debuginfo-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-debugsource-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-errormessages-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-test-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-test-debuginfo-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-tools-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-tools-debuginfo-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.37-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.37-27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysql56client18-32bit / libmysql56client18 / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-02-01T04:13:20", "description": "The version of MySQL running on the remote host is 5.6.x prior to\n5.6.37. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Memcached component\n that allows an unauthenticated, remote attacker to\n impact integrity and availability. (CVE-2017-3633)\n\n - Multiple unspecified flaws exist in the DML component\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3634,\n CVE-2017-3641)\n\n - An unspecified flaw exists in the Connector/C and C API\n components that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3635)\n\n - An unspecified flaw exists in the Client programs\n component that allows a local attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-3636)\n\n - Multiple unspecified flaws exist in the Replication\n component that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3647,\n CVE-2017-3649)\n\n - An unspecified flaw exists in the Charsets component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3648)\n\n - An unspecified flaw exists in the Client mysqldump\n component that allows an authenticated, remote attacker\n to impact integrity. (CVE-2017-3651)\n\n - Multiple unspecified flaws exist in the DDL component\n that allow an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3652,\n CVE-2017-3653)\n\n - An unspecified flaw exists in the OpenSSL Encryption\n component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3731)\n\n - An unspecified flaw exists in the Optimizer component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10279)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 34, "cvss3": {"score": 6.5, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}, "published": "2017-07-19T00:00:00", "title": "MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3731", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-10279", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3634"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_37.NASL", "href": "https://www.tenable.com/plugins/nessus/101820", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101820);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3633\",\n \"CVE-2017-3634\",\n \"CVE-2017-3635\",\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3647\",\n \"CVE-2017-3648\",\n \"CVE-2017-3649\",\n \"CVE-2017-3651\",\n \"CVE-2017-3652\",\n \"CVE-2017-3653\",\n \"CVE-2017-3731\",\n \"CVE-2017-10279\"\n );\n script_bugtraq_id(\n 95813,\n 99722,\n 99729,\n 99730,\n 99736,\n 99767,\n 99789,\n 99796,\n 99799,\n 99802,\n 99805,\n 99810,\n 101316\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.37. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Memcached component\n that allows an unauthenticated, remote attacker to\n impact integrity and availability. (CVE-2017-3633)\n\n - Multiple unspecified flaws exist in the DML component\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3634,\n CVE-2017-3641)\n\n - An unspecified flaw exists in the Connector/C and C API\n components that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3635)\n\n - An unspecified flaw exists in the Client programs\n component that allows a local attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-3636)\n\n - Multiple unspecified flaws exist in the Replication\n component that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3647,\n CVE-2017-3649)\n\n - An unspecified flaw exists in the Charsets component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3648)\n\n - An unspecified flaw exists in the Client mysqldump\n component that allows an authenticated, remote attacker\n to impact integrity. (CVE-2017-3651)\n\n - Multiple unspecified flaws exist in the DDL component\n that allow an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3652,\n CVE-2017-3653)\n\n - An unspecified flaw exists in the OpenSSL Encryption\n component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3731)\n\n - An unspecified flaw exists in the Optimizer component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10279)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e07fa0e\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2307762.1\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3937099.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e9f2a38\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.37', min:'5.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-09-14T16:24:47", "description": "The version of MySQL running on the remote host is 5.6.x prior to\n5.6.37. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Memcached component\n that allows an unauthenticated, remote attacker to\n impact integrity and availability. (CVE-2017-3633)\n\n - Multiple unspecified flaws exist in the DML component\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3634,\n CVE-2017-3641)\n\n - An unspecified flaw exists in the Connector/C and C API\n components that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3635)\n\n - An unspecified flaw exists in the Client programs\n component that allows a local attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-3636)\n\n - Multiple unspecified flaws exist in the Replication\n component that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3647,\n CVE-2017-3649)\n\n - An unspecified flaw exists in the Charsets component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3648)\n\n - An unspecified flaw exists in the Client mysqldump\n component that allows an authenticated, remote attacker\n to impact integrity. (CVE-2017-3651)\n\n - Multiple unspecified flaws exist in the DDL component\n that allow an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3652,\n CVE-2017-3653)\n\n - An unspecified flaw exists in the OpenSSL Encryption\n component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3731)\n\n - An unspecified flaw exists in the Optimizer component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10279)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 24, "cvss3": {"score": 6.5, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}, "published": "2017-07-26T00:00:00", "title": "MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3731", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-10279", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3634"], "modified": "2017-07-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "id": "MYSQL_5_6_37_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/101978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101978);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2017-3633\",\n \"CVE-2017-3634\",\n \"CVE-2017-3635\",\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3647\",\n \"CVE-2017-3648\",\n \"CVE-2017-3649\",\n \"CVE-2017-3651\",\n \"CVE-2017-3652\",\n \"CVE-2017-3653\",\n \"CVE-2017-3731\",\n \"CVE-2017-10279\"\n );\n script_bugtraq_id(\n 95813,\n 99722,\n 99729,\n 99730,\n 99736,\n 99767,\n 99789,\n 99796,\n 99799,\n 99802,\n 99805,\n 99810,\n 101316\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.37. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Memcached component\n that allows an unauthenticated, remote attacker to\n impact integrity and availability. (CVE-2017-3633)\n\n - Multiple unspecified flaws exist in the DML component\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3634,\n CVE-2017-3641)\n\n - An unspecified flaw exists in the Connector/C and C API\n components that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3635)\n\n - An unspecified flaw exists in the Client programs\n component that allows a local attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-3636)\n\n - Multiple unspecified flaws exist in the Replication\n component that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3647,\n CVE-2017-3649)\n\n - An unspecified flaw exists in the Charsets component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3648)\n\n - An unspecified flaw exists in the Client mysqldump\n component that allows an authenticated, remote attacker\n to impact integrity. (CVE-2017-3651)\n\n - Multiple unspecified flaws exist in the DDL component\n that allow an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3652,\n CVE-2017-3653)\n\n - An unspecified flaw exists in the OpenSSL Encryption\n component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3731)\n\n - An unspecified flaw exists in the Optimizer component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10279)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e07fa0e\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2307762.1\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3937099.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e9f2a38\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/26\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.37\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-02-01T01:21:39", "description": "Server: Charsets unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Charsets). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. (CVE-2017-3648)\n\nServer: DML unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily\nexploitable vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3641)\n\nClient programs unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable\nvulnerability allows low privileged attacker with logon to the\ninfrastructure where MySQL Server executes to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata as well as unauthorized read access to a subset of MySQL Server\naccessible data and unauthorized ability to cause a partial denial of\nservice (partial DOS) of MySQL Server. (CVE-2017-3636)\n\nC API unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Connectors component of Oracle MySQL\n(subcomponent: Connector/C). Supported versions that are affected are\n6.1.10 and earlier. Difficult to exploit vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors. Successful attacks of this vulnerability\ncan result in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Connectors. Note: The\ndocumentation has also been updated for the correct way to use\nmysql_stmt_close(). Please see:\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.(CVE-\n2017-3635)\n\nClient mysqldump unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3651)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3653)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata as well as unauthorized read access to a subset of MySQL Server\naccessible data. (CVE-2017-3652)", "edition": 25, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-01T00:00:00", "title": "Amazon Linux AMI : mysql55 (ALAS-2017-887)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql55-bench", "p-cpe:/a:amazon:linux:mysql55", "p-cpe:/a:amazon:linux:mysql55-server", "p-cpe:/a:amazon:linux:mysql55-embedded-devel", "p-cpe:/a:amazon:linux:mysql55-libs", "p-cpe:/a:amazon:linux:mysql55-debuginfo", "p-cpe:/a:amazon:linux:mysql-config", "p-cpe:/a:amazon:linux:mysql55-test", "p-cpe:/a:amazon:linux:mysql55-embedded", "p-cpe:/a:amazon:linux:mysql55-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-887.NASL", "href": "https://www.tenable.com/plugins/nessus/102875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-887.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102875);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_xref(name:\"ALAS\", value:\"2017-887\");\n\n script_name(english:\"Amazon Linux AMI : mysql55 (ALAS-2017-887)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server: Charsets unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Charsets). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. (CVE-2017-3648)\n\nServer: DML unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily\nexploitable vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. (CVE-2017-3641)\n\nClient programs unspecified vulnerability (CPU Jul 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable\nvulnerability allows low privileged attacker with logon to the\ninfrastructure where MySQL Server executes to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata as well as unauthorized read access to a subset of MySQL Server\naccessible data and unauthorized ability to cause a partial denial of\nservice (partial DOS) of MySQL Server. (CVE-2017-3636)\n\nC API unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Connectors component of Oracle MySQL\n(subcomponent: Connector/C). Supported versions that are affected are\n6.1.10 and earlier. Difficult to exploit vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors. Successful attacks of this vulnerability\ncan result in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Connectors. Note: The\ndocumentation has also been updated for the correct way to use\nmysql_stmt_close(). Please see:\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html,\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\nhttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.(CVE-\n2017-3635)\n\nClient mysqldump unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3651)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. (CVE-2017-3653)\n\nServer: DDL unspecified vulnerability (CPU Jul 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\nDifficult to exploit vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata as well as unauthorized read access to a subset of MySQL Server\naccessible data. (CVE-2017-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-887.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql-config-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-bench-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-debuginfo-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-devel-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-devel-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-libs-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-server-5.5.57-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-test-5.5.57-1.18.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T14:48:05", "description": "This update for mysql fixes the following issues :\n\n - CVE-2017-3635: C API unspecified vulnerability\n (bsc#1049398)\n\n - CVE-2017-3636: Client programs unspecified vulnerability\n (bsc#1049399)\n\n - CVE-2017-3641: DML unspecified vulnerability\n (bsc#1049404)\n\n - CVE-2017-3648: Charsets unspecified vulnerability\n (bsc#1049411)\n\n - CVE-2017-3651: Client mysqldump unspecified\n vulnerability (bsc#1049415)\n\n - CVE-2017-3652: DDL unspecified vulnerability\n (bsc#1049416)\n\n - CVE-2017-3653: DDL unspecified vulnerability\n (bsc#1049417)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-30T00:00:00", "title": "SUSE SLES11 Security Update : mysql (SUSE-SU-2017:2290-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2017-08-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:novell:suse_linux:mysql-tools", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libmysql55client18", "p-cpe:/a:novell:suse_linux:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:mysql-client"], "id": "SUSE_SU-2017-2290-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2290-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102839);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n\n script_name(english:\"SUSE SLES11 Security Update : mysql (SUSE-SU-2017:2290-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mysql fixes the following issues :\n\n - CVE-2017-3635: C API unspecified vulnerability\n (bsc#1049398)\n\n - CVE-2017-3636: Client programs unspecified vulnerability\n (bsc#1049399)\n\n - CVE-2017-3641: DML unspecified vulnerability\n (bsc#1049404)\n\n - CVE-2017-3648: Charsets unspecified vulnerability\n (bsc#1049411)\n\n - CVE-2017-3651: Client mysqldump unspecified\n vulnerability (bsc#1049415)\n\n - CVE-2017-3652: DDL unspecified vulnerability\n (bsc#1049416)\n\n - CVE-2017-3653: DDL unspecified vulnerability\n (bsc#1049417)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3651/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3653/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172290-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cee32e90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mysql-13252=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mysql-13252=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mysql-13252=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.57-0.39.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.57-0.39.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-06T09:50:26", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -56.html\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -57.html\n\n -\n http://www.oracle.com/technetwork/security-advisory/cpuj\n ul2017-3236622.html", "edition": 32, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-31T00:00:00", "title": "Debian DSA-3922-1 : mysql-5.5 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2017-07-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:mysql-5.5"], "id": "DEBIAN_DSA-3922.NASL", "href": "https://www.tenable.com/plugins/nessus/102046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3922. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102046);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_xref(name:\"DSA\", value:\"3922\");\n\n script_name(english:\"Debian DSA-3922-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -56.html\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -57.html\n\n -\n http://www.oracle.com/technetwork/security-advisory/cpuj\n ul2017-3236622.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88deb2ba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3922\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 5.5.57-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient18\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-dev\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-pic\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-common\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite\", reference:\"5.5.57-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.57-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-09-14T16:24:42", "description": "The version of MySQL running on the remote host is 5.5.x prior to\n5.5.57. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Connector/C and C API\n components that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3635)\n\n - An unspecified flaw exists in the Client programs\n component that allows a local attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-3636)\n\n - An unspecified flaw exists in the DML component that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3641)\n\n - An unspecified flaw exists in the Charsets component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3648)\n\n - An unspecified flaw exists in the Client mysqldump\n component that allows an authenticated, remote attacker\n to impact integrity. (CVE-2017-3651)\n\n - Multiple unspecified flaws exist in the DDL component\n that allow an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3652,\n CVE-2017-3653)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 25, "cvss3": {"score": 4.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}, "published": "2017-07-26T00:00:00", "title": "MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2017-07-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "id": "MYSQL_5_5_57_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/101977", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101977);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2017-3635\",\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3648\",\n \"CVE-2017-3651\",\n \"CVE-2017-3652\",\n \"CVE-2017-3653\"\n );\n script_bugtraq_id(\n 99730,\n 99736,\n 99767,\n 99789,\n 99802,\n 99805,\n 99810\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.57. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Connector/C and C API\n components that allow an authenticated, remote attacker\n to cause a denial of service condition. (CVE-2017-3635)\n\n - An unspecified flaw exists in the Client programs\n component that allows a local attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-3636)\n\n - An unspecified flaw exists in the DML component that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3641)\n\n - An unspecified flaw exists in the Charsets component\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3648)\n\n - An unspecified flaw exists in the Client mysqldump\n component that allows an authenticated, remote attacker\n to impact integrity. (CVE-2017-3651)\n\n - Multiple unspecified flaws exist in the DDL component\n that allow an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3652,\n CVE-2017-3653)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.57 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/26\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.57\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T09:38:28", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622\n.html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 23, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-31T00:00:00", "title": "Debian DLA-1043-1 : mysql-5.5 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2017-07-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-client-5.5", "p-cpe:/a:debian:debian_linux:libmysqld-dev", "p-cpe:/a:debian:debian_linux:libmysqld-pic", "p-cpe:/a:debian:debian_linux:mysql-common", "p-cpe:/a:debian:debian_linux:mysql-server-5.5", "p-cpe:/a:debian:debian_linux:mysql-server-core-5.5", "p-cpe:/a:debian:debian_linux:mysql-server", "p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5", "p-cpe:/a:debian:debian_linux:libmysqlclient18", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libmysqlclient-dev", "p-cpe:/a:debian:debian_linux:mysql-client", "p-cpe:/a:debian:debian_linux:mysql-source-5.5"], "id": "DEBIAN_DLA-1043.NASL", "href": "https://www.tenable.com/plugins/nessus/102041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1043-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102041);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n\n script_name(english:\"Debian DLA-1043-1 : mysql-5.5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622\n.html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88deb2ba\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-core-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-source-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.57-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.57-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3634"], "description": "**Issue Overview:**\n\nServer: Charsets unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3648 __](<https://access.redhat.com/security/cve/CVE-2017-3648>))\n\nServer: Replication unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3649 __](<https://access.redhat.com/security/cve/CVE-2017-3649>))\n\nClient mysqldump unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3651 __](<https://access.redhat.com/security/cve/CVE-2017-3651>))\n\nServer: DDL unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3653 __](<https://access.redhat.com/security/cve/CVE-2017-3653>))\n\nServer: DML unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3641 __](<https://access.redhat.com/security/cve/CVE-2017-3641>))\n\nReplication unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3647 __](<https://access.redhat.com/security/cve/CVE-2017-3647>))\n\nServer: Memcached unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3633 __](<https://access.redhat.com/security/cve/CVE-2017-3633>))\n\nC API unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. ([CVE-2017-3635 __](<https://access.redhat.com/security/cve/CVE-2017-3635>))\n\nServer: DML unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3634 __](<https://access.redhat.com/security/cve/CVE-2017-3634>))\n\nServer: DDL unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. ([CVE-2017-3652 __](<https://access.redhat.com/security/cve/CVE-2017-3652>))\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-common-5.6.37-1.26.amzn1.i686 \n mysql56-errmsg-5.6.37-1.26.amzn1.i686 \n mysql56-test-5.6.37-1.26.amzn1.i686 \n mysql56-debuginfo-5.6.37-1.26.amzn1.i686 \n mysql56-5.6.37-1.26.amzn1.i686 \n mysql56-libs-5.6.37-1.26.amzn1.i686 \n mysql56-server-5.6.37-1.26.amzn1.i686 \n mysql56-bench-5.6.37-1.26.amzn1.i686 \n mysql56-embedded-devel-5.6.37-1.26.amzn1.i686 \n mysql56-devel-5.6.37-1.26.amzn1.i686 \n mysql56-embedded-5.6.37-1.26.amzn1.i686 \n \n src: \n mysql56-5.6.37-1.26.amzn1.src \n \n x86_64: \n mysql56-embedded-devel-5.6.37-1.26.amzn1.x86_64 \n mysql56-common-5.6.37-1.26.amzn1.x86_64 \n mysql56-embedded-5.6.37-1.26.amzn1.x86_64 \n mysql56-devel-5.6.37-1.26.amzn1.x86_64 \n mysql56-5.6.37-1.26.amzn1.x86_64 \n mysql56-test-5.6.37-1.26.amzn1.x86_64 \n mysql56-libs-5.6.37-1.26.amzn1.x86_64 \n mysql56-bench-5.6.37-1.26.amzn1.x86_64 \n mysql56-debuginfo-5.6.37-1.26.amzn1.x86_64 \n mysql56-server-5.6.37-1.26.amzn1.x86_64 \n mysql56-errmsg-5.6.37-1.26.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-08-31T17:11:00", "published": "2017-08-31T17:11:00", "id": "ALAS-2017-888", "href": "https://alas.aws.amazon.com/ALAS-2017-888.html", "title": "Medium: mysql56", "type": "amazon", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "**Issue Overview:**\n\nServer: Charsets unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3648 __](<https://access.redhat.com/security/cve/CVE-2017-3648>))\n\nServer: DML unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3641 __](<https://access.redhat.com/security/cve/CVE-2017-3641>))\n\nClient programs unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. ([CVE-2017-3636 __](<https://access.redhat.com/security/cve/CVE-2017-3636>))\n\nC API unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.([CVE-2017-3635 __](<https://access.redhat.com/security/cve/CVE-2017-3635>))\n\n \nClient mysqldump unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3651 __](<https://access.redhat.com/security/cve/CVE-2017-3651>))\n\nServer: DDL unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3653 __](<https://access.redhat.com/security/cve/CVE-2017-3653>))\n\nServer: DDL unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. ([CVE-2017-3652 __](<https://access.redhat.com/security/cve/CVE-2017-3652>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-bench-5.5.57-1.18.amzn1.i686 \n mysql55-test-5.5.57-1.18.amzn1.i686 \n mysql55-embedded-devel-5.5.57-1.18.amzn1.i686 \n mysql55-devel-5.5.57-1.18.amzn1.i686 \n mysql55-server-5.5.57-1.18.amzn1.i686 \n mysql55-debuginfo-5.5.57-1.18.amzn1.i686 \n mysql55-libs-5.5.57-1.18.amzn1.i686 \n mysql55-embedded-5.5.57-1.18.amzn1.i686 \n mysql55-5.5.57-1.18.amzn1.i686 \n mysql-config-5.5.57-1.18.amzn1.i686 \n \n src: \n mysql55-5.5.57-1.18.amzn1.src \n \n x86_64: \n mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64 \n mysql55-libs-5.5.57-1.18.amzn1.x86_64 \n mysql55-test-5.5.57-1.18.amzn1.x86_64 \n mysql55-5.5.57-1.18.amzn1.x86_64 \n mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64 \n mysql-config-5.5.57-1.18.amzn1.x86_64 \n mysql55-embedded-5.5.57-1.18.amzn1.x86_64 \n mysql55-bench-5.5.57-1.18.amzn1.x86_64 \n mysql55-server-5.5.57-1.18.amzn1.x86_64 \n mysql55-devel-5.5.57-1.18.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-08-31T17:08:00", "published": "2017-08-31T17:08:00", "id": "ALAS-2017-887", "href": "https://alas.aws.amazon.com/ALAS-2017-887.html", "title": "Medium: mysql55", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2017-10378 __](<https://access.redhat.com/security/cve/CVE-2017-10378>) )\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2781 __](<https://access.redhat.com/security/cve/CVE-2018-2781>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).([CVE-2018-2562 __](<https://access.redhat.com/security/cve/CVE-2018-2562>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).([CVE-2017-3651 __](<https://access.redhat.com/security/cve/CVE-2017-3651>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).([CVE-2018-2755 __](<https://access.redhat.com/security/cve/CVE-2018-2755>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2640 __](<https://access.redhat.com/security/cve/CVE-2018-2640>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).([CVE-2017-10379 __](<https://access.redhat.com/security/cve/CVE-2017-10379>) )\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).([CVE-2017-10268 __](<https://access.redhat.com/security/cve/CVE-2017-10268>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).([CVE-2017-3653 __](<https://access.redhat.com/security/cve/CVE-2017-3653>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2771 __](<https://access.redhat.com/security/cve/CVE-2018-2771>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2767 __](<https://access.redhat.com/security/cve/CVE-2018-2767>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2817 __](<https://access.redhat.com/security/cve/CVE-2018-2817>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2668 __](<https://access.redhat.com/security/cve/CVE-2018-2668>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2017-10384 __](<https://access.redhat.com/security/cve/CVE-2017-10384>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2017-3641 __](<https://access.redhat.com/security/cve/CVE-2017-3641>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2819 __](<https://access.redhat.com/security/cve/CVE-2018-2819>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2665 __](<https://access.redhat.com/security/cve/CVE-2018-2665>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2622 __](<https://access.redhat.com/security/cve/CVE-2018-2622>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2813 __](<https://access.redhat.com/security/cve/CVE-2018-2813>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).([CVE-2017-3636 __](<https://access.redhat.com/security/cve/CVE-2017-3636>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2761 __](<https://access.redhat.com/security/cve/CVE-2018-2761>))\n\n \n**Affected Packages:** \n\n\nmariadb\n\n \n**Issue Correction:** \nRun _yum update mariadb_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mariadb-5.5.60-1.amzn2.i686 \n mariadb-libs-5.5.60-1.amzn2.i686 \n mariadb-server-5.5.60-1.amzn2.i686 \n mariadb-devel-5.5.60-1.amzn2.i686 \n mariadb-embedded-5.5.60-1.amzn2.i686 \n mariadb-embedded-devel-5.5.60-1.amzn2.i686 \n mariadb-bench-5.5.60-1.amzn2.i686 \n mariadb-test-5.5.60-1.amzn2.i686 \n mariadb-debuginfo-5.5.60-1.amzn2.i686 \n \n src: \n mariadb-5.5.60-1.amzn2.src \n \n x86_64: \n mariadb-5.5.60-1.amzn2.x86_64 \n mariadb-libs-5.5.60-1.amzn2.x86_64 \n mariadb-server-5.5.60-1.amzn2.x86_64 \n mariadb-devel-5.5.60-1.amzn2.x86_64 \n mariadb-embedded-5.5.60-1.amzn2.x86_64 \n mariadb-embedded-devel-5.5.60-1.amzn2.x86_64 \n mariadb-bench-5.5.60-1.amzn2.x86_64 \n mariadb-test-5.5.60-1.amzn2.x86_64 \n mariadb-debuginfo-5.5.60-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2018-09-12T22:57:00", "published": "2018-09-12T22:57:00", "id": "ALAS2-2018-1078", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1078.html", "title": "Medium: mariadb", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2017-08-09T16:01:52", "published": "2017-08-09T16:01:52", "id": "FEDORA:CF9346049DCC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: community-mysql-5.7.19-1.fc26", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2017-08-09T20:00:03", "published": "2017-08-09T20:00:03", "id": "FEDORA:B70CB604EC19", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: community-mysql-5.7.19-1.fc25", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3312", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2766", "CVE-2018-2769", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2839", "CVE-2018-2846"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2018-05-03T15:23:33", "published": "2018-05-03T15:23:33", "id": "FEDORA:8DE4F613FFDF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: community-mysql-5.7.22-1.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2019-06-19T06:42:36", "bulletinFamily": "software", "cvelist": ["CVE-2017-3649", "CVE-2017-3647"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-12-30T01:57:00", "published": "2017-12-30T01:57:00", "id": "F5:K92307453", "href": "https://support.f5.com/csp/article/K92307453", "title": "MySQL Server Replication vulnerabilities CVE-2017-3647 and CVE-2017-3649", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-06-19T06:42:38", "bulletinFamily": "software", "cvelist": ["CVE-2017-3633"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-12-29T21:46:00", "published": "2017-12-29T21:46:00", "id": "F5:K73761475", "href": "https://support.f5.com/csp/article/K73761475", "title": "MySQL Memcached vulnerability CVE-2017-3633", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-06-19T06:42:26", "bulletinFamily": "software", "cvelist": ["CVE-2017-3639", "CVE-2017-3644", "CVE-2017-3643", "CVE-2017-3641", "CVE-2017-3640", "CVE-2017-3634"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-12-29T23:12:00", "published": "2017-12-29T23:12:00", "id": "F5:K04327352", "href": "https://support.f5.com/csp/article/K04327352", "title": "Multiple MySQL data manipulation language vulnerabilities", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3634"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-12T00:00:00", "id": "OPENVAS:1361412562310873246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873246", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2017-ee93493bea", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_ee93493bea_community-mysql_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for community-mysql FEDORA-2017-ee93493bea\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873246\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-12 07:50:18 +0200 (Sat, 12 Aug 2017)\");\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3641\",\n \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3651\",\n \"CVE-2017-3652\", \"CVE-2017-3653\", \"CVE-2017-3636\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2017-ee93493bea\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ee93493bea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWXNME53JCA4FZOJLPPOSEJKM4KQYEB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.19~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3634"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-12T00:00:00", "id": "OPENVAS:1361412562310873242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873242", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2017-7c039552fa", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_7c039552fa_community-mysql_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for community-mysql FEDORA-2017-7c039552fa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873242\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-12 07:49:49 +0200 (Sat, 12 Aug 2017)\");\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3641\",\n \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3651\",\n \"CVE-2017-3652\", \"CVE-2017-3653\", \"CVE-2017-3636\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2017-7c039552fa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7c039552fa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUPCGDZTPVHGERDKFNRYFAIR2X7L2ZS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.19~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-07-19T00:00:00", "id": "OPENVAS:1361412562310811433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811433", "type": "openvas", "title": "Oracle Mysql Security Updates (jul2017-3236622) 02 - Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_jul2017-3236622_02_lin.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle Mysql Security Updates (jul2017-3236622) 02 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811433\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2017-3652\", \"CVE-2017-3635\",\n\t\t\"CVE-2017-3648\", \"CVE-2017-3641\");\n script_bugtraq_id(99802, 99810, 99805, 99730, 99789, 99767);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 11:04:26 +0530 (Wed, 19 Jul 2017)\");\n script_name(\"Oracle Mysql Security Updates (jul2017-3236622) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A flaw in the Client mysqldump component.\n\n - A flaw in the Server: DDL component.\n\n - A flaw in the C API component.\n\n - A flaw in the Connector/C component.\n\n - A flaw in the Server: Charsets component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have an impact on confidentiality, integrity and\n availablility.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.56 and earlier,\n 5.6.36 and earlier, 5.7.18 and earlier, on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5.0\", test_version2:\"5.5.56\") ||\n version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.36\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.18\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-07-19T00:00:00", "id": "OPENVAS:1361412562310811432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811432", "type": "openvas", "title": "Oracle Mysql Security Updates (jul2017-3236622) 02 - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_jul2017-3236622_02_win.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle Mysql Security Updates (jul2017-3236622) 02 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811432\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2017-3652\", \"CVE-2017-3635\",\n\t\t\"CVE-2017-3648\", \"CVE-2017-3641\");\n script_bugtraq_id(99802, 99810, 99805, 99730, 99789, 99767);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 11:04:26 +0530 (Wed, 19 Jul 2017)\");\n script_name(\"Oracle Mysql Security Updates (jul2017-3236622) 02 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A flaw in the Client mysqldump component.\n\n - A flaw in the Server: DDL component.\n\n - A flaw in the C API component.\n\n - A flaw in the Connector/C component.\n\n - A flaw in the Server: Charsets component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have an impact on confidentiality, integrity and\n availablility.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.56 and earlier,\n 5.6.36 and earlier, 5.7.18 and earlier, on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5.0\", test_version2:\"5.5.56\") ||\n version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.36\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.18\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2017-09-04T14:22:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2017-08-31T00:00:00", "published": "2017-07-28T00:00:00", "id": "OPENVAS:703922", "href": "http://plugins.openvas.org/nasl.php?oid=703922", "type": "openvas", "title": "Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3922.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3922-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703922);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-28 00:00:00 +0200 (Fri, 28 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3922.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.htmlhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-01-29T20:11:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.", "modified": "2020-01-29T00:00:00", "published": "2018-02-08T00:00:00", "id": "OPENVAS:1361412562310891043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891043", "type": "openvas", "title": "Debian LTS: Security Advisory for mysql-5.5 (DLA-1043-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891043\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_name(\"Debian LTS: Security Advisory for mysql-5.5 (DLA-1043-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.57-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.", "modified": "2019-03-18T00:00:00", "published": "2017-07-28T00:00:00", "id": "OPENVAS:1361412562310703922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703922", "type": "openvas", "title": "Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3922.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3922-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703922\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-28 00:00:00 +0200 (Fri, 28 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3922.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3634"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-07-19T00:00:00", "id": "OPENVAS:1361412562310811437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811437", "type": "openvas", "title": "Oracle Mysql Security Updates (jul2017-3236622) 04 - Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_jul2017-3236622_04_lin.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle Mysql Security Updates (jul2017-3236622) 04 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811437\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3649\", \"CVE-2017-3647\");\n script_bugtraq_id(99722, 99729, 99799, 99796);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 11:07:12 +0530 (Wed, 19 Jul 2017)\");\n script_name(\"Oracle Mysql Security Updates (jul2017-3236622) 04 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A flaw in the Server: Memcached component.\n\n - A flaw in the Server: DML component.\n\n - A flaw in the Server: Replication component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote to partially modify data and cause denial of service conditions.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.6.36 and earlier,\n 5.7.18 and earlier, on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.36\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.18\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3649", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3634"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-07-19T00:00:00", "id": "OPENVAS:1361412562310811436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811436", "type": "openvas", "title": "Oracle Mysql Security Updates (jul2017-3236622) 04 - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_jul2017-3236622_04_win.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle Mysql Security Updates (jul2017-3236622) 04 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811436\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3649\", \"CVE-2017-3647\");\n script_bugtraq_id(99722, 99729, 99799, 99796);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 11:07:12 +0530 (Wed, 19 Jul 2017)\");\n script_name(\"Oracle Mysql Security Updates (jul2017-3236622) 04 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A flaw in the Server: Memcached component.\n\n - A flaw in the Server: DML component.\n\n - A flaw in the Server: Replication component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote to partially modify data and cause denial of service conditions.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.6.36 and earlier,\n 5.7.18 and earlier, on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.36\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.18\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3642", "CVE-2017-3529", "CVE-2017-3639", "CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3645", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3644", "CVE-2017-3643", "CVE-2017-3651", "CVE-2017-3650", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3640", "CVE-2017-3636", "CVE-2017-3634"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-07-21T00:00:00", "id": "OPENVAS:1361412562310843246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843246", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-3357-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3357_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for mysql-5.7 USN-3357-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843246\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-21 07:17:19 +0200 (Fri, 21 Jul 2017)\");\n script_cve_id(\"CVE-2017-3529\", \"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\",\n \"CVE-2017-3636\", \"CVE-2017-3637\", \"CVE-2017-3638\", \"CVE-2017-3639\",\n \"CVE-2017-3640\", \"CVE-2017-3641\", \"CVE-2017-3642\", \"CVE-2017-3643\",\n \"CVE-2017-3644\", \"CVE-2017-3645\", \"CVE-2017-3647\", \"CVE-2017-3648\",\n \"CVE-2017-3649\", \"CVE-2017-3650\", \"CVE-2017-3651\", \"CVE-2017-3652\",\n \"CVE-2017-3653\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3357-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n MySQL and this update includes new upstream MySQL versions to fix these issues.\n MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and\n Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes,\n the updated packages contain bug fixes, new features, and possibly incompatible\n changes. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3357-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3357-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.57-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.19-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.19-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:10:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3922-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 28, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-07-28T20:27:16", "published": "2017-07-28T20:27:16", "id": "DEBIAN:DSA-3922-1:71332", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00184.html", "title": "[SECURITY] [DSA 3922-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-30T02:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "Package : mysql-5.5\nVersion : 5.5.57-0+deb7u1\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648.\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-07-28T21:41:56", "published": "2017-07-28T21:41:56", "id": "DEBIAN:DLA-1043-1:9386A", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00037.html", "title": "[SECURITY] [DLA 1043-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-08-12T01:02:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2017-3636"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3955-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 26, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.1\nCVE ID : CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.26-0+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-08-26T14:01:53", "published": "2017-08-26T14:01:53", "id": "DEBIAN:DSA-3955-1:FFC41", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00217.html", "title": "[SECURITY] [DSA 3955-1] mariadb-10.1 security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:51:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3641", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3653", "CVE-2017-3636"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3944-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-08-17T06:17:51", "published": "2017-08-17T06:17:51", "id": "DEBIAN:DSA-3944-1:A4058", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00206.html", "title": "[SECURITY] [DSA 3944-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3649", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3649"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3649", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3635", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3635"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.5.56", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql_connector\\/c:6.1.10", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3635", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3635", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_connector\\/c:6.1.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", "edition": 8, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3633", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3633"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:communications_policy_management:12.3", "cpe:/a:oracle:communications_policy_management:12.5.0", "cpe:/a:oracle:communications_policy_management:12.1.2", "cpe:/a:oracle:communications_policy_management:12.2.2", "cpe:/a:oracle:communications_policy_management:12.3.1", "cpe:/a:oracle:communications_policy_management:12.4.0", "cpe:/a:oracle:communications_policy_management:12.5.1", "cpe:/a:oracle:communications_policy_management:12.4.1", "cpe:/a:oracle:communications_policy_management:12.0.0.4.0", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3633", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3633", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:communications_policy_management:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.0.0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3634", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3634"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3634", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3634", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "edition": 7, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3653", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3653"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.5.56", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3653", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3647", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3647"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3647", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "edition": 7, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3652", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3652"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.5.56", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3652", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3648", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3648"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.5.56", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3648", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3648", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3641", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3641"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:mysql:5.5.56", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:redhat:openstack:12", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:oracle:mysql:5.7.18", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:oracle:mysql:5.6.36", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-3641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3641", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3651", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3651"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.5.56", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3651", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:34:19", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3642", "CVE-2017-3529", "CVE-2017-3639", "CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3645", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3644", "CVE-2017-3643", "CVE-2017-3651", "CVE-2017-3650", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3640", "CVE-2017-3636", "CVE-2017-3634"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS \nand Ubuntu 17.04 have been updated to MySQL 5.7.19.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html> \n<http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html>", "edition": 5, "modified": "2017-07-20T00:00:00", "published": "2017-07-20T00:00:00", "id": "USN-3357-1", "href": "https://ubuntu.com/security/notices/USN-3357-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-02T11:39:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3305"], "description": "USN-3357-1 fixed several vulnerabilities in MySQL. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html> \n<http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html>", "edition": 6, "modified": "2017-07-24T00:00:00", "published": "2017-07-24T00:00:00", "id": "USN-3357-2", "href": "https://ubuntu.com/security/notices/USN-3357-2", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3642", "CVE-2017-3529", "CVE-2017-3639", "CVE-2017-3652", "CVE-2017-3646", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3645", "CVE-2017-3633", "CVE-2017-3647", "CVE-2017-3644", "CVE-2017-3643", "CVE-2017-3651", "CVE-2017-3650", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3640", "CVE-2017-3636", "CVE-2017-3634"], "description": "\nOracle reports:\n\nPlease reference CVE/URL list for details\n\n", "edition": 10, "modified": "2017-08-12T00:00:00", "published": "2017-07-19T00:00:00", "id": "CDA2F3C2-6C8B-11E7-867F-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/cda2f3c2-6c8b-11e7-867f-b499baebfeaf.html", "title": "MySQL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "description": "New mariadb packages are available for Slackware 14.1 and 14.2 to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mariadb-10.0.32-i586-1_slack14.2.txz: Upgraded.\n This update fixes bugs and security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.57-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.57-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.32-x86_64-1_slack14.2.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\ne18d20ce245d96764c1385e7cd48e9d5 mariadb-5.5.57-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n270fbdbb08f125c2056ee3fddc3ae9f9 mariadb-5.5.57-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n9152299e6b3eede1f4fe2c357b8b43c6 mariadb-10.0.32-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nb39204d2de2aacba8cc3923b0f748d98 mariadb-10.0.32-x86_64-1_slack14.2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-10.0.32-i586-1_slack14.2.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2017-09-08T18:06:32", "published": "2017-09-08T18:06:32", "id": "SSA-2017-251-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.353960", "type": "slackware", "title": "[slackware-security] mariadb", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5483", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3450", "CVE-2017-3452", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.37).\n\nSecurity Fix(es):\n\n* An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* It was discovered that the MySQL client command line tools only checked after authentication whether server supported SSL. A man-in-the-middle attacker could use this flaw to hijack client's authentication to the server even if the client was configured to require SSL connection. (CVE-2017-3305)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2016-8327, CVE-2017-3238, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3273, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3633, CVE-2017-3634, CVE-2017-3636, CVE-2017-3641, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653)\n\nRed Hat would like to thank Pali Roh\u00e1r for reporting CVE-2017-3305.\n\nBug Fix(es):\n\n* Previously, the md5() function was blocked by MySQL in FIPS mode because the MD5 hash algorithm is considered insecure. Consequently, the mysqld daemon failed with error messages when FIPS mode was enabled. With this update, md5() is allowed in FIPS mode for non-security operations. Note that users are able to use md5() for security purposes but such usage is not supported by Red Hat. (BZ#1452469)", "modified": "2018-06-13T01:28:25", "published": "2017-09-21T11:18:30", "id": "RHSA-2017:2787", "href": "https://access.redhat.com/errata/RHSA-2017:2787", "type": "redhat", "title": "(RHSA-2017:2787) Important: rh-mysql56-mysql security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:32:13", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5483", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3251", "CVE-2017-3256", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320", "CVE-2017-3331", "CVE-2017-3450", "CVE-2017-3453", "CVE-2017-3454", "CVE-2017-3455", "CVE-2017-3456", "CVE-2017-3457", "CVE-2017-3458", "CVE-2017-3459", "CVE-2017-3460", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3465", "CVE-2017-3467", "CVE-2017-3468", "CVE-2017-3529", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3646", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2019-2730"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql57-mysql (5.7.19).\n\nSecurity Fix(es):\n\n* An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2016-8327, CVE-2017-3238, CVE-2017-3244, CVE-2017-3251, CVE-2017-3256, CVE-2017-3257, CVE-2017-3258, CVE-2017-3273, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3319, CVE-2017-3320, CVE-2017-3331, CVE-2017-3450, CVE-2017-3453, CVE-2017-3454, CVE-2017-3455, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458, CVE-2017-3459, CVE-2017-3460, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3465, CVE-2017-3467, CVE-2017-3468, CVE-2017-3529, CVE-2017-3633, CVE-2017-3634, CVE-2017-3637, CVE-2017-3638, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643, CVE-2017-3644, CVE-2017-3645, CVE-2017-3646, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653)\n\nBug Fix(es):\n\n* Prior to this update, the scl macros were not set for the rh-mysql57-mysqld@.service file, which consequently made the service file unusable. This bug has been fixed, and rh-mysql57-mysqld@.service now works as expected. (BZ#1452511)\n\n* Previously, the md5() function was blocked by MySQL in FIPS mode because the MD5 hash algorithm is considered insecure. Consequently, the mysqld daemon failed with error messages when FIPS mode was enabled. With this update, md5() is allowed in FIPS mode for non-security operations. Note that users are able to use md5() for security purposes but such usage is not supported by Red Hat. (BZ#1452514)", "modified": "2019-08-10T00:48:41", "published": "2017-10-12T11:34:25", "id": "RHSA-2017:2886", "href": "https://access.redhat.com/errata/RHSA-2017:2886", "type": "redhat", "title": "(RHSA-2017:2886) Important: rh-mysql57-mysql security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:33:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3133", "CVE-2019-2455"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es):\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)", "modified": "2019-04-21T08:53:45", "published": "2018-08-16T16:46:48", "id": "RHSA-2018:2439", "href": "https://access.redhat.com/errata/RHSA-2018:2439", "type": "redhat", "title": "(RHSA-2018:2439) Moderate: mariadb security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2019-12-11T13:33:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-10892", "CVE-2018-10915", "CVE-2018-14620", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "description": "Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.\n\nSecurity Fix(es):\n\n* openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build (CVE-2018-14620)\n\nFor more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.\n\nThe Red Hat OpenStack Platform container images have been updated to address security advisory/ies: RHSA-2018:2439, RHSA-2018:2482, RHSA-2018:2557.", "modified": "2018-09-19T22:06:29", "published": "2018-09-19T21:36:53", "id": "RHSA-2018:2729", "href": "https://access.redhat.com/errata/RHSA-2018:2729", "type": "redhat", "title": "(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:33:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3492", "CVE-2016-5483", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283", "CVE-2017-3600", "CVE-2017-3651"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb (10.1.19).\n\nSecurity Fix(es):\n\n* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)", "modified": "2018-06-13T01:28:24", "published": "2016-12-08T20:42:00", "id": "RHSA-2016:2928", "href": "https://access.redhat.com/errata/RHSA-2016:2928", "type": "redhat", "title": "(RHSA-2016:2928) Important: rh-mariadb101-mariadb security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5617", "CVE-2016-6664", "CVE-2017-10268", "CVE-2017-10286", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb (10.1.29). (BZ#1463417, BZ#1517327)\n\nSecurity Fix(es):\n\n* mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) (CVE-2016-5617, CVE-2016-6664)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) (CVE-2017-3238)\n\n* mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) (CVE-2017-3243)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2017) (CVE-2017-3244)\n\n* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017) (CVE-2017-3257)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) (CVE-2017-3258)\n\n* mysql: unsafe chmod/chown use in init script (CPU Jan 2017) (CVE-2017-3265)\n\n* mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) (CVE-2017-3291)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2017) (CVE-2017-3308)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) (CVE-2017-3309)\n\n* mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) (CVE-2017-3312)\n\n* mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) (CVE-2017-3313)\n\n* mysql: Logging unspecified vulnerability (CPU Jan 2017) (CVE-2017-3317)\n\n* mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) (CVE-2017-3318)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) (CVE-2017-3453)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2017) (CVE-2017-3456)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) (CVE-2017-3464)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017) (CVE-2017-10286)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: prepared statement handle use-after-free after disconnect (CVE-2017-3302)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, a syntax error in the Galera Arbitrator SysV init script prevented the garbd daemon from being started when the SysV init script was used. With this update, the definition of the main daemon binary in the SysV init script has been fixed, and the described problem no longer occurs. (BZ#1466473)\n\n* Prior to this update, the scl macros were not set for the rh-mariadb101-mariadb@.service file, which consequently made the service file unusable. This bug has been fixed, and rh-mariadb101-mariadb@.service now works as expected. (BZ#1485995)", "modified": "2018-06-13T01:28:22", "published": "2018-03-21T17:36:47", "id": "RHSA-2018:0574", "href": "https://access.redhat.com/errata/RHSA-2018:0574", "type": "redhat", "title": "(RHSA-2018:0574) Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5617", "CVE-2016-6664", "CVE-2017-10268", "CVE-2017-10286", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb100-mariadb (10.0.33).\n\nSecurity Fix(es):\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2017-10268, CVE-2017-10286, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384)", "modified": "2018-06-13T01:28:16", "published": "2018-02-06T15:37:36", "id": "RHSA-2018:0279", "href": "https://access.redhat.com/errata/RHSA-2018:0279", "type": "redhat", "title": "(RHSA-2018:0279) Moderate: rh-mariadb100-mariadb security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3492", "CVE-2016-5483", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-5630", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283", "CVE-2017-3600", "CVE-2017-3651"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb (10.0.28).\n\nSecurity Fix(es):\n\n* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-5630, CVE-2016-8283)", "modified": "2018-06-13T01:28:21", "published": "2016-12-08T20:41:48", "id": "RHSA-2016:2927", "href": "https://access.redhat.com/errata/RHSA-2016:2927", "type": "redhat", "title": "(RHSA-2016:2927) Important: rh-mariadb100-mariadb security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2018-02-20T04:07:03", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3637", "CVE-2018-2583", "CVE-2017-3462", "CVE-2017-10379", "CVE-2017-10294", "CVE-2017-3652", "CVE-2018-2696", "CVE-2018-2562", "CVE-2017-3648", "CVE-2017-10378", "CVE-2017-10276", "CVE-2018-2590", "CVE-2017-3649", "CVE-2018-2703", "CVE-2017-10283", "CVE-2017-10155", "CVE-2017-3463", "CVE-2018-2612", "CVE-2017-10286", "CVE-2017-10227", "CVE-2017-3633", "CVE-2017-3456", "CVE-2017-3647", "CVE-2017-3732", "CVE-2018-2668", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-10314", "CVE-2017-3308", "CVE-2018-2640", "CVE-2018-2647", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-10268", "CVE-2017-3453", "CVE-2018-2591", "CVE-2018-2645", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-3450", "CVE-2017-3599", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622", "CVE-2018-2573", "CVE-2017-3452", "CVE-2017-3634"], "description": "### Background\n\nA fast, multi-threaded, multi-user SQL database server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.6.39\"", "edition": 1, "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201802-04", "id": "GLSA-201802-04", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "description": "[1:5.5.60-1]\n- Rebase to 5.5.60\n- CVE's fixed: #1558256, #1558260, #1559060\n CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379\n CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562\n CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668\n CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761\n CVE-2018-2781 CVE-2018-2771 CVE-2018-2813\n- Resolves: #1535217, #1491833, #1511982, #1145455, #1461692", "edition": 5, "modified": "2018-08-16T00:00:00", "published": "2018-08-16T00:00:00", "id": "ELSA-2018-2439", "href": "http://linux.oracle.com/errata/ELSA-2018-2439.html", "title": "mariadb security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-3133", "CVE-2018-2562", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622", "CVE-2019-2455"], "description": "**CentOS Errata and Security Advisory** CESA-2018:2439\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es):\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-August/035033.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-08-21T01:08:00", "published": "2018-08-21T01:08:00", "id": "CESA-2018:2439", "href": "http://lists.centos.org/pipermail/centos-announce/2018-August/035033.html", "title": "mariadb security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}]}
