{"id": "DEBIAN_DSA-3944.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-3944-1 : mariadb-10.0 - security update", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.32. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10032-release-\n notes/", "published": "2017-08-17T00:00:00", "modified": "2017-08-17T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/102529", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/mariadb-10.0", "https://mariadb.com/kb/en/library/mariadb-10031-release-notes/", "https://www.debian.org/security/2017/dsa-3944", "https://mariadb.com/kb/en/library/mariadb-10032-release-notes/"], "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3641", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3653", "CVE-2017-3636"], "type": "nessus", "lastseen": "2021-01-06T09:50:34", "edition": 28, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310851587", "OPENVAS:1361412562310872629", "OPENVAS:1361412562310872627", "OPENVAS:1361412562310703955", "OPENVAS:1361412562310890916", "OPENVAS:1361412562310810883", "OPENVAS:703834", "OPENVAS:1361412562310810882", "OPENVAS:1361412562310703944", "OPENVAS:1361412562310703834"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3944-1:A4058", "DEBIAN:DSA-3922-1:71332", "DEBIAN:DLA-916-1:476AB", "DEBIAN:DSA-3955-1:FFC41", "DEBIAN:DLA-1043-1:9386A", "DEBIAN:DSA-3834-1:6C276"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2034-1", "SUSE-SU-2017:1137-1", "SUSE-SU-2017:2470-1", "SUSE-SU-2017:2035-1", "OPENSUSE-SU-2017:2119-1", "OPENSUSE-SU-2017:1209-1"]}, {"type": "slackware", "idList": ["SSA-2017-251-02", "SSA-2017-195-01"]}, {"type": "nessus", "idList": ["FEDORA_2017-2C0609B92A.NASL", "MARIADB_10_1_27.NASL", "MARIADB_10_0_30.NASL", "FEDORA_2017-8425F676F2.NASL", "FEDORA_2017-09DD8907DA.NASL", "SUSE_SU-2017-2034-1.NASL", "MARIADB_10_0_31.NASL", "SLACKWARE_SSA_2017-195-01.NASL", "SUSE_SU-2017-2035-1.NASL", "OPENSUSE-2017-902.NASL"]}, {"type": "cve", "idList": ["CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3641", "CVE-2017-3464", "CVE-2017-3456", "CVE-2017-3636", "CVE-2017-3309", "CVE-2017-3653"]}, {"type": "amazon", "idList": ["ALAS-2017-831", "ALAS-2017-830", "ALAS-2017-887"]}, {"type": "ubuntu", "idList": ["USN-3357-2"]}, {"type": "fedora", "idList": ["FEDORA:DF1616079737", "FEDORA:9F8E3604CCE0", "FEDORA:71E11608B7FE", "FEDORA:5C8506050C23", "FEDORA:B9E546079270", "FEDORA:58B4160560B7", "FEDORA:DDCB860779BD"]}, {"type": "redhat", "idList": ["RHSA-2017:2192", "RHSA-2017:2787", "RHSA-2018:0574", "RHSA-2018:0279"]}, {"type": "centos", "idList": ["CESA-2017:2192"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2192"]}], "modified": "2021-01-06T09:50:34", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-01-06T09:50:34", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3944. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102529);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_xref(name:\"DSA\", value:\"3944\");\n\n script_name(english:\"Debian DSA-3944-1 : mariadb-10.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.32. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10032-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10032-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3944\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 10.0.32-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "102529", "cpe": ["p-cpe:/a:debian:debian_linux:mariadb-10.0", "cpe:/o:debian:debian_linux:8.0"], "scheme": null, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}}

{"openvas": [{"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3641", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3653", "CVE-2017-3636"], "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32.", "modified": "2019-03-18T00:00:00", "published": "2017-08-17T00:00:00", "id": "OPENVAS:1361412562310703944", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703944", "type": "openvas", "title": "Debian Security Advisory DSA 3944-1 (mariadb-10.0 - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3944.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3944-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703944\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3944-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-17 00:00:00 +0200 (Thu, 17 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3944.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-08-10T00:00:00", "id": "OPENVAS:1361412562310851587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851587", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2017:2119-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851587\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-10 07:29:53 +0200 (Thu, 10 Aug 2017)\");\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\",\n \"CVE-2017-3464\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2017:2119-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This MariaDB update to version 10.0.31 GA fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n Bug fixes:\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service\n in order to follow the upstream. It also fixes hanging\n mysql-systemd-helper when mariadb fails (e.g. because of the\n misconfiguration) (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36\n\n Release notes and changelog are linked in the references.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2119-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10031-release-notes\");\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10031-changelog\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2017-3636"], "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26.", "modified": "2019-03-18T00:00:00", "published": "2017-08-26T00:00:00", "id": "OPENVAS:1361412562310703955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703955", "type": "openvas", "title": "Debian Security Advisory DSA 3955-1 (mariadb-10.1 - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3955.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3955-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703955\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3955-1 (mariadb-10.1 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-26 00:00:00 +0200 (Sat, 26 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3955.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"mariadb-10.1 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed\nin version 10.1.26-0+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbclient-dev\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient-dev-compat\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient18\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbd18\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-connect\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-cracklib-password-check\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-client\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-server\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-mroonga\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-oqgraph\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-spider\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-tokudb\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-data\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-03T18:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2020-04-01T00:00:00", "published": "2017-04-19T00:00:00", "id": "OPENVAS:1361412562310810883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810883", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2017-3236618) 02 - Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2017-3236618) 02 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810883\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3309\", \"CVE-2017-3308\", \"CVE-2017-3329\", \"CVE-2017-3456\",\n \"CVE-2017-3453\", \"CVE-2017-3600\", \"CVE-2017-3462\", \"CVE-2017-3463\",\n \"CVE-2017-3461\", \"CVE-2017-3464\");\n script_bugtraq_id(97742, 97725, 97763, 97831, 97776, 97765, 97851, 97849, 97812,\n 97818);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-19 16:44:58 +0530 (Wed, 19 Apr 2017)\");\n script_name(\"Oracle Mysql Security Updates (apr2017-3236618) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in the 'Server: DML', 'Server: Optimizer',\n 'Server: Thread Pooling', 'Client mysqldump', 'Server: Security: Privileges'\n components of the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have impact on availability, confidentiality\n and integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.54 and earlier,\n 5.6.35 and earlier, 5.7.17 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.54\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.35\") ||\n version_in_range(version:vers, test_version:\"5.7\", test_version2:\"5.7.17\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-04-03T18:41:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2020-04-01T00:00:00", "published": "2017-04-19T00:00:00", "id": "OPENVAS:1361412562310810882", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810882", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810882\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3309\", \"CVE-2017-3308\", \"CVE-2017-3329\", \"CVE-2017-3456\",\n \"CVE-2017-3453\", \"CVE-2017-3600\", \"CVE-2017-3462\", \"CVE-2017-3463\",\n \"CVE-2017-3461\", \"CVE-2017-3464\");\n script_bugtraq_id(97742, 97725, 97763, 97831, 97776, 97765, 97851, 97849, 97812,\n 97818);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-19 16:44:58 +0530 (Wed, 19 Apr 2017)\");\n script_name(\"Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in the 'Server: DML', 'Server: Optimizer',\n 'Server: Thread Pooling', 'Client mysqldump', 'Server: Security: Privileges'\n components of the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have impact on availability, confidentiality\n and integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.54 and earlier,\n 5.6.35 and earlier, 5.7.17 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.54\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.35\") ||\n version_in_range(version:vers, test_version:\"5.7\", test_version2:\"5.7.17\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3265", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3450", "CVE-2017-3599"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-03T00:00:00", "id": "OPENVAS:1361412562310872629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872629", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2017-ef6bed485e", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2017-ef6bed485e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872629\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:22 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3450\",\n \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\",\n \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3599\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2017-ef6bed485e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ef6bed485e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQH45AYFHK42UGBCFSWYK6KLNGLLZL6F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.18~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3265", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3450", "CVE-2017-3599"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-03T00:00:00", "id": "OPENVAS:1361412562310872627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872627", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2017-fe6e14dcf9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2017-fe6e14dcf9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872627\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:18 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3450\",\n \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\",\n \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3599\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2017-fe6e14dcf9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fe6e14dcf9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOWPGPNTTFLBU4FLUDMW6ZAP5DUP4QXS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.18~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:57:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2017-07-07T00:00:00", "published": "2017-04-25T00:00:00", "id": "OPENVAS:703834", "href": "http://plugins.openvas.org/nasl.php?oid=703834", "type": "openvas", "title": "Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3834.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3834-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703834);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_name(\"Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-04-25 00:00:00 +0200 (Tue, 25 Apr 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3834.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2020-01-29T20:07:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5", "modified": "2020-01-29T00:00:00", "published": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310890916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890916", "type": "openvas", "title": "Debian LTS: Security Advisory for mysql-5.5 (DLA-916-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890916\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_name(\"Debian LTS: Security Advisory for mysql-5.5 (DLA-916-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00035.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.5.55-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.", "modified": "2019-03-18T00:00:00", "published": "2017-04-25T00:00:00", "id": "OPENVAS:1361412562310703834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703834", "type": "openvas", "title": "Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3834.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3834-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703834\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_name(\"Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 00:00:00 +0200 (Tue, 25 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3834.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:51:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3641", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3653", "CVE-2017-3636"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3944-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-08-17T06:17:51", "published": "2017-08-17T06:17:51", "id": "DEBIAN:DSA-3944-1:A4058", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00206.html", "title": "[SECURITY] [DSA 3944-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:02:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2017-3636"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3955-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 26, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.1\nCVE ID : CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.26-0+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-08-26T14:01:53", "published": "2017-08-26T14:01:53", "id": "DEBIAN:DSA-3955-1:FFC41", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00217.html", "title": "[SECURITY] [DSA 3955-1] mariadb-10.1 security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:01:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3834-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309\n CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461\n CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600\nDebian Bug : 854713 860544\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle&#x27;s Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-04-25T15:15:33", "published": "2017-04-25T15:15:33", "id": "DEBIAN:DSA-3834-1:6C276", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00093.html", "title": "[SECURITY] [DSA 3834-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2019-05-30T02:21:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "description": "Package : mysql-5.5\nVersion : 5.5.55-0+deb7u1\nCVE ID : CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308\n CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464\n CVE-2017-3600\nDebian Bug : 854713 860544\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle&#x27;s Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.5.55-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-04-25T20:48:02", "published": "2017-04-25T20:48:02", "id": "DEBIAN:DLA-916-1:476AB", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201704/msg00035.html", "title": "[SECURITY] [DLA 916-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2020-08-12T01:10:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3922-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 28, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle&#x27;s Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-07-28T20:27:16", "published": "2017-07-28T20:27:16", "id": "DEBIAN:DSA-3922-1:71332", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00184.html", "title": "[SECURITY] [DSA 3922-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-30T02:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "Package : mysql-5.5\nVersion : 5.5.57-0+deb7u1\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648.\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle&#x27;s Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-07-28T21:41:56", "published": "2017-07-28T21:41:56", "id": "DEBIAN:DLA-1043-1:9386A", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00037.html", "title": "[SECURITY] [DLA 1043-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "suse": [{"lastseen": "2017-08-03T16:49:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\n\n Security issues fixed:\n - CVE-2017-3308: Subcomponent: Server: DML: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3456: Subcomponent: Server: DML: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n Bug fixes:\n - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service\n in order to follow the upstream. It also fixes hanging\n mysql-systemd-helper when mariadb fails (e.g. because of the\n misconfiguration) (bsc#963041)\n - XtraDB updated to 5.6.36-82.0\n - TokuDB updated to 5.6.36-82.0\n - Innodb updated to 5.6.36\n - Performance Schema updated to 5.6.36\n\n Release notes and changelog:\n - <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10031-release-notes\">https://kb.askmonty.org/en/mariadb-10031-release-notes</a>\n - <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10031-changelog\">https://kb.askmonty.org/en/mariadb-10031-changelog</a>\n\n", "edition": 1, "modified": "2017-08-03T15:12:17", "published": "2017-08-03T15:12:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00000.html", "id": "SUSE-SU-2017:2035-1", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-03T16:49:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\n\n Security issues fixed:\n - CVE-2017-3308: Subcomponent: Server: DML: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3456: Subcomponent: Server: DML: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n Bug fixes:\n - XtraDB updated to 5.6.36-82.0\n - TokuDB updated to 5.6.36-82.0\n - Innodb updated to 5.6.36\n - Performance Schema updated to 5.6.36\n\n Release notes and changelog:\n - <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10031-release-notes\">https://kb.askmonty.org/en/mariadb-10031-release-notes</a>\n - <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10031-changelog\">https://kb.askmonty.org/en/mariadb-10031-changelog</a>\n\n", "edition": 1, "modified": "2017-08-03T15:11:47", "published": "2017-08-03T15:11:47", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00001.html", "id": "SUSE-SU-2017:2034-1", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-10T05:07:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\n\n Security issues fixed:\n - CVE-2017-3308: Subcomponent: Server: DML: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3456: Subcomponent: Server: DML: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily &quot;exploitable&quot;\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n Bug fixes:\n - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service\n in order to follow the upstream. It also fixes hanging\n mysql-systemd-helper when mariadb fails (e.g. because of the\n misconfiguration) (bsc#963041)\n - XtraDB updated to 5.6.36-82.0\n - TokuDB updated to 5.6.36-82.0\n - Innodb updated to 5.6.36\n - Performance Schema updated to 5.6.36\n\n Release notes and changelog:\n - <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10031-release-notes\">https://kb.askmonty.org/en/mariadb-10031-release-notes</a>\n - <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10031-changelog\">https://kb.askmonty.org/en/mariadb-10031-changelog</a>\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2017-08-10T03:10:27", "published": "2017-08-10T03:10:27", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00036.html", "id": "OPENSUSE-SU-2017:2119-1", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T19:19:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "description": "This update for mysql to version 5.5.55 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850)\n - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer\n (bsc#1034850)\n - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850)\n - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump\n (bsc#1034850)\n - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer\n (bsc#1034850)\n - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850)\n - CVE-2017-3463: Unspecified vulnerability in Server: Security\n (bsc#1034850)\n - CVE-2017-3462: Unspecified vulnerability in Server: Security\n (bsc#1034850)\n - CVE-2017-3461: Unspecified vulnerability in Server: Security\n (bsc#1034850)\n - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850)\n - CVE-2017-3305: MySQL client sent authentication request unencrypted even\n if SSL was required (aka Ridddle) (bsc#1029396).\n - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in\n SQL statements written to the dump output, allowing for execution of\n arbitrary commands (bsc#1029014)\n - '--ssl-mode=REQUIRED' can be specified to require a secure connection\n (it fails if a secure connection cannot be obtained)\n\n This non-security issue was fixed:\n\n - Set the default umask to 077 in rc.mysql-multi [bsc#1020976]\n\n For additional changes please see\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html</a>\n\n Note: The issue tracked in bsc#1022428 and fixed in the last update was\n assigned CVE-2017-3302.\n\n", "edition": 1, "modified": "2017-04-28T21:13:58", "published": "2017-04-28T21:13:58", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00036.html", "id": "SUSE-SU-2017:1137-1", "title": "Security update for mysql (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-05-08T17:19:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3450", "CVE-2017-3599", "CVE-2017-3305", "CVE-2017-3452"], "description": "This update for mysql-community-server to version 5.6.36 fixes the\n following issues:\n\n These security issues were fixed:\n\n - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in\n SQL statements written to the dump output, allowing for execution of\n arbitrary commands (bsc#1029014)\n - CVE-2017-3305: MySQL client sent authentication request unencrypted even\n if SSL was required (aka Ridddle) (bsc#1029396).\n - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850)\n - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer\n (boo#1034850)\n - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850)\n - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer\n (boo#1034850)\n - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850)\n - CVE-2017-3461: Unspecified vulnerability in Server: Security\n (boo#1034850)\n - CVE-2017-3462: Unspecified vulnerability in Server: Security\n (boo#1034850)\n - CVE-2017-3463: Unspecified vulnerability in Server: Security\n (boo#1034850)\n - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850)\n - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428).\n - CVE-2017-3450: Unspecified vulnerability Server: Memcached\n - CVE-2017-3452: Unspecified vulnerability Server: Optimizer\n - CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth\n - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump\n (boo#1034850)\n - '--ssl-mode=REQUIRED' can be specified to require a secure connection\n (it fails if a secure connection cannot be obtained)\n\n These non-security issues were fixed:\n\n - Set the default umask to 077 in mysql-systemd-helper (boo#1020976)\n - Change permissions of the configuration dir/files to 755/644. Please\n note that storing the password in the /etc/my.cnf file is not safe. Use\n for example an option file that is accessible only by yourself\n (boo#889126)\n\n For more information please see\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html</a>\n\n", "edition": 1, "modified": "2017-05-08T18:18:38", "published": "2017-05-08T18:18:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00015.html", "id": "OPENSUSE-SU-2017:1209-1", "title": "Security update for mysql-community-server (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-09-14T22:30:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9233", "CVE-2017-10685", "CVE-2016-9063", "CVE-2017-11112", "CVE-2017-8872", "CVE-2017-3456", "CVE-2017-11113", "CVE-2017-7436", "CVE-2017-3309", "CVE-2017-1000101", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-1000100", "CVE-2017-3464", "CVE-2017-7435", "CVE-2017-10684", "CVE-2013-7459", "CVE-2017-9269"], "description": "The Docker images provided with SUSE CaaS Platform 1.0 have been updated\n to include the following updates:\n\n libzypp:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n - Fix gpg-pubkey release (creation time) computation. (bsc#1036659)\n - Update lsof blacklist. (bsc#1046417)\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n - Fix potential crash if repository has no baseurl. (bsc#1043218)\n\n zypper:\n\n - CVE-2017-7436: Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n - Document support for custom repository variables defined in\n /etc/zypp/vars.d.\n - Emphasize that it depends on how fast PackageKit will respond to a\n 'quit' request sent if PK blocks package management.\n\n libgcrypt:\n\n - Fix infinite loop in gnome-keyring-daemon caused by attempt to read from\n random device left open by libgcrypt. (bsc#1043333)\n - Avoid seeding the DRBG during FIPS power-up selftests. (bsc#1046659)\n - Fix a bug in gcry_drbg_healthcheck_sanity() which caused skipping some\n of the tests. (bsc#1046659)\n - dlsym returns PLT address on s390x, dlopen libgcrypt20.so before calling\n dlsym. (bsc#1047008)\n\n lua51:\n\n - Add Lua(API) and Lua(devel) symbols to fix building of lua51-luasocket.\n (bsc#1051626)\n\n cyrus-sasl:\n\n - Fix unknown authentication mechanism: kerberos5 (bsc#1026825)\n - Really use SASLAUTHD_PARAMS variable (bsc#938657)\n - Make sure /usr/sbin/rcsaslauthd exists\n - Add /usr/sbin/rcsaslauthd symbolic link to /usr/sbin/service\n (bsc#1014471)\n - Silence &quot;GSSAPI client step 1&quot; debug log message (bsc#1044840)\n\n libxml2:\n\n - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444)\n\n curl:\n\n - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a\n denial of service. (bsc#1051644)\n - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial\n of service. (bsc#1051643)\n\n ncurses:\n\n - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)\n - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry.\n (bsc#1047965)\n - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses\n 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858,\n bsc#1049344)\n\n sed:\n\n - Don't terminate with a segmentation fault if close of last file\n descriptor fails. (bsc#954661)\n\n openssl:\n\n - Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32\n problem. (bsc#1027908)\n - Use getrandom syscall instead of reading from /dev/urandom to get at\n least 128 bits of entropy to comply with FIPS 140.2 IG 7.14.\n (bsc#1027079 bsc#1044175)\n - Fix x86 extended feature detection (bsc#1029523)\n - Allow runtime switching of s390x capabilities via the &quot;OPENSSL_s390xcap&quot;\n environmental variable. (bsc#1028723)\n - Add back certificate initialization set_cert_key_stuff() which was\n removed in a previous update. (bsc#1028281)\n - Fix a bug in XTS key handling. (bsc#1019637)\n - Don't run FIPS power-up self-tests when the checksum files aren't\n installed. (bsc#1042392)\n\n procps:\n\n - Don't set buffering on invalid file descriptor. (bsc#1053409)\n\n expat:\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading\n to unexpected behaviour. (bsc#1047240)\n - CVE-2017-9233: External Entity Vulnerability could lead to denial of\n service. (bsc#1047236)\n\n systemd:\n\n - Revert fix for bsc#1004995 which could have caused boot failure on LVM\n (bsc#1048605)\n - compat-rules: drop the bogus 'import everything' rule (bsc#1046268)\n - core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification\n (bsc#1045384 bsc#1047379)\n - udev/path_id: introduce support for NVMe devices (bsc#1045987)\n - compat-rules: Don't rely on ID_SERIAL when generating 'by-id' links for\n NVMe devices. (bsc#1048679)\n - fstab-generator: Handle NFS &quot;bg&quot; mounts correctly. (bsc#874665,\n fate#323464)\n - timesyncd: Don't use compiled-in list if FallbackNTP has been configured\n explicitly.\n\n insserv-compat:\n\n - Add /etc/init.d hierarchy from former &quot;filesystem&quot; package. (bsc#1035062)\n - Fix directory argument parsing. (bsc#944903)\n - Add perl(Getopt::Long) to list of requirements.\n\n mariadb:\n\n - Update libmysqlclient18 from version 10.0.30 to 10.0.31.\n\n python-pycrypto:\n\n - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew\n (bsc#1017420).\n\n velum:\n\n - Fix loopback IP for proxy exception during initial configuration.\n (bsc#1052759)\n - Set secure flag in cookie. (bsc#1050484)\n - Set VERSION to 1.0.0. (bsc#1050396)\n - Allow kubeconfig download when master is ready. (bsc#1048483)\n\n", "edition": 1, "modified": "2017-09-14T21:11:54", "published": "2017-09-14T21:11:54", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00047.html", "id": "SUSE-SU-2017:2470-1", "title": "Security update for CaaS Platform 1.0 images (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:21", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "description": "New mariadb packages are available for Slackware 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mariadb-10.0.31-i586-1_slack14.2.txz: Upgraded.\n This update fixes bugs and security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3308\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3309\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3453\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3456\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3464\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.56-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.56-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.31-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.31-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.31-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.31-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\n0485ea8dfa06c29f8730b5453a0efa61 mariadb-5.5.56-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n373b0d3f4f3da3b6be07f0536b3da962 mariadb-5.5.56-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n402af045f9573749e52b5673cbd7ecde mariadb-10.0.31-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ndffd36f43484d4fd40e5fd1ba894c5ad mariadb-10.0.31-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9c61433cd7e719e7cbabe4eb8c669dc8 ap/mariadb-10.0.31-i586-1.txz\n\nSlackware x86_64 -current package:\n90c80c549970f2f04588b2713384b509 ap/mariadb-10.0.31-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-10.0.31-i586-1_slack14.2.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2017-07-14T22:13:14", "published": "2017-07-14T22:13:14", "id": "SSA-2017-195-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.405076", "type": "slackware", "title": "[slackware-security] mariadb", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-10-25T16:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "description": "New mariadb packages are available for Slackware 14.1 and 14.2 to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mariadb-10.0.32-i586-1_slack14.2.txz: Upgraded.\n This update fixes bugs and security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.57-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.57-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.32-x86_64-1_slack14.2.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\ne18d20ce245d96764c1385e7cd48e9d5 mariadb-5.5.57-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n270fbdbb08f125c2056ee3fddc3ae9f9 mariadb-5.5.57-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n9152299e6b3eede1f4fe2c357b8b43c6 mariadb-10.0.32-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nb39204d2de2aacba8cc3923b0f748d98 mariadb-10.0.32-x86_64-1_slack14.2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-10.0.32-i586-1_slack14.2.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2017-09-08T18:06:32", "published": "2017-09-08T18:06:32", "id": "SSA-2017-251-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.353960", "type": "slackware", "title": "[slackware-security] mariadb", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-20T12:33:26", "description": "This MariaDB update to version 10.0.31 GA fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\nBug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort'\n in mysql.service in order to follow the upstream. It\n also fixes hanging mysql-systemd-helper when mariadb\n fails (e.g. because of the misconfiguration)\n (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36\n\nRelease notes and changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 20, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-10T00:00:00", "title": "openSUSE Security Update : mariadb (openSUSE-2017-902)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-08-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit"], "id": "OPENSUSE-2017-902.NASL", "href": "https://www.tenable.com/plugins/nessus/102338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-902.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102338);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2017-902)\");\n script_summary(english:\"Check for the openSUSE-2017-902 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MariaDB update to version 10.0.31 GA fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\nBug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort'\n in mysql.service in order to follow the upstream. It\n also fixes hanging mysql-systemd-helper when mariadb\n fails (e.g. because of the misconfiguration)\n (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36\n\nRelease notes and changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963041\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient-devel-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient_r18-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld-devel-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debugsource-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-errormessages-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient-devel-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient18-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient18-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient_r18-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld-devel-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld18-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld18-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-bench-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-bench-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-client-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-client-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-debugsource-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-errormessages-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-test-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-test-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-tools-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-tools-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:26:07", "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715) Bug fixes :\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and\n changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-04T00:00:00", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:2034-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-08-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2017-2034-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2034-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102191);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:2034-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715) Bug fixes :\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and\n changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048715\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172034-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef620f42\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1244=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1244=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-20.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:11:02", "description": "New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.", "edition": 23, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-07-17T00:00:00", "title": "Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-195-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-07-17T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:mariadb"], "id": "SLACKWARE_SSA_2017-195-01.NASL", "href": "https://www.tenable.com/plugins/nessus/101549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-195-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101549);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"SSA\", value:\"2017-195-01\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-195-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.405076\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80a2dbad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.56\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.56\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:26:08", "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715) Bug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort'\n in mysql.service in order to follow the upstream. It\n also fixes hanging mysql-systemd-helper when mariadb\n fails (e.g. because of the misconfiguration)\n (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and\n changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-04T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:2035-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-08-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2017-2035-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2035-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102192);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:2035-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715) Bug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort'\n in mysql.service in order to follow the upstream. It\n also fixes hanging mysql-systemd-helper when mariadb\n fails (e.g. because of the misconfiguration)\n (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and\n changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963041\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172035-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fd651be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1247=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1247=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1247=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1247=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient-devel-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient_r18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld-devel-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-tools-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-tools-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-tools-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-tools-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T04:03:51", "description": "The version of MariaDB running on the remote host is prior to\n10.0.x prior to 10.0.31, 10.1.x prior to 10.1.23, or 10.2.x\nprior to 10.2.7. It is, therefore, affected by multiple\nvulnerabilities.", "edition": 28, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2017-11-07T00:00:00", "title": "MariaDB 10.0.x < 10.0.31 / 10.1.x < 10.1.23 / 10.2.x < 10.2.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_31.NASL", "href": "https://www.tenable.com/plugins/nessus/104437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104437);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\"\n );\n script_bugtraq_id(\n 97725,\n 97742,\n 97776,\n 97818,\n 97831\n );\n\n script_name(english:\"MariaDB 10.0.x < 10.0.31 / 10.1.x < 10.1.23 / 10.2.x < 10.2.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is prior to\n10.0.x prior to 10.0.31, 10.1.x prior to 10.1.23, or 10.2.x\nprior to 10.2.7. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10123-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1027-changelog/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.31 / 10.1.23 / 10.2.7 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:make_list('10.0.31-MariaDB', '10.1.23-MariaDB', '10.2.7-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-02-01T04:03:54", "description": "The version of MariaDB running on the remote host is prior to\n10.0.x prior to 10.0.33 or 10.1.x prior to 10.1.27. It is, therefore,\naffected by multiple vulnerabilities.", "edition": 28, "cvss3": {"score": 5.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "published": "2017-12-07T00:00:00", "title": "MariaDB 10.0.x < 10.0.33 / 10.1.x < 10.1.27 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10379", "CVE-2017-10286", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3641", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_1_27.NASL", "href": "https://www.tenable.com/plugins/nessus/105076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105076);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\",\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3653\",\n \"CVE-2017-10286\",\n \"CVE-2017-10379\",\n \"CVE-2017-10384\"\n );\n script_bugtraq_id(\n 97725,\n 97742,\n 97776,\n 97818,\n 97831,\n 99736,\n 99767,\n 99810,\n 101397,\n 101406,\n 101415\n );\n\n script_name(english:\"MariaDB 10.0.x < 10.0.33 / 10.1.x < 10.1.27 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is prior to\n10.0.x prior to 10.0.33 or 10.1.x prior to 10.1.27. It is, therefore,\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10033-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10127-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/security/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.33 / 10.1.27 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:make_list('10.0.33-MariaDB', '10.1.27-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T04:03:51", "description": "The version of MariaDB running on the remote host is 5.5.x prior to\n5.5.55, 10.0.x prior to 10.0.30, 10.1.x prior to 10.1.22, or 10.2.x\nprior to 10.2.5. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists in file client.c in the\n mysql_prune_stmt_list() function that allows an\n unauthenticated, remote attacker to crash the database.\n (CVE-2017-3302)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow an authenticated, remote attacker to cause a\n denial of service condition. Note that these issues only\n affect version 5.5.x. (CVE-2017-3308, CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition. Note\n that these issues only affect version 5.5.x.\n (CVE-2017-3309, CVE-2017-3453)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to impact\n integrity. Note that this issue only affects version\n 5.5.x. (CVE-2017-3464)\n\n - A denial of service vulnerability exists in the\n Field_time::store_TIME_with_warning() function when\n handling specially crafted INSERT queries. An\n authenticated, remote attacker can exploit this to\n crash the database. Note that this issue only affects\n versions 5.5.x and 10.0.x.\n\n - A denial of service vulnerability exists in the\n JOIN_CACHE::create_remaining_fields() function in file\n sql_join_cache.cc when handling data caching. An\n authenticated, remote attacker can exploit this to crash\n the database.\n\n - A denial of service vulnerability exists in the\n SJ_TMP_TABLE::create_sj_weedout_tmp_table() function\n in file opt_subselect.cc when handling specially crafted\n WHERE queries. An authenticated, remote attacker can\n exploit this to crash the database. Note that this issue\n only affects versions 10.0.x and 10.1.x.\n\n - A denial of service vulnerability exists in the\n ha_partition::reset() function in file ha_partition.cc\n when handling specially crafted SELECT queries. An\n authenticated, remote attacker can exploit this to\n crash the database.\n\n - A denial of service vulnerability exists in the\n find_field_in_tables() function in file sql_base.cc when\n handling stored procedures in EXISTS queries. An\n authenticated, remote attacker can exploit this to crash\n the database. Note that this issue only affects versions\n 10.0.x, 10.1.x, and 10.2.x.\n\n - A denial of service vulnerability exists in the\n JOIN::drop_unused_derived_keys() function in file\n sql_select.cc when handling specially crafted SELECT\n statements. An authenticated, remote attacker can\n exploit this to crash the database. Note that this issue\n only affects versions 5.5.x, 10.1.x, and 10.2.x.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2017-04-25T00:00:00", "title": "MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3313", "CVE-2017-3302", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_30.NASL", "href": "https://www.tenable.com/plugins/nessus/99670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99670);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3302\",\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3313\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\"\n );\n script_bugtraq_id(\n 95527,\n 96162,\n 97725,\n 97742,\n 97776,\n 97818,\n 97831\n );\n\n script_name(english:\"MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 5.5.x prior to\n5.5.55, 10.0.x prior to 10.0.30, 10.1.x prior to 10.1.22, or 10.2.x\nprior to 10.2.5. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists in file client.c in the\n mysql_prune_stmt_list() function that allows an\n unauthenticated, remote attacker to crash the database.\n (CVE-2017-3302)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow an authenticated, remote attacker to cause a\n denial of service condition. Note that these issues only\n affect version 5.5.x. (CVE-2017-3308, CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition. Note\n that these issues only affect version 5.5.x.\n (CVE-2017-3309, CVE-2017-3453)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to impact\n integrity. Note that this issue only affects version\n 5.5.x. (CVE-2017-3464)\n\n - A denial of service vulnerability exists in the\n Field_time::store_TIME_with_warning() function when\n handling specially crafted INSERT queries. An\n authenticated, remote attacker can exploit this to\n crash the database. Note that this issue only affects\n versions 5.5.x and 10.0.x.\n\n - A denial of service vulnerability exists in the\n JOIN_CACHE::create_remaining_fields() function in file\n sql_join_cache.cc when handling data caching. An\n authenticated, remote attacker can exploit this to crash\n the database.\n\n - A denial of service vulnerability exists in the\n SJ_TMP_TABLE::create_sj_weedout_tmp_table() function\n in file opt_subselect.cc when handling specially crafted\n WHERE queries. An authenticated, remote attacker can\n exploit this to crash the database. Note that this issue\n only affects versions 10.0.x and 10.1.x.\n\n - A denial of service vulnerability exists in the\n ha_partition::reset() function in file ha_partition.cc\n when handling specially crafted SELECT queries. An\n authenticated, remote attacker can exploit this to\n crash the database.\n\n - A denial of service vulnerability exists in the\n find_field_in_tables() function in file sql_base.cc when\n handling stored procedures in EXISTS queries. An\n authenticated, remote attacker can exploit this to crash\n the database. Note that this issue only affects versions\n 10.0.x, 10.1.x, and 10.2.x.\n\n - A denial of service vulnerability exists in the\n JOIN::drop_unused_derived_keys() function in file\n sql_select.cc when handling specially crafted SELECT\n statements. An authenticated, remote attacker can\n exploit this to crash the database. Note that this issue\n only affects versions 5.5.x, 10.1.x, and 10.2.x.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-5555-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10030-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10122-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1025-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5555-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10030-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10122-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1025-release-notes/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 5.5.55 / 10.0.30 / 10.1.22 / 10.2.5 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:make_list('10.0.30-MariaDB', '5.5.55-MariaDB', '10.1.22-MariaDB', '10.2.5-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:15:40", "description": "**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-06-19T00:00:00", "title": "Fedora 25 : 3:mariadb (2017-2c0609b92a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3238", "CVE-2017-3313", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-06-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-2C0609B92A.NASL", "href": "https://www.tenable.com/plugins/nessus/100857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2c0609b92a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100857);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3313\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"FEDORA\", value:\"2017-2c0609b92a\");\n\n script_name(english:\"Fedora 25 : 3:mariadb (2017-2c0609b92a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c0609b92a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mariadb-10.1.24-3.fc25\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:15:10", "description": "**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : 3:mariadb (2017-09dd8907da)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3238", "CVE-2017-3313", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-09DD8907DA.NASL", "href": "https://www.tenable.com/plugins/nessus/101568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-09dd8907da.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101568);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3313\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"FEDORA\", value:\"2017-09dd8907da\");\n\n script_name(english:\"Fedora 26 : 3:mariadb (2017-09dd8907da)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-09dd8907da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mariadb-10.1.24-3.fc26\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:11:45", "description": "**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-06-22T00:00:00", "title": "Fedora 24 : 3:mariadb (2017-8425f676f2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3238", "CVE-2017-3313", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2017-06-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-8425F676F2.NASL", "href": "https://www.tenable.com/plugins/nessus/100972", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8425f676f2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100972);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3313\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"FEDORA\", value:\"2017-8425f676f2\");\n\n script_name(english:\"Fedora 24 : 3:mariadb (2017-8425f676f2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8425f676f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mariadb-10.1.24-3.fc24\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3308", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3308"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.17", "cpe:/a:oracle:mysql:5.6.35", "cpe:/a:oracle:mysql:5.5.54"], "id": "CVE-2017-3308", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3308", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "edition": 7, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3653", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3653"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:mysql:5.5.56", "cpe:/a:oracle:mysql:5.7.18", "cpe:/a:oracle:mysql:5.6.36"], "id": "CVE-2017-3653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3653", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3309", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3309"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.17", "cpe:/a:oracle:mysql:5.6.35", "cpe:/a:oracle:mysql:5.5.54"], "id": "CVE-2017-3309", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3309", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3641", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3641"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:mysql:5.5.56", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:redhat:openstack:12", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:oracle:mysql:5.7.18", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:oracle:mysql:5.6.36", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-3641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3641", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3453", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3453"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.17", "cpe:/a:oracle:mysql:5.6.35", "cpe:/a:oracle:mysql:5.5.54"], "id": "CVE-2017-3453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3453", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3464", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3464"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.17", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.6.35", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:oracle:mysql:5.5.54", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2017-3464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3464", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.54:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3456", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3456"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.7.17", "cpe:/a:oracle:mysql:5.6.35", "cpe:/a:oracle:mysql:5.5.54"], "id": "CVE-2017-3456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3456", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:45", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2017-08-08T15:29:00", "title": "CVE-2017-3636", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3636"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:mysql:5.5.56", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:redhat:openstack:12", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:oracle:mysql:5.6.36", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-3636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3636", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2020-11-10T12:36:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3265", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3450"], "description": "**Issue Overview:**\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3462 __](<https://access.redhat.com/security/cve/CVE-2017-3462>))\n\nSecurity: Privileges unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3463 __](<https://access.redhat.com/security/cve/CVE-2017-3463>))\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3461 __](<https://access.redhat.com/security/cve/CVE-2017-3461>))\n\nServer: DDL unspecified vulnerability (CPU Apr 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ([CVE-2017-3464 __](<https://access.redhat.com/security/cve/CVE-2017-3464>))\n\nUnsafe chmod/chown use in init script (CPU Jan 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). ([CVE-2017-3265 __](<https://access.redhat.com/security/cve/CVE-2017-3265>))\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). ([CVE-2017-3309 __](<https://access.redhat.com/security/cve/CVE-2017-3309>))\n\nServer: DML unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). ([CVE-2017-3308 __](<https://access.redhat.com/security/cve/CVE-2017-3308>))\n\nServer: DML unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3456 __](<https://access.redhat.com/security/cve/CVE-2017-3456>))\n\nServer: Memcached unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3450 __](<https://access.redhat.com/security/cve/CVE-2017-3450>))\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3453 __](<https://access.redhat.com/security/cve/CVE-2017-3453>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-test-5.5.56-1.17.amzn1.i686 \n mysql55-5.5.56-1.17.amzn1.i686 \n mysql55-server-5.5.56-1.17.amzn1.i686 \n mysql55-embedded-5.5.56-1.17.amzn1.i686 \n mysql55-libs-5.5.56-1.17.amzn1.i686 \n mysql55-embedded-devel-5.5.56-1.17.amzn1.i686 \n mysql-config-5.5.56-1.17.amzn1.i686 \n mysql55-bench-5.5.56-1.17.amzn1.i686 \n mysql55-debuginfo-5.5.56-1.17.amzn1.i686 \n mysql55-devel-5.5.56-1.17.amzn1.i686 \n \n src: \n mysql55-5.5.56-1.17.amzn1.src \n \n x86_64: \n mysql55-5.5.56-1.17.amzn1.x86_64 \n mysql55-embedded-5.5.56-1.17.amzn1.x86_64 \n mysql55-devel-5.5.56-1.17.amzn1.x86_64 \n mysql55-embedded-devel-5.5.56-1.17.amzn1.x86_64 \n mysql55-libs-5.5.56-1.17.amzn1.x86_64 \n mysql55-server-5.5.56-1.17.amzn1.x86_64 \n mysql-config-5.5.56-1.17.amzn1.x86_64 \n mysql55-debuginfo-5.5.56-1.17.amzn1.x86_64 \n mysql55-bench-5.5.56-1.17.amzn1.x86_64 \n mysql55-test-5.5.56-1.17.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-05-19T00:27:00", "published": "2017-05-19T00:27:00", "id": "ALAS-2017-831", "href": "https://alas.aws.amazon.com/ALAS-2017-831.html", "title": "Medium: mysql55", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:37:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3265", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3450", "CVE-2017-3599"], "description": "**Issue Overview:**\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3462 __](<https://access.redhat.com/security/cve/CVE-2017-3462>))\n\nSecurity: Privileges unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3463 __](<https://access.redhat.com/security/cve/CVE-2017-3463>))\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3461 __](<https://access.redhat.com/security/cve/CVE-2017-3461>))\n\nServer: DDL unspecified vulnerability (CPU Apr 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ([CVE-2017-3464 __](<https://access.redhat.com/security/cve/CVE-2017-3464>))\n\nUnsafe chmod/chown use in init script (CPU Jan 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). ([CVE-2017-3265 __](<https://access.redhat.com/security/cve/CVE-2017-3265>))\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). ([CVE-2017-3309 __](<https://access.redhat.com/security/cve/CVE-2017-3309>))\n\nServer: DML unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). ([CVE-2017-3308 __](<https://access.redhat.com/security/cve/CVE-2017-3308>))\n\nServer: DML unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3456 __](<https://access.redhat.com/security/cve/CVE-2017-3456>))\n\nServer: Memcached unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3450 __](<https://access.redhat.com/security/cve/CVE-2017-3450>))\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ([CVE-2017-3453 __](<https://access.redhat.com/security/cve/CVE-2017-3453>))\n\nInteger underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017): \nAn integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. ([CVE-2017-3599 __](<https://access.redhat.com/security/cve/CVE-2017-3599>))\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-5.6.36-1.25.amzn1.i686 \n mysql56-embedded-5.6.36-1.25.amzn1.i686 \n mysql56-server-5.6.36-1.25.amzn1.i686 \n mysql56-common-5.6.36-1.25.amzn1.i686 \n mysql56-bench-5.6.36-1.25.amzn1.i686 \n mysql56-libs-5.6.36-1.25.amzn1.i686 \n mysql56-errmsg-5.6.36-1.25.amzn1.i686 \n mysql56-test-5.6.36-1.25.amzn1.i686 \n mysql56-devel-5.6.36-1.25.amzn1.i686 \n mysql56-debuginfo-5.6.36-1.25.amzn1.i686 \n mysql56-embedded-devel-5.6.36-1.25.amzn1.i686 \n \n src: \n mysql56-5.6.36-1.25.amzn1.src \n \n x86_64: \n mysql56-server-5.6.36-1.25.amzn1.x86_64 \n mysql56-test-5.6.36-1.25.amzn1.x86_64 \n mysql56-devel-5.6.36-1.25.amzn1.x86_64 \n mysql56-libs-5.6.36-1.25.amzn1.x86_64 \n mysql56-errmsg-5.6.36-1.25.amzn1.x86_64 \n mysql56-debuginfo-5.6.36-1.25.amzn1.x86_64 \n mysql56-embedded-5.6.36-1.25.amzn1.x86_64 \n mysql56-embedded-devel-5.6.36-1.25.amzn1.x86_64 \n mysql56-common-5.6.36-1.25.amzn1.x86_64 \n mysql56-bench-5.6.36-1.25.amzn1.x86_64 \n mysql56-5.6.36-1.25.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-05-18T22:01:00", "published": "2017-05-18T22:01:00", "id": "ALAS-2017-830", "href": "https://alas.aws.amazon.com/ALAS-2017-830.html", "title": "Important: mysql56", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "description": "**Issue Overview:**\n\nServer: Charsets unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3648 __](<https://access.redhat.com/security/cve/CVE-2017-3648>))\n\nServer: DML unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2017-3641 __](<https://access.redhat.com/security/cve/CVE-2017-3641>))\n\nClient programs unspecified vulnerability (CPU Jul 2017) \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. ([CVE-2017-3636 __](<https://access.redhat.com/security/cve/CVE-2017-3636>))\n\nC API unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.([CVE-2017-3635 __](<https://access.redhat.com/security/cve/CVE-2017-3635>))\n\n \nClient mysqldump unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3651 __](<https://access.redhat.com/security/cve/CVE-2017-3651>))\n\nServer: DDL unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. ([CVE-2017-3653 __](<https://access.redhat.com/security/cve/CVE-2017-3653>))\n\nServer: DDL unspecified vulnerability (CPU Jul 2017): \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. ([CVE-2017-3652 __](<https://access.redhat.com/security/cve/CVE-2017-3652>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-bench-5.5.57-1.18.amzn1.i686 \n mysql55-test-5.5.57-1.18.amzn1.i686 \n mysql55-embedded-devel-5.5.57-1.18.amzn1.i686 \n mysql55-devel-5.5.57-1.18.amzn1.i686 \n mysql55-server-5.5.57-1.18.amzn1.i686 \n mysql55-debuginfo-5.5.57-1.18.amzn1.i686 \n mysql55-libs-5.5.57-1.18.amzn1.i686 \n mysql55-embedded-5.5.57-1.18.amzn1.i686 \n mysql55-5.5.57-1.18.amzn1.i686 \n mysql-config-5.5.57-1.18.amzn1.i686 \n \n src: \n mysql55-5.5.57-1.18.amzn1.src \n \n x86_64: \n mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64 \n mysql55-libs-5.5.57-1.18.amzn1.x86_64 \n mysql55-test-5.5.57-1.18.amzn1.x86_64 \n mysql55-5.5.57-1.18.amzn1.x86_64 \n mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64 \n mysql-config-5.5.57-1.18.amzn1.x86_64 \n mysql55-embedded-5.5.57-1.18.amzn1.x86_64 \n mysql55-bench-5.5.57-1.18.amzn1.x86_64 \n mysql55-server-5.5.57-1.18.amzn1.x86_64 \n mysql55-devel-5.5.57-1.18.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-08-31T17:08:00", "published": "2017-08-31T17:08:00", "id": "ALAS-2017-887", "href": "https://alas.aws.amazon.com/ALAS-2017-887.html", "title": "Medium: mysql55", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3462", "CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3653", "CVE-2017-3636", "CVE-2017-3305"], "description": "USN-3357-1 fixed several vulnerabilities in MySQL. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html> \n<http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html>", "edition": 6, "modified": "2017-07-24T00:00:00", "published": "2017-07-24T00:00:00", "id": "USN-3357-2", "href": "https://ubuntu.com/security/notices/USN-3357-2", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2017-04-29T01:18:25", "published": "2017-04-29T01:18:25", "id": "FEDORA:58B4160560B7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: community-mysql-5.7.18-2.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2017-04-29T01:50:21", "published": "2017-04-29T01:50:21", "id": "FEDORA:9F8E3604CCE0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2017-04-28T14:36:49", "published": "2017-04-28T14:36:49", "id": "FEDORA:71E11608B7FE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2017-06-16T13:24:35", "published": "2017-06-16T13:24:35", "id": "FEDORA:DF1616079737", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mariadb-10.1.24-3.fc26", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2017-06-16T17:51:10", "published": "2017-06-16T17:51:10", "id": "FEDORA:5C8506050C23", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mariadb-10.1.24-3.fc24", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2017-06-16T18:53:40", "published": "2017-06-16T18:53:40", "id": "FEDORA:B9E546079270", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mariadb-10.1.24-3.fc25", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2018-05-22T14:31:34", "published": "2018-05-22T14:31:34", "id": "FEDORA:DDCB860779BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mariadb-10.1.33-1.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5617", "CVE-2016-6664", "CVE-2017-10268", "CVE-2017-10286", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb (10.1.29). (BZ#1463417, BZ#1517327)\n\nSecurity Fix(es):\n\n* mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) (CVE-2016-5617, CVE-2016-6664)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) (CVE-2017-3238)\n\n* mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) (CVE-2017-3243)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2017) (CVE-2017-3244)\n\n* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017) (CVE-2017-3257)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) (CVE-2017-3258)\n\n* mysql: unsafe chmod/chown use in init script (CPU Jan 2017) (CVE-2017-3265)\n\n* mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) (CVE-2017-3291)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2017) (CVE-2017-3308)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) (CVE-2017-3309)\n\n* mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) (CVE-2017-3312)\n\n* mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) (CVE-2017-3313)\n\n* mysql: Logging unspecified vulnerability (CPU Jan 2017) (CVE-2017-3317)\n\n* mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) (CVE-2017-3318)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) (CVE-2017-3453)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2017) (CVE-2017-3456)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) (CVE-2017-3464)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017) (CVE-2017-10286)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: prepared statement handle use-after-free after disconnect (CVE-2017-3302)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, a syntax error in the Galera Arbitrator SysV init script prevented the garbd daemon from being started when the SysV init script was used. With this update, the definition of the main daemon binary in the SysV init script has been fixed, and the described problem no longer occurs. (BZ#1466473)\n\n* Prior to this update, the scl macros were not set for the rh-mariadb101-mariadb@.service file, which consequently made the service file unusable. This bug has been fixed, and rh-mariadb101-mariadb@.service now works as expected. (BZ#1485995)", "modified": "2018-06-13T01:28:22", "published": "2018-03-21T17:36:47", "id": "RHSA-2018:0574", "href": "https://access.redhat.com/errata/RHSA-2018:0574", "type": "redhat", "title": "(RHSA-2018:0574) Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5617", "CVE-2016-6664", "CVE-2017-10268", "CVE-2017-10286", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb100-mariadb (10.0.33).\n\nSecurity Fix(es):\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2017-10268, CVE-2017-10286, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384)", "modified": "2018-06-13T01:28:16", "published": "2018-02-06T15:37:36", "id": "RHSA-2018:0279", "href": "https://access.redhat.com/errata/RHSA-2018:0279", "type": "redhat", "title": "(RHSA-2018:0279) Moderate: rh-mariadb100-mariadb security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3651"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es):\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "modified": "2018-04-12T03:33:35", "published": "2017-08-01T09:58:44", "id": "RHSA-2017:2192", "href": "https://access.redhat.com/errata/RHSA-2017:2192", "type": "redhat", "title": "(RHSA-2017:2192) Moderate: mariadb security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5483", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3450", "CVE-2017-3452", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.37).\n\nSecurity Fix(es):\n\n* An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* It was discovered that the MySQL client command line tools only checked after authentication whether server supported SSL. A man-in-the-middle attacker could use this flaw to hijack client's authentication to the server even if the client was configured to require SSL connection. (CVE-2017-3305)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages listed in the References section. (CVE-2016-8327, CVE-2017-3238, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3273, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3633, CVE-2017-3634, CVE-2017-3636, CVE-2017-3641, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653)\n\nRed Hat would like to thank Pali Roh\u00e1r for reporting CVE-2017-3305.\n\nBug Fix(es):\n\n* Previously, the md5() function was blocked by MySQL in FIPS mode because the MD5 hash algorithm is considered insecure. Consequently, the mysqld daemon failed with error messages when FIPS mode was enabled. With this update, md5() is allowed in FIPS mode for non-security operations. Note that users are able to use md5() for security purposes but such usage is not supported by Red Hat. (BZ#1452469)", "modified": "2018-06-13T01:28:25", "published": "2017-09-21T11:18:30", "id": "RHSA-2017:2787", "href": "https://access.redhat.com/errata/RHSA-2017:2787", "type": "redhat", "title": "(RHSA-2017:2787) Important: rh-mysql56-mysql security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3302", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3651", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3258"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2192\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es):\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-August/004369.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\n", "edition": 5, "modified": "2017-08-24T01:39:47", "published": "2017-08-24T01:39:47", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004369.html", "id": "CESA-2017:2192", "title": "mariadb security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:03:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3302", "CVE-2017-3456", "CVE-2016-6662", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3651", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3258"], "description": "[1:5.5.56-2]\n- Do not fix context and change owner if run by root in mariadb-prepare-db-dir\n Related: #1458940\n- Check properly that datadir includes only expected files\n Related: #1356897\n[1:5.5.56-1]\n- Rebase to 5.5.56\n That release also fixes the following security issues:\n CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243\n CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318\n CVE-2017-3291 CVE-2017-3302 CVE-2016-5483/CVE-2017-3600 CVE-2017-3308\n CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n Resolves: #1458933\n New deps required by upstream: checkpolicy and policycoreutils-python\n License text removed by upstream: COPYING.LESSER\n Do not ignore test-suite failure\n Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265\n Resolves: #1458940\n[5.5.52-2]\n- Extension of mariadb-prepare-db-dir script\n- Resolves: #1356897\n- Rebase to 5.5.52, that also include fix for CVE-2016-6662\n Resolves: #1377974", "edition": 5, "modified": "2017-08-07T00:00:00", "published": "2017-08-07T00:00:00", "id": "ELSA-2017-2192", "href": "http://linux.oracle.com/errata/ELSA-2017-2192.html", "title": "mariadb security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}