EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)

2019-05-14T00:00:00

Description

According to the versions of the mariadb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - MariaDB is a community developed branch of MySQL.MariaDB is a multi-user, multi-threaded SQL database server.It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files.Security Fix(es):Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2761)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.(CVE-2018-2755)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2771)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2819)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2781)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.(CVE-2018-2813)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2817)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-3641)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.(CVE-2017-3653) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2019-1541.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)", "description": "According to the versions of the mariadb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - MariaDB is a community developed branch of MySQL.MariaDB is a multi-user, multi-threaded SQL database server.It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files.Security Fix(es):Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2761)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products.\n Successful attacks of this vulnerability can result in takeover of MySQL Server.(CVE-2018-2755)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2771)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).\n Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2819)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2781)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.(CVE-2018-2813)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2817)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-3641)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.(CVE-2017-3653)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2019-05-14T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/124994", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817", "http://www.nessus.org/u?66c1c9bb", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755"], "cvelist": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "immutableFields": [], "lastseen": "2021-08-19T12:22:51", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-887", "ALAS-2017-888", "ALAS-2018-1026", "ALAS-2018-1027", "ALAS-2018-1028", "ALAS2-2018-1078"]}, {"type": "centos", "idList": ["CESA-2018:2439"]}, {"type": "cve", "idList": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1043-1:42E7A", "DEBIAN:DLA-1043-1:9386A", "DEBIAN:DLA-1355-1:AB526", "DEBIAN:DLA-1355-1:BC9FB", "DEBIAN:DLA-1407-1:AB7AD", "DEBIAN:DLA-1407-1:D0175", "DEBIAN:DSA-3922-1:71332", "DEBIAN:DSA-3922-1:CA63B", "DEBIAN:DSA-3944-1:135E3", "DEBIAN:DSA-3944-1:A4058", "DEBIAN:DSA-3955-1:3203D", "DEBIAN:DSA-3955-1:FFC41", "DEBIAN:DSA-4176-1:326A5", "DEBIAN:DSA-4176-1:98D3A", "DEBIAN:DSA-4341-1:8E7AD", "DEBIAN:DSA-4341-1:A9461"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-3641", "DEBIANCVE:CVE-2017-3653", "DEBIANCVE:CVE-2018-2755", "DEBIANCVE:CVE-2018-2761", "DEBIANCVE:CVE-2018-2771", "DEBIANCVE:CVE-2018-2781", "DEBIANCVE:CVE-2018-2813", "DEBIANCVE:CVE-2018-2817", "DEBIANCVE:CVE-2018-2819"]}, {"type": "f5", "idList": ["F5:K02212309", "F5:K03551138", "F5:K04327352", "F5:K27992001", "F5:K53756439", "F5:K71231825", "F5:K82350223"]}, {"type": "fedora", "idList": ["FEDORA:0CBE260E86FA", "FEDORA:17828601D72C", "FEDORA:3538D605F20B", "FEDORA:5D69F601CACB", "FEDORA:74903605DFC6", "FEDORA:78BBA6046256", "FEDORA:8DE4F613FFDF", "FEDORA:9509C6014637", "FEDORA:A4AB861361C8", "FEDORA:B1BEB60567DA", "FEDORA:B70CB604EC19", "FEDORA:B87EA60769EE", "FEDORA:C9D70604239F", "FEDORA:CF9346049DCC", "FEDORA:DDCB860779BD", "FEDORA:F0D00603E873", "FEDORA:F1E6961A519A"]}, {"type": "freebsd", "idList": ["57AEC168-453E-11E8-8777-B499BAEBFEAF", "CDA2F3C2-6C8B-11E7-867F-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201802-04", "GLSA-201908-24"]}, {"type": "ibm", "idList": ["2F35E2DCF5381942547832B4E8BA479A4689FC1FBB9AE66EECD61ED3FA34CEA8", "4C4152A22A3EEF9CC30336CAB72EC704CCADEA8B6EB40E84E4566C55AD3E2494", "9350185A08E3A7768F794E8AC1F2E301732A0E8F75A1E45D2497C4A531B3B2A0", "ABE64FFA5410F4D2BA3B07A691F59D16ACB55A9B1B3E2D89003FB7346FAD7881", "B2E9977303086EC5343BD24988CF7305556A2728DFC1B6D8581FB2141DD07E6F"]}, {"type": "mageia", "idList": ["MGASA-2017-0289", "MGASA-2017-0332", "MGASA-2018-0259", "MGASA-2018-0269"]}, {"type": "nessus", "idList": ["700185.PRM", "700186.PRM", "700187.PRM", "700615.PRM", "700621.PRM", "700626.PRM", "AL2_ALAS-2018-1078.NASL", "ALA_ALAS-2017-887.NASL", "ALA_ALAS-2017-888.NASL", "ALA_ALAS-2018-1026.NASL", "ALA_ALAS-2018-1027.NASL", "ALA_ALAS-2018-1028.NASL", "CENTOS_RHSA-2018-2439.NASL", "DEBIAN_DLA-1043.NASL", "DEBIAN_DLA-1355.NASL", "DEBIAN_DLA-1407.NASL", "DEBIAN_DSA-3922.NASL", "DEBIAN_DSA-3944.NASL", "DEBIAN_DSA-3955.NASL", "DEBIAN_DSA-4176.NASL", "DEBIAN_DSA-4341.NASL", "EULEROS_SA-2018-1302.NASL", "EULEROS_SA-2018-1303.NASL", "EULEROS_SA-2018-1337.NASL", "EULEROS_SA-2018-1346.NASL", "FEDORA_2017-7C039552FA.NASL", "FEDORA_2017-EE93493BEA.NASL", "FEDORA_2018-00E90783D2.NASL", "FEDORA_2018-2513B888A4.NASL", "FEDORA_2018-7025A5C25D.NASL", "FEDORA_2018-86026275EA.NASL", "FEDORA_2018-8B920C2B00.NASL", "FEDORA_2018-D955395C08.NASL", "FREEBSD_PKG_57AEC168453E11E88777B499BAEBFEAF.NASL", "FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL", "GENTOO_GLSA-201802-04.NASL", "GENTOO_GLSA-201908-24.NASL", "MARIADB_10_0_32.NASL", "MARIADB_10_0_35.NASL", "MARIADB_10_1_26.NASL", "MARIADB_10_1_27.NASL", "MARIADB_10_1_33.NASL", "MARIADB_10_2_15.NASL", "MARIADB_10_2_8.NASL", "MARIADB_5_5_57.NASL", "MARIADB_5_5_60.NASL", "MYSQL_5_5_57.NASL", "MYSQL_5_5_57_RPM.NASL", "MYSQL_5_5_60.NASL", "MYSQL_5_5_60_RPM.NASL", "MYSQL_5_6_37.NASL", "MYSQL_5_6_37_RPM.NASL", "MYSQL_5_6_40.NASL", "MYSQL_5_6_40_RPM.NASL", "MYSQL_5_7_19.NASL", "MYSQL_5_7_19_RPM.NASL", "MYSQL_5_7_22.NASL", "MYSQL_5_7_22_RPM.NASL", "NEWSTART_CGSL_NS-SA-2019-0034_MARIADB.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2018-33.NASL", "OPENSUSE-2018-405.NASL", "OPENSUSE-2018-572.NASL", "OPENSUSE-2018-668.NASL", "OPENSUSE-2019-427.NASL", "ORACLELINUX_ELSA-2018-2439.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "PHOTONOS_PHSA-2018-1_0-0130_MYSQL.NASL", "PHOTONOS_PHSA-2018-2_0-0040.NASL", "PHOTONOS_PHSA-2018-2_0-0040_MYSQL.NASL", "REDHAT-RHSA-2018-2439.NASL", "SLACKWARE_SSA_2017-251-02.NASL", "SLACKWARE_SSA_2018-130-01.NASL", "SL_20180816_MARIADB_ON_SL7_X.NASL", "SUSE_SU-2017-2290-1.NASL", "SUSE_SU-2017-2921-1.NASL", "SUSE_SU-2018-0079-1.NASL", "SUSE_SU-2018-1333-1.NASL", "SUSE_SU-2018-1382-1.NASL", "SUSE_SU-2018-1781-1.NASL", "SUSE_SU-2018-1781-2.NASL", "UBUNTU_USN-3357-1.NASL", "UBUNTU_USN-3629-1.NASL", "UBUNTU_USN-3629-3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703922", "OPENVAS:1361412562310703944", "OPENVAS:1361412562310703955", "OPENVAS:1361412562310704176", "OPENVAS:1361412562310704341", "OPENVAS:1361412562310811432", "OPENVAS:1361412562310811433", "OPENVAS:1361412562310813148", "OPENVAS:1361412562310813149", "OPENVAS:1361412562310843246", "OPENVAS:1361412562310843513", "OPENVAS:1361412562310843517", "OPENVAS:1361412562310851797", "OPENVAS:1361412562310852040", "OPENVAS:1361412562310873242", "OPENVAS:1361412562310873246", "OPENVAS:1361412562310874410", "OPENVAS:1361412562310874489", "OPENVAS:1361412562310874594", "OPENVAS:1361412562310874709", "OPENVAS:1361412562310874736", "OPENVAS:1361412562310875017", "OPENVAS:1361412562310875022", "OPENVAS:1361412562310875053", "OPENVAS:1361412562310875055", "OPENVAS:1361412562310875283", "OPENVAS:1361412562310875288", "OPENVAS:1361412562310875314", "OPENVAS:1361412562310875320", "OPENVAS:1361412562310875487", "OPENVAS:1361412562310882940", "OPENVAS:1361412562310891043", "OPENVAS:1361412562310891355", "OPENVAS:1361412562310891407", "OPENVAS:1361412562311220181302", "OPENVAS:1361412562311220181303", "OPENVAS:1361412562311220181337", "OPENVAS:1361412562311220181346", "OPENVAS:1361412562311220191541", "OPENVAS:703922"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-2439"]}, {"type": "osv", "idList": ["OSV:CVE-2017-3641", "OSV:CVE-2018-2771", "OSV:DLA-1043-1", "OSV:DLA-1355-1", "OSV:DLA-1407-1", "OSV:DSA-3922-1", "OSV:DSA-3944-1", "OSV:DSA-3955-1", "OSV:DSA-4176-1", "OSV:DSA-4341-1"]}, {"type": "photon", "idList": ["PHSA-2017-0078", "PHSA-2018-0040", "PHSA-2018-0130", "PHSA-2018-1.0-0130", "PHSA-2018-2.0-0040"]}, {"type": "redhat", "idList": ["RHSA-2017:2787", "RHSA-2017:2886", "RHSA-2018:0279", "RHSA-2018:0574", "RHSA-2018:1254", "RHSA-2018:2439", "RHSA-2018:2729", "RHSA-2018:3655", "RHSA-2019:1258"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-3641", "RH:CVE-2017-3653", "RH:CVE-2018-2755", "RH:CVE-2018-2761", "RH:CVE-2018-2771", "RH:CVE-2018-2781", "RH:CVE-2018-2813", "RH:CVE-2018-2817", "RH:CVE-2018-2819"]}, {"type": "slackware", "idList": ["SSA-2017-251-02", "SSA-2018-130-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1595-1", "OPENSUSE-SU-2018:1800-1"]}, {"type": "ubuntu", "idList": ["USN-3357-1", "USN-3357-2", "USN-3629-1", "USN-3629-2", "USN-3629-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-3641", "UB:CVE-2017-3653", "UB:CVE-2018-2755", "UB:CVE-2018-2761", "UB:CVE-2018-2771", "UB:CVE-2018-2781", "UB:CVE-2018-2813", "UB:CVE-2018-2817", "UB:CVE-2018-2819"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-887", "ALAS-2017-888", "ALAS-2018-1026", "ALAS-2018-1027", "ALAS-2018-1028"]}, {"type": "centos", "idList": ["CESA-2018:2439"]}, {"type": "cve", "idList": ["CVE-2017-3641", "CVE-2017-3653"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1043-1:9386A", "DEBIAN:DLA-1355-1:BC9FB", "DEBIAN:DLA-1407-1:D0175", "DEBIAN:DSA-3922-1:71332", "DEBIAN:DSA-3944-1:A4058", "DEBIAN:DSA-3955-1:FFC41", "DEBIAN:DSA-4176-1:98D3A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-3641", "DEBIANCVE:CVE-2017-3653", "DEBIANCVE:CVE-2018-2755", "DEBIANCVE:CVE-2018-2761", "DEBIANCVE:CVE-2018-2771", "DEBIANCVE:CVE-2018-2781", "DEBIANCVE:CVE-2018-2813", "DEBIANCVE:CVE-2018-2817", "DEBIANCVE:CVE-2018-2819"]}, {"type": "f5", "idList": ["F5:K04327352"]}, {"type": "fedora", "idList": ["FEDORA:0CBE260E86FA", "FEDORA:17828601D72C", "FEDORA:3538D605F20B", "FEDORA:5D69F601CACB", "FEDORA:74903605DFC6", "FEDORA:78BBA6046256", "FEDORA:8DE4F613FFDF", "FEDORA:9509C6014637", "FEDORA:A4AB861361C8", "FEDORA:B1BEB60567DA", "FEDORA:B70CB604EC19", "FEDORA:B87EA60769EE", "FEDORA:C9D70604239F", "FEDORA:CF9346049DCC", "FEDORA:DDCB860779BD", "FEDORA:F0D00603E873", "FEDORA:F1E6961A519A"]}, {"type": "freebsd", "idList": ["CDA2F3C2-6C8B-11E7-867F-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201802-04"]}, {"type": "ibm", "idList": ["2F35E2DCF5381942547832B4E8BA479A4689FC1FBB9AE66EECD61ED3FA34CEA8", "ABE64FFA5410F4D2BA3B07A691F59D16ACB55A9B1B3E2D89003FB7346FAD7881", "B2E9977303086EC5343BD24988CF7305556A2728DFC1B6D8581FB2141DD07E6F"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GOOGLE-CHROME-CVE-2012-5148/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-3641/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-3653/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2018-2439.NASL", "DEBIAN_DLA-1043.NASL", "DEBIAN_DSA-3922.NASL", "DEBIAN_DSA-3944.NASL", "EULEROS_SA-2018-1302.NASL", "EULEROS_SA-2018-1303.NASL", "FEDORA_2017-7C039552FA.NASL", "FEDORA_2017-EE93493BEA.NASL", "FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL", "GENTOO_GLSA-201802-04.NASL", "MYSQL_5_5_57_RPM.NASL", "MYSQL_5_6_37_RPM.NASL", "MYSQL_5_7_19_RPM.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2018-572.NASL", "ORACLELINUX_ELSA-2018-2439.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "REDHAT-RHSA-2018-2439.NASL", "SL_20180816_MARIADB_ON_SL7_X.NASL", "UBUNTU_USN-3357-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811432", "OPENVAS:1361412562310811433", "OPENVAS:1361412562310843246", "OPENVAS:1361412562310891043", "OPENVAS:703922"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018-3678067"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-2439"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0130", "PHSA-2018-2.0-0040"]}, {"type": "redhat", "idList": ["RHSA-2017:2787"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-2771", "RH:CVE-2018-2781", "RH:CVE-2018-2813", "RH:CVE-2018-2817", "RH:CVE-2018-2819"]}, {"type": "slackware", "idList": ["SSA-2017-251-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1595-1"]}, {"type": "ubuntu", "idList": ["USN-3357-1", "USN-3357-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-2755", "UB:CVE-2018-2761", "UB:CVE-2018-2771", "UB:CVE-2018-2781", "UB:CVE-2018-2813", "UB:CVE-2018-2817", "UB:CVE-2018-2819"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-3641", "epss": "0.001340000", "percentile": "0.467630000", "modified": "2023-03-15"}, {"cve": "CVE-2017-3653", "epss": "0.001160000", "percentile": "0.438290000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2755", "epss": "0.000950000", "percentile": "0.384580000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2761", "epss": "0.004060000", "percentile": "0.696940000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2771", "epss": "0.001330000", "percentile": "0.467110000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2781", "epss": "0.001330000", "percentile": "0.467110000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2813", "epss": "0.001350000", "percentile": "0.469700000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2817", "epss": "0.002040000", "percentile": "0.566610000", "modified": "2023-03-15"}, {"cve": "CVE-2018-2819", "epss": "0.002040000", "percentile": "0.566610000", "modified": "2023-03-15"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1678955717, "score": 1683999172, "epss": 1678955506}, "_internal": {"score_hash": "dc533815854d2c755e84e94ff76aa4a6"}, "pluginID": "124994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124994);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3641\",\n \"CVE-2017-3653\",\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - MariaDB is a community developed branch of\n MySQL.MariaDB is a multi-user, multi-threaded SQL\n database server.It is a client/server implementation\n consisting of a server daemon (mysqld) and many\n different client programs and libraries. The base\n package contains the standard MariaDB/MySQL client\n programs and generic MySQL files.Security\n Fix(es):Vulnerability in the MySQL Server component of\n Oracle MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39\n and prior and 5.7.21 and prior. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-2761)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Replication). Supported versions that are affected are\n 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and\n prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with logon to the\n infrastructure where MySQL Server executes to\n compromise MySQL Server. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in MySQL Server, attacks\n may significantly impact additional products.\n Successful attacks of this vulnerability can result in\n takeover of MySQL Server.(CVE-2018-2755)Vulnerability\n in the MySQL Server component of Oracle MySQL\n (subcomponent: Server: Locking). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and\n prior and 5.7.21 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-2771)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB).\n Supported versions that are affected are 5.5.59 and\n prior, 5.6.39 and prior and 5.7.21 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server.(CVE-2018-2819)Vulnerability in\n the MySQL Server component of Oracle MySQL\n (subcomponent: Server: Optimizer). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and\n prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-2781)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and\n prior, 5.6.39 and prior and 5.7.21 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized read access to\n a subset of MySQL Server accessible\n data.(CVE-2018-2813)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and\n prior, 5.6.39 and prior and 5.7.21 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server.(CVE-2018-2817)Vulnerability in\n the MySQL Server component of Oracle MySQL\n (subcomponent: Server: DML). Supported versions that\n are affected are 5.5.56 and earlier, 5.6.36 and earlier\n and 5.7.18 and earlier. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2017-3641)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.56 and\n earlier, 5.6.36 and earlier and 5.7.18 and earlier.\n Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data.(CVE-2017-3653)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1541\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66c1c9bb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2813\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.60-1\",\n \"mariadb-libs-5.5.60-1\",\n \"mariadb-server-5.5.60-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "solution": "Update the affected mariadb packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2018-2813", "vendor_cvss2": {}, "vendor_cvss3": {}, "vpr": {"risk factor": "Medium", "score": "6.5"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-05-10T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"openvas": [{"lastseen": "2020-02-26T16:48:58", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-1541)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2761", "CVE-2018-2781", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-3653"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191541", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1541\");\n script_version(\"2020-01-23T12:09:35+0000\");\n script_cve_id(\"CVE-2017-3641\", \"CVE-2017-3653\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:09:35 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:09:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-1541)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1541\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1541\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2019-1541 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-2819)\n\nVulnerability in the M ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.60~1\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.60~1\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.60~1\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-04T18:55:26", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes.", "cvss3": {}, "published": "2018-04-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4176-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704176", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4176-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704176\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n script_name(\"Debian Security Advisory DSA 4176-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-20 00:00:00 +0200 (Fri, 20 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4176.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.60-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/mysql-5.5\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:06:55", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes.", "cvss3": {}, "published": "2018-04-20T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mysql-5.5 (DLA-1355-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891355", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891355\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n script_name(\"Debian LTS: Security Advisory for mysql-5.5 (DLA-1355-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-20 00:00:00 +0200 (Fri, 20 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.5.60-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.60-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:49", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-19T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2018-3678067) 04 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2018-3678067) 04 - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813148\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2773\",\n \"CVE-2018-2817\", \"CVE-2018-2813\", \"CVE-2018-2755\", \"CVE-2018-2819\",\n \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-19 10:38:34 +0530 (Thu, 19 Apr 2018)\");\n script_name(\"Oracle Mysql Security Updates (apr2018-3678067) 04 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - Multiple errors in the 'Client programs' component of MySQL Server.\n\n - An error in the 'Server: Locking' component of MySQL Server.\n\n - An error in the 'Server: Optimizer' component of MySQL Server.\n\n - Multiple errors in the 'Server: DDL' component of MySQL Server.\n\n - Multiple errors in the 'Server: Replication' component of MySQL Server.\n\n - An error in the 'InnoDB' component of MySQL Server.\n\n - An error in the 'Server : Security : Privileges' component of MySQL Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to have an impact on confidentiality,\n integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.59 and earlier,\n 5.6.39 and earlier, 5.7.21 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the latest patch from vendor. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.59\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.39\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.21\")){\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\", install_path:path);\n security_message(port:sqlPort, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:50", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-19T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2018-3678067) 04 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2018-3678067) 04 - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813149\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2773\",\n \"CVE-2018-2817\", \"CVE-2018-2813\", \"CVE-2018-2755\", \"CVE-2018-2819\",\n \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-19 10:38:34 +0530 (Thu, 19 Apr 2018)\");\n script_name(\"Oracle Mysql Security Updates (apr2018-3678067) 04 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - Multiple errors in the 'Client programs' component of MySQL Server.\n\n - An error in the 'Server: Locking' component of MySQL Server.\n\n - An error in the 'Server: Optimizer' component of MySQL Server.\n\n - Multiple errors in the 'Server: DDL' component of MySQL Server.\n\n - Multiple errors in the 'Server: Replication' component of MySQL Server.\n\n - An error in the 'InnoDB' component of MySQL Server.\n\n - An error in the 'Server : Security : Privileges' component of MySQL Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to have an impact on confidentiality,\n integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.59 and earlier,\n 5.6.39 and earlier, 5.7.21 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the latest patch from vendor. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.59\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.39\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.21\")){\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\", install_path:path);\n security_message(port:sqlPort, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-04T16:47:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1800-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851797", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851797\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 05:57:46 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\",\n \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1800-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MariaDB to version 10.0.35 fixes multiple issues:\n\n Security issues fixed:\n\n * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes\n (bsc#1090518)\n\n * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518)\n\n * CVE-2018-2755: Unspecified vulnerability in Replication allowing server\n compromise (bsc#1090518)\n\n * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518)\n\n * CVE-2018-2761: Unspecified DoS vulnerability in Client programs\n (bsc#1090518)\n\n * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer\n (bsc#1090518)\n\n * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking\n component (bsc#1090518)\n\n * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing\n unauthorized reads (bsc#1090518)\n\n * CVE-2018-2767: The embedded server library now supports SSL when\n connecting to remote servers (bsc#1088681)\n\n The following changes are included:\n\n * XtraDB updated to 5.6.39-83.1\n\n * TokuDB updated to 5.6.39-83.1\n\n * InnoDB updated to 5.6.40\n\n * Fix for Crash in MVCC read after IMPORT TABLESPACE\n\n * Fix for innodb_read_only trying to modify files if transactions were\n recovered in COMMITTED state\n\n * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index\n\n * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing\n corrupted record\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-668=1\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1800-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:37:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181337", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1337\");\n script_version(\"2020-01-23T11:22:06+0000\");\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:06 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1337)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1337\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1337\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2018-1337 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\nmysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\nmysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\nmysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\nmysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\nmysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\nmysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\nmysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\nmysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\nmysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\nmysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.60~1.h1\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.60~1.h1\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.60~1.h1\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:27", "description": "Check the version of mariadb", "cvss3": {}, "published": "2018-08-21T00:00:00", "type": "openvas", "title": "CentOS Update for mariadb CESA-2018:2439 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882940", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_2439_mariadb_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for mariadb CESA-2018:2439 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882940\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-21 06:42:25 +0200 (Tue, 21 Aug 2018)\");\n script_cve_id(\"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mariadb CESA-2018:2439 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of mariadb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es):\n\n * mysql: Client programs unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3636)\n\n * mysql: Server: DML unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3641)\n\n * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3651)\n\n * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10268)\n\n * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10378)\n\n * mysql: Client programs unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10379)\n\n * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10384)\n\n * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2562)\n\n * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2622)\n\n * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2640)\n\n * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2665)\n\n * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2668)\n\n * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2755)\n\n * mysql: Client programs unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2761)\n\n * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2771)\n\n * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2781)\n\n * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2813)\n\n * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2817)\n\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3653)\n\n * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)\n(CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\n\nBug Fix(es):\n\n * Previously, the mysqladmin tool waited for an inadequate length of time\nif the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was\nstarting, the mariadb service became unresponsive for a long time. With\nthis update, the mysqladmin timeout has been shortened to 2 seconds. As a\nresult, the mariadb service either starts or fails but no longer hangs in\nthe described situation. (BZ#1584023)\");\n script_tag(name:\"affected\", value:\"mariadb on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:2439\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-August/022995.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.60~1.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2020-01-27T18:35:46", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1346)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181346", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1346\");\n script_version(\"2020-01-23T11:22:40+0000\");\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1346)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1346\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1346\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2018-1346 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\nmysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\nmysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\nmysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\nmysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\nmysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\nmysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\nmysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\nmysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\nmysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\nmysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.60~1.h1\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.60~1.h1\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.60~1.h1\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:33:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1303)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3651", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181303", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1303\");\n script_version(\"2020-01-23T11:20:58+0000\");\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:20:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:20:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1303)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1303\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1303\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2018-1303 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\nmysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\nmysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\nmysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\nmysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\nmysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\nmysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\nmysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\nmysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\nmysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\nmysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.60~1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.60~1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.60~1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.60~1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.60~1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.60~1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:34:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1302)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2017-10379", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2640", "CVE-2018-2781", "CVE-2017-3641", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2017-3653", "CVE-2017-10384", "CVE-2017-3636", "CVE-2018-2622"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181302", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1302\");\n script_version(\"2020-01-23T11:20:38+0000\");\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3641\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:20:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:20:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1302)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1302\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1302\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2018-1302 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\nmysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\nmysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\nmysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\nmysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\nmysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\nmysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\nmysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\nmysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\nmysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\nmysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\nmysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\nmysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\nmysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.60~1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.60~1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.60~1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.60~1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.60~1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.60~1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2020-01-31T17:38:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1595-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852040", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852040\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:36:20 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1595-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1595-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00008.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the openSUSE-SU-2018:1595-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb to version 10.2.15 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return\n of BACKRONYM) (bsc#1088681).\n\n - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server accessible data\n (bsc#1089987).\n\n - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple p ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19\", rpm:\"libmysqld19~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19-debuginfo\", rpm:\"libmysqld19-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-galera\", rpm:\"mariadb-galera~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-20T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-2513b888a4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874709", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2513b888a4_mariadb_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-2513b888a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874709\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-20 06:18:49 +0200 (Wed, 20 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\", \"CVE-2018-2759\", \"CVE-2018-2777\", \"CVE-2018-2810\", \"CVE-2018-2773\", \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-2513b888a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2513b888a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URT2E3H3SHHUPWOZR3UMN3DFK7WUGAYI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.15~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-25T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-86026275ea", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874736", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_86026275ea_mariadb_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-86026275ea\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874736\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-25 06:05:15 +0200 (Mon, 25 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\",\n \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\",\n \"CVE-2018-2759\", \"CVE-2018-2777\", \"CVE-2018-2810\", \"CVE-2018-2773\",\n \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-86026275ea\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-86026275ea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQLBOVRZ6QN7XPU3LT27MYCHZPFRRQ2R\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.15~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:02", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26.", "cvss3": {}, "published": "2017-08-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3955-1 (mariadb-10.1 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703955", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3955.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3955-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703955\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3955-1 (mariadb-10.1 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-26 00:00:00 +0200 (Sat, 26 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3955.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"mariadb-10.1 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed\nin version 10.1.26-0+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbclient-dev\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient-dev-compat\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbclient18\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmariadbd18\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-connect\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-cracklib-password-check\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-client\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-server\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-mroonga\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-oqgraph\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-spider\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-plugin-tokudb\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.1\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-data\", ver:\"10.1.26-0+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:15", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.35.", "cvss3": {}, "published": "2018-07-10T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mariadb-10.0 (DLA-1407-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2018-2784", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2612", "CVE-2018-2787", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2782", "CVE-2018-2640", "CVE-2018-2781", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-2665", "CVE-2018-2622"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891407", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891407\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2018-2562\", \"CVE-2018-2612\", \"CVE-2018-2622\",\n \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\",\n \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_name(\"Debian LTS: Security Advisory for mariadb-10.0 (DLA-1407-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 00:00:00 +0200 (Tue, 10 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n10.0.35-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.35.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.35-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-d955395c08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2017-3265", "CVE-2018-2784", "CVE-2018-2771", "CVE-2017-3313", "CVE-2018-2766", "CVE-2017-3456", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2017-3309", "CVE-2018-2773", "CVE-2017-3308", "CVE-2018-2781", "CVE-2018-2813", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874594", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d955395c08_mariadb_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-d955395c08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874594\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:50:35 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\",\n \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2017-3265\",\n \"CVE-2017-3313\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\",\n \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2018-2773\", \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-d955395c08\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d955395c08\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.1.33~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-01T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-77e610115a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-3060", "CVE-2018-2781", "CVE-2018-3058", "CVE-2018-2813", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875017", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_77e610115a_mariadb_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-77e610115a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875017\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-01 07:34:32 +0200 (Sat, 01 Sep 2018)\");\n script_cve_id(\"CVE-2018-3060\", \"CVE-2018-3064\", \"CVE-2018-3063\", \"CVE-2018-3058\",\n \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-2767\", \"CVE-2018-2755\",\n \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\",\n \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\",\n \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\", \"CVE-2018-2759\",\n \"CVE-2018-2777\", \"CVE-2018-2810\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-77e610115a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-77e610115a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQGHKAL7T56PH5I3O7WENFVBDAK3OF75\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.17~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-01T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-d1c4a4ca50", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-3060", "CVE-2018-2781", "CVE-2018-3058", "CVE-2018-2813", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d1c4a4ca50_mariadb_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-d1c4a4ca50\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875022\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-01 07:37:55 +0200 (Sat, 01 Sep 2018)\");\n script_cve_id(\"CVE-2018-3060\", \"CVE-2018-3064\", \"CVE-2018-3063\", \"CVE-2018-3058\",\n \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-2767\", \"CVE-2018-2755\",\n \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\",\n \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\",\n \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\", \"CVE-2018-2759\",\n \"CVE-2018-2777\", \"CVE-2018-2810\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-d1c4a4ca50\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d1c4a4ca50\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3K5MO2XOTPVOYYKB6KVUBG4GOQRLMTWL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.17~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-16T00:00:00", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2018-00e90783d2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874489", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_00e90783d2_community-mysql_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for community-mysql FEDORA-2018-00e90783d2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874489\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 05:57:41 +0200 (Wed, 16 May 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\",\n \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\",\n \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\",\n \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\",\n \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\",\n \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\",\n \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\",\n \"CVE-2018-2846\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2018-00e90783d2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-00e90783d2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUNYFR3FFTGAFCUH54EWRGMHNCVBEUM2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.22~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-3629-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3629_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for mysql-5.7 USN-3629-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843513\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 08:38:24 +0200 (Wed, 25 Apr 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\",\n \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\",\n \"CVE-2018-2773\", \"CVE-2018-2779\", \"CVE-2018-2786\", \"CVE-2018-2816\",\n \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\",\n \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\",\n \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\",\n \"CVE-2018-2846\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3629-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n MySQL and this update includes new upstream MySQL versions to fix these issues.\n MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and\n Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes,\n the updated packages contain bug fixes, new features, and possibly incompatible\n changes. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3629-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3629-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.60-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.22-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-3629-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843517", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3629_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for mysql-5.7 USN-3629-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843517\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-08 09:25:32 +0200 (Tue, 08 May 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\",\n \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\",\n \"CVE-2018-2773\", \"CVE-2018-2779\", \"CVE-2018-2786\", \"CVE-2018-2816\",\n \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\",\n \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\",\n \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\",\n \"CVE-2018-2846\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3629-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3629-1 fixed vulnerabilities in MySQL. This update provides the\ncorresponding updates for Ubuntu 18.04 LTS.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues.\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and\nUbuntu 17.10 have been updated to MySQL 5.7.22.\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3629-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3629-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.22-0ubuntu18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-07-19T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (jul2017-3236622) 02 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310811433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811433", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_jul2017-3236622_02_lin.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle Mysql Security Updates (jul2017-3236622) 02 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811433\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2017-3652\", \"CVE-2017-3635\",\n\t\t\"CVE-2017-3648\", \"CVE-2017-3641\");\n script_bugtraq_id(99802, 99810, 99805, 99730, 99789, 99767);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 11:04:26 +0530 (Wed, 19 Jul 2017)\");\n script_name(\"Oracle Mysql Security Updates (jul2017-3236622) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A flaw in the Client mysqldump component.\n\n - A flaw in the Server: DDL component.\n\n - A flaw in the C API component.\n\n - A flaw in the Connector/C component.\n\n - A flaw in the Server: Charsets component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have an impact on confidentiality, integrity and\n availablility.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.56 and earlier,\n 5.6.36 and earlier, 5.7.18 and earlier, on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5.0\", test_version2:\"5.5.56\") ||\n version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.36\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.18\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:31", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-07-19T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (jul2017-3236622) 02 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310811432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_jul2017-3236622_02_win.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle Mysql Security Updates (jul2017-3236622) 02 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811432\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2017-3652\", \"CVE-2017-3635\",\n\t\t\"CVE-2017-3648\", \"CVE-2017-3641\");\n script_bugtraq_id(99802, 99810, 99805, 99730, 99789, 99767);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 11:04:26 +0530 (Wed, 19 Jul 2017)\");\n script_name(\"Oracle Mysql Security Updates (jul2017-3236622) 02 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A flaw in the Client mysqldump component.\n\n - A flaw in the Server: DDL component.\n\n - A flaw in the C API component.\n\n - A flaw in the Connector/C component.\n\n - A flaw in the Server: Charsets component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have an impact on confidentiality, integrity and\n availablility.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.56 and earlier,\n 5.6.36 and earlier, 5.7.18 and earlier, on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5.0\", test_version2:\"5.5.56\") ||\n version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.36\") ||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.18\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-07-04T18:56:38", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.37. Please see the MariaDB 10.1 Release Notes for further\ndetails.", "cvss3": {}, "published": "2018-11-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4341-1 (mariadb-10.1 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-3174", "CVE-2018-2755", "CVE-2018-3282", "CVE-2018-2819", "CVE-2018-2562", "CVE-2018-2784", "CVE-2017-15365", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2612", "CVE-2018-3156", "CVE-2018-2787", "CVE-2018-3251", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2782", "CVE-2018-2640", "CVE-2018-2781", "CVE-2018-3058", "CVE-2018-2813", "CVE-2018-3143", "CVE-2017-10268", "CVE-2018-3081", "CVE-2018-2665", "CVE-2018-3063", "CVE-2018-2622", "CVE-2018-3064", "CVE-2018-3066"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704341", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4341-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704341\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-15365\", \"CVE-2018-2562\", \"CVE-2018-2612\",\n \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\",\n \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\",\n \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\",\n \"CVE-2018-2819\", \"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3064\", \"CVE-2018-3066\",\n \"CVE-2018-3081\", \"CVE-2018-3143\", \"CVE-2018-3156\", \"CVE-2018-3174\", \"CVE-2018-3251\",\n \"CVE-2018-3282\");\n script_name(\"Debian Security Advisory DSA 4341-1 (mariadb-10.1 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-19 00:00:00 +0100 (Mon, 19 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4341.html\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10130-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10131-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10132-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10133-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10134-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10135-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10136-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10137-release-notes/\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"mariadb-10.1 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 10.1.37-0+deb9u1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/mariadb-10.1\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.37. Please see the MariaDB 10.1 Release Notes for further\ndetails.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbclient-dev\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbclient-dev-compat\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbclient18\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbd18\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-10.1\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-core-10.1\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-connect\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-cracklib-password-check\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-client\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-server\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-mroonga\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-oqgraph\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-spider\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-tokudb\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-10.1\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-core-10.1\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-test-data\", ver:\"10.1.37-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-20T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-55b875c1ac", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-3174", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-3282", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-3173", "CVE-2018-3156", "CVE-2018-2787", "CVE-2018-3251", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-3284", "CVE-2018-3162", "CVE-2018-3060", "CVE-2018-2781", "CVE-2018-3058", "CVE-2018-2813", "CVE-2018-3143", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3185", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3200", "CVE-2018-3064", "CVE-2018-3066"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_55b875c1ac_mariadb_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-55b875c1ac\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875283\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3282\", \"CVE-2016-9843\", \"CVE-2018-3174\", \"CVE-2018-3143\", \"CVE-2018-3156\", \"CVE-2018-3251\", \"CVE-2018-3185\", \"CVE-2018-3277\", \"CVE-2018-3162\", \"CVE-2018-3173\", \"CVE-2018-3200\", \"CVE-2018-3284\", \"CVE-2018-3060\", \"CVE-2018-3064\", \"CVE-2018-3063\", \"CVE-2018-3058\", \"CVE-2018-3066\", \"CVE-2018-2767\", \"CVE-2018-3081\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\", \"CVE-2018-2759\", \"CVE-2018-2777\", \"CVE-2018-2810\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-20 06:28:02 +0100 (Tue, 20 Nov 2018)\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-55b875c1ac\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-55b875c1ac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDT4NSDZMVSDGHXB3HBJ4P34U4QICZ7H\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the FEDORA-2018-55b875c1ac advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"mariadb on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.19~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-192148f4ff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-3174", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-3282", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-3173", "CVE-2018-3156", "CVE-2018-2787", "CVE-2018-3251", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-3284", "CVE-2018-3162", "CVE-2018-3060", "CVE-2018-2781", "CVE-2018-3058", "CVE-2018-2813", "CVE-2018-3143", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3185", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3200", "CVE-2018-3064", "CVE-2018-3066"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875288", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875288", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_192148f4ff_mariadb_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-192148f4ff\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875288\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3282\", \"CVE-2016-9843\", \"CVE-2018-3174\", \"CVE-2018-3143\",\n \"CVE-2018-3156\", \"CVE-2018-3251\", \"CVE-2018-3185\", \"CVE-2018-3277\", \"CVE-2018-3162\",\n \"CVE-2018-3173\", \"CVE-2018-3200\", \"CVE-2018-3284\", \"CVE-2018-3060\", \"CVE-2018-3064\",\n \"CVE-2018-3063\", \"CVE-2018-3058\", \"CVE-2018-3066\", \"CVE-2018-2767\", \"CVE-2018-3081\",\n \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\",\n \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\",\n \"CVE-2018-2819\", \"CVE-2018-2786\", \"CVE-2018-2759\", \"CVE-2018-2777\",\n \"CVE-2018-2810\");\n script_bugtraq_id(106054);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 12:40:37 +0530 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-192148f4ff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-192148f4ff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA7N3SMG43EHYFMZCVRJ6KVKUKK2VFUJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the FEDORA-2018-192148f4ff advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"mariadb on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.19~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:22:31", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "cvss3": {}, "published": "2017-07-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703922", "href": "http://plugins.openvas.org/nasl.php?oid=703922", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3922.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3922-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703922);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-28 00:00:00 +0200 (Fri, 28 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3922.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.htmlhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.57-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:34:14", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.", "cvss3": {}, "published": "2017-07-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703922", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3922.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3922-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703922\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3648\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-28 00:00:00 +0200 (Fri, 28 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3922.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.57-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-22T12:55:34", "description": "Package : mysql-5.5\nVersion : 5.5.60-0+deb7u1\nCVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773\n CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818\n CVE-2018-2819\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.60-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-04-19T17:29:05", "type": "debian", "title": "[SECURITY] [DLA 1355-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2018-04-19T17:29:05", "id": "DEBIAN:DLA-1355-1:AB526", "href": "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-20T21:42:16", "description": "Package : mysql-5.5\nVersion : 5.5.60-0+deb7u1\nCVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773\n CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818\n CVE-2018-2819\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.60-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-19T17:29:05", "type": "debian", "title": "[SECURITY] [DLA 1355-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2018-04-19T17:29:05", "id": "DEBIAN:DLA-1355-1:BC9FB", "href": "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T19:04:02", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4176-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 20, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773\n CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818\n CVE-2018-2819\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.60-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFor the detailed security status of mysql-5.5 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/mysql-5.5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-04-20T08:34:15", "type": "debian", "title": "[SECURITY] [DSA 4176-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2018-04-20T08:34:15", "id": "DEBIAN:DSA-4176-1:326A5", "href": "https://lists.debian.org/debian-security-announce/2018/msg00103.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-04T15:29:22", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4176-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 20, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773\n CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818\n CVE-2018-2819\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.60-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFor the detailed security status of mysql-5.5 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/mysql-5.5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-20T08:34:15", "type": "debian", "title": "[SECURITY] [DSA 4176-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2018-04-20T08:34:15", "id": "DEBIAN:DSA-4176-1:98D3A", "href": "https://lists.debian.org/debian-security-announce/2018/msg00103.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T21:56:30", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3955-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 26, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.1\nCVE ID : CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.26-0+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2017-08-26T14:01:33", "type": "debian", "title": "[SECURITY] [DSA 3955-1] mariadb-10.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2017-08-26T14:01:33", "id": "DEBIAN:DSA-3955-1:3203D", "href": "https://lists.debian.org/debian-security-announce/2017/msg00217.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T16:00:07", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3955-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 26, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.1\nCVE ID : CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.26-0+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2017-08-26T14:01:33", "type": "debian", "title": "[SECURITY] [DSA 3955-1] mariadb-10.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2017-08-26T14:01:33", "id": "DEBIAN:DSA-3955-1:FFC41", "href": "https://lists.debian.org/debian-security-announce/2017/msg00217.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-20T21:39:29", "description": "Package : mariadb-10.0\nVersion : 10.0.35-0+deb8u1\nCVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2018-2562 CVE-2018-2612\n CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668\n CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771\n CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787\n CVE-2018-2813 CVE-2018-2817 CVE-2018-2819\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.35. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10033-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10034-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10035-release-notes/\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n10.0.35-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-29T08:42:02", "type": "debian", "title": "[SECURITY] [DLA 1407-1] mariadb-10.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2018-2562", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2018-06-29T08:42:02", "id": "DEBIAN:DLA-1407-1:D0175", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2021-10-22T13:48:37", "description": "Package : mariadb-10.0\nVersion : 10.0.35-0+deb8u1\nCVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2018-2562 CVE-2018-2612\n CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668\n CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771\n CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787\n CVE-2018-2813 CVE-2018-2817 CVE-2018-2819\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.35. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10033-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10034-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10035-release-notes/\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n10.0.35-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-06-29T08:42:02", "type": "debian", "title": "[SECURITY] [DLA 1407-1] mariadb-10.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2018-2562", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2018-06-29T08:42:02", "id": "DEBIAN:DLA-1407-1:AB7AD", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2021-10-21T18:27:12", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4341-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 19, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.1\nCVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-15365 CVE-2018-2562 \n CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 \n CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 \n CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 \n CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 \n CVE-2018-2819 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 \n CVE-2018-3066 CVE-2018-3081 CVE-2018-3143 CVE-2018-3156 \n CVE-2018-3174 CVE-2018-3251 CVE-2018-3282\nDebian Bug : 885345 898444 898445 912848\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.37. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10130-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10131-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10132-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10133-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10134-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10135-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10136-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10137-release-notes/\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.37-0+deb9u1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\nFor the detailed security status of mariadb-10.1 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/mariadb-10.1\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-19T21:44:57", "type": "debian", "title": "[SECURITY] [DSA 4341-1] mariadb-10.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-15365", "CVE-2018-2562", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3058", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3081", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3174", "CVE-2018-3251", "CVE-2018-3282"], "modified": "2018-11-19T21:44:57", "id": "DEBIAN:DSA-4341-1:8E7AD", "href": "https://lists.debian.org/debian-security-announce/2018/msg00273.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2023-05-04T15:25:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4341-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 19, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.1\nCVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-15365 CVE-2018-2562 \n CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 \n CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 \n CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 \n CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 \n CVE-2018-2819 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 \n CVE-2018-3066 CVE-2018-3081 CVE-2018-3143 CVE-2018-3156 \n CVE-2018-3174 CVE-2018-3251 CVE-2018-3282\nDebian Bug : 885345 898444 898445 912848\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.37. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10130-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10131-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10132-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10133-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10134-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10135-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10136-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10137-release-notes/\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.37-0+deb9u1.\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\nFor the detailed security status of mariadb-10.1 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/mariadb-10.1\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-19T21:44:57", "type": "debian", "title": "[SECURITY] [DSA 4341-1] mariadb-10.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-15365", "CVE-2018-2562", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3058", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3081", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3174", "CVE-2018-3251", "CVE-2018-3282"], "modified": "2018-11-19T21:44:57", "id": "DEBIAN:DSA-4341-1:A9461", "href": "https://lists.debian.org/debian-security-announce/2018/msg00273.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2023-05-02T16:01:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3922-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 28, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\n http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-28T20:26:58", "type": "debian", "title": "[SECURITY] [DSA 3922-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "modified": "2017-07-28T20:26:58", "id": "DEBIAN:DSA-3922-1:71332", "href": "https://lists.debian.org/debian-security-announce/2017/msg00184.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-10-21T21:58:07", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3922-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 28, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\n http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-28T20:26:58", "type": "debian", "title": "[SECURITY] [DSA 3922-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "modified": "2017-07-28T20:26:58", "id": "DEBIAN:DSA-3922-1:CA63B", "href": "https://lists.debian.org/debian-security-announce/2017/msg00184.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-11-30T15:51:50", "description": "Package : mysql-5.5\nVersion : 5.5.57-0+deb7u1\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648.\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\n http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-28T21:41:39", "type": "debian", "title": "[SECURITY] [DLA 1043-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "modified": "2017-07-28T21:41:39", "id": "DEBIAN:DLA-1043-1:9386A", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00037.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-10-23T21:27:58", "description": "Package : mysql-5.5\nVersion : 5.5.57-0+deb7u1\nCVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648.\n CVE-2017-3651 CVE-2017-3652 CVE-2017-3653\nDebian Bug : 868788\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\n http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.57-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-28T21:41:39", "type": "debian", "title": "[SECURITY] [DLA 1043-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "modified": "2017-07-28T21:41:39", "id": "DEBIAN:DLA-1043-1:42E7A", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00037.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "osv": [{"lastseen": "2022-08-10T07:13:44", "description": "\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n\n\n\n \n\n\n\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.60-0+deb8u1.\n\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\n\nFor the detailed security status of mysql-5.5 please refer to \nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/mysql-5.5](https://security-tracker.debian.org/tracker/mysql-5.5)\n\n\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2018-04-20T00:00:00", "type": "osv", "title": "mysql-5.5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2022-08-10T07:13:39", "id": "OSV:DSA-4176-1", "href": "https://osv.dev/vulnerability/DSA-4176-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:19:32", "description": "\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n\n* \n* <http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html>\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n5.5.60-0+deb7u1.\n\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2018-04-19T00:00:00", "type": "osv", "title": "mysql-5.5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2022-07-21T05:52:06", "id": "OSV:DLA-1355-1", "href": "https://osv.dev/vulnerability/DLA-1355-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T07:12:26", "description": "\nSeveral issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n\n* <https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/>\n\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 10.1.26-0+deb9u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.\n\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.4}, "published": "2017-08-26T00:00:00", "type": "osv", "title": "mariadb-10.1 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3641", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2022-08-10T07:12:20", "id": "OSV:DSA-3955-1", "href": "https://osv.dev/vulnerability/DSA-3955-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:14", "description": "\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.35. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n\n* \n* <https://mariadb.com/kb/en/mariadb/mariadb-10034-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10035-release-notes/>\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n10.0.35-0+deb8u1.\n\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2018-06-29T00:00:00", "type": "osv", "title": "mariadb-10.0 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2562", "CVE-2018-2784", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2612", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2782", "CVE-2018-2640", "CVE-2018-2781", "CVE-2018-2813", "CVE-2017-10268", "CVE-2018-3081", "CVE-2018-2665", "CVE-2018-2622"], "modified": "2022-08-05T05:18:12", "id": "OSV:DLA-1407-1", "href": "https://osv.dev/vulnerability/DLA-1407-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2022-11-29T06:48:09", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "cvss3": {}, "published": "2018-04-19T02:29:00", "type": "osv", "title": "CVE-2018-2771", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-2771"], "modified": "2022-11-29T06:48:06", "id": "OSV:CVE-2018-2771", "href": "https://osv.dev/vulnerability/CVE-2018-2771", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-28T21:31:08", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "cvss3": {}, "published": "2017-08-08T15:29:00", "type": "osv", "title": "CVE-2017-3641", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-3641"], "modified": "2022-10-28T21:31:06", "id": "OSV:CVE-2017-3641", "href": "https://osv.dev/vulnerability/CVE-2017-3641", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:14:10", "description": "\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.37. Please see the MariaDB 10.1 Release Notes for further\ndetails:\n\n\n* <https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10130-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10131-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10132-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10133-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10134-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10135-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10136-release-notes/>\n* <https://mariadb.com/kb/en/mariadb/mariadb-10137-release-notes/>\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.1.37-0+deb9u1.\n\n\nWe recommend that you upgrade your mariadb-10.1 packages.\n\n\nFor the detailed security status of mariadb-10.1 please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/mariadb-10.1](https://security-tracker.debian.org/tracker/mariadb-10.1)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-19T00:00:00", "type": "osv", "title": "mariadb-10.1 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2817", "CVE-2018-3174", "CVE-2018-2755", "CVE-2018-3282", "CVE-2018-2819", "CVE-2018-2562", "CVE-2018-2784", "CVE-2017-15365", "CVE-2017-10378", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2612", "CVE-2018-3156", "CVE-2018-2787", "CVE-2018-3251", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2668", "CVE-2018-2782", "CVE-2018-2640", "CVE-2018-2781", "CVE-2018-3058", "CVE-2018-2813", "CVE-2018-3143", "CVE-2017-10268", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-2665", "CVE-2018-3063", "CVE-2018-2622", "CVE-2018-3064", "CVE-2018-3066"], "modified": "2022-08-10T07:14:06", "id": "OSV:DSA-4341-1", "href": "https://osv.dev/vulnerability/DSA-4341-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2022-07-21T08:20:29", "description": "\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n\n* \n* <https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html>\n* <http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html>\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n5.5.57-0+deb7u1.\n\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-28T00:00:00", "type": "osv", "title": "mysql-5.5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2022-07-21T05:51:44", "id": "OSV:DLA-1043-1", "href": "https://osv.dev/vulnerability/DLA-1043-1", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-08-10T07:06:43", "description": "\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n\n* [\\\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html](https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html)\n* [\\\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html](https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html)\n* [\\\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html](http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html)\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.\n\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-28T00:00:00", "type": "osv", "title": "mysql-5.5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3652", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3641", "CVE-2017-3635", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2022-08-10T07:06:36", "id": "OSV:DSA-3922-1", "href": "https://osv.dev/vulnerability/DSA-3922-1", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-19T14:20:34", "description": "The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_5_60_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/109167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109167);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2771\",\n \"CVE-2018-2773\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2818\",\n \"CVE-2018-2819\"\n );\n script_bugtraq_id(\n 103814,\n 103824,\n 103828,\n 103830\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.60. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64303a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.60 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.60\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:51", "description": "This update fixes the following issues :\n\n - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987).\n\n - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\n\n - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).\n Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server :\n Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).\n\n - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : mysql (SUSE-SU-2018:1333-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysql55client18", "p-cpe:/a:novell:suse_linux:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:novell:suse_linux:mysql-client", "p-cpe:/a:novell:suse_linux:mysql-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1333-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1333-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109938);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n\n script_name(english:\"SUSE SLES11 Security Update : mysql (SUSE-SU-2018:1333-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987).\n\n - CVE-2018-2761: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Client\n programs). Supported versions that are affected are\n 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2755: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Replication). Supported versions that are affected are\n 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows\n unauthenticated attacker with logon to the\n infrastructure where MySQL Server executes to compromise\n MySQL Server. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in MySQL Server, attacks may\n significantly impact additional products. Successful\n attacks of this vulnerability can result in takeover of\n MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality,\n Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\n\n - CVE-2018-2781: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Optimizer). Supported versions that are affected are\n 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2819: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB).\n Supported versions that are affected are 5.5.59 and\n prior, 5.6.39 and prior and 5.7.21 and prior. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2818: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server :\n Security : Privileges). Supported versions that are\n affected are 5.5.59 and prior, 5.6.39 and prior and\n 5.7.21 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2817: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and\n prior, 5.6.39 and prior and 5.7.21 and prior. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2771: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Locking). Supported versions that are affected are\n 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n - CVE-2018-2813: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Supported versions that are affected are 5.5.59 and\n prior, 5.6.39 and prior and 5.7.21 and prior. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized read access to a subset of\n MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).\n\n - CVE-2018-2773: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Client\n programs). Supported versions that are affected are\n 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\n Difficult to exploit vulnerability allows high\n privileged attacker with logon to the infrastructure\n where MySQL Server executes to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 4.1 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2755/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2761/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2771/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2773/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2813/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2818/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2819/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181333-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c08472b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mysql-13611=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mysql-13611=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mysql-13611=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.60-0.39.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.60-0.39.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:07", "description": "The version of MariaDB installed on the remote host is prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5-5-60-release-notes advisory.\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2819)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2455)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "MariaDB 5.5.0 < 5.5.60 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2019-2455"], "modified": "2022-11-18T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_5_5_60.NASL", "href": "https://www.tenable.com/plugins/nessus/167891", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167891);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/18\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\",\n \"CVE-2019-2455\"\n );\n\n script_name(english:\"MariaDB 5.5.0 < 5.5.60 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 5.5.60. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-5-5-60-release-notes advisory.\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server\n executes to compromise MySQL Server. Successful attacks require human interaction from a person other than\n the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of MySQL Server accessible data. (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset\n of MySQL Server accessible data. (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2819)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2455)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-5-5-60-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 5.5.60 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2813\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2755\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\");\n script_require_keys(\"installed_sw/MariaDB\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '5.5', 'fixed_version' : '5.5.60' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:00", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nDifficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nEasily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql55 (ALAS-2018-1028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql-config", "p-cpe:/a:amazon:linux:mysql55", "p-cpe:/a:amazon:linux:mysql55-bench", "p-cpe:/a:amazon:linux:mysql55-debuginfo", "p-cpe:/a:amazon:linux:mysql55-devel", "p-cpe:/a:amazon:linux:mysql55-embedded", "p-cpe:/a:amazon:linux:mysql55-embedded-devel", "p-cpe:/a:amazon:linux:mysql55-libs", "p-cpe:/a:amazon:linux:mysql55-server", "p-cpe:/a:amazon:linux:mysql55-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1028.NASL", "href": "https://www.tenable.com/plugins/nessus/110202", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1028.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110202);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n script_xref(name:\"ALAS\", value:\"2018-1028\");\n\n script_name(english:\"Amazon Linux AMI : mysql55 (ALAS-2018-1028)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith logon to the infrastructure where MySQL Server executes to\ncompromise MySQL Server. Successful attacks require human interaction\nfrom a person other than the attacker and while the vulnerability is\nin MySQL Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of\nMySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Locking). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21\nand prior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with logon to\nthe infrastructure where MySQL Server executes to compromise MySQL\nServer. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nEasily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized read access\nto a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1028.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql-config-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-bench-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-debuginfo-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-devel-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-devel-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-libs-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-server-5.5.60-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-test-5.5.60-1.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:53", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :", "cvss3": {}, "published": "2018-04-23T00:00:00", "type": "nessus", "title": "Debian DSA-4176-1 : mysql-5.5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-5.5", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4176.NASL", "href": "https://www.tenable.com/plugins/nessus/109218", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4176. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109218);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n script_xref(name:\"DSA\", value:\"4176\");\n\n script_name(english:\"Debian DSA-4176-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the\nMySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory\nfor further details :\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4176\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 5.5.60-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient18\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-dev\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-pic\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-common\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite\", reference:\"5.5.60-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.60-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:18", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.5.60-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-04-20T00:00:00", "type": "nessus", "title": "Debian DLA-1355-1 : mysql-5.5 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmysqlclient-dev", "p-cpe:/a:debian:debian_linux:libmysqlclient18", "p-cpe:/a:debian:debian_linux:libmysqld-dev", "p-cpe:/a:debian:debian_linux:libmysqld-pic", "p-cpe:/a:debian:debian_linux:mysql-client", "p-cpe:/a:debian:debian_linux:mysql-client-5.5", "p-cpe:/a:debian:debian_linux:mysql-common", "p-cpe:/a:debian:debian_linux:mysql-server", "p-cpe:/a:debian:debian_linux:mysql-server-5.5", "p-cpe:/a:debian:debian_linux:mysql-server-core-5.5", "p-cpe:/a:debian:debian_linux:mysql-source-5.5", "p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1355.NASL", "href": "https://www.tenable.com/plugins/nessus/109187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1355-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109187);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n\n script_name(english:\"Debian DLA-1355-1 : mysql-5.5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the\nMySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory\nfor further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.60-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?611cd505\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-core-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-source-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.60-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.60-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:35", "description": "New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.", "cvss3": {}, "published": "2018-05-11T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 : mariadb (SSA:2018-130-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-130-01.NASL", "href": "https://www.tenable.com/plugins/nessus/109685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-130-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109685);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"SSA\", value:\"2018-130-01\");\n\n script_name(english:\"Slackware 14.1 / 14.2 : mariadb (SSA:2018-130-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1 and 14.2 to fix\nsecurity issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.395402\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e09939e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.60\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.60\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.35\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.35\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:18", "description": "**Update to 10.1.33**\n\n.\n\n**Release notes:**\n\nhttps://mariadb.com/kb/en/library/mariadb-10133-release-notes/\n\n**CVEs fixed:**\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-23T00:00:00", "type": "nessus", "title": "Fedora 26 : 3:mariadb (2018-d955395c08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-D955395C08.NASL", "href": "https://www.tenable.com/plugins/nessus/109973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-d955395c08.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109973);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"FEDORA\", value:\"2018-d955395c08\");\n\n script_name(english:\"Fedora 26 : 3:mariadb (2018-d955395c08)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Update to 10.1.33**\n\n.\n\n**Release notes:**\n\nhttps://mariadb.com/kb/en/library/mariadb-10133-release-notes/\n\n**CVEs fixed:**\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d955395c08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mariadb-10.1.33-1.fc26\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:57", "description": "MariaDB was updated to 10.0.35 (bsc#1090518)\n\nNotable changes :\n\nPCRE updated to 8.42\n\nXtraDB updated to 5.6.39-83.1\n\nTokuDB updated to 5.6.39-83.1\n\nInnoDB updated to 5.6.40\n\nThe embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767]\n\nMDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE\n\nMDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state\n\nMDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index\n\nMDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record\n\nfixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813\n\nRelease notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10035-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10035-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1781-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2022-02-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1781-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1781-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118270);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1781-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"MariaDB was updated to 10.0.35 (bsc#1090518)\n\nNotable changes :\n\nPCRE updated to 8.42\n\nXtraDB updated to 5.6.39-83.1\n\nTokuDB updated to 5.6.39-83.1\n\nInnoDB updated to 5.6.40\n\nThe embedded server library now supports SSL when connecting to remote\nservers [bsc#1088681], [CVE-2018-2767]\n\nMDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE\n\nMDEV-14988 - innodb_read_only tries to modify files if transactions\nwere recovered in COMMITTED state\n\nMDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index\n\nMDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when\naccessing corrupted record\n\nfixes for the following security vulnerabilities: CVE-2018-2782,\nCVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755,\nCVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781,\nCVE-2018-2771, CVE-2018-2813\n\nRelease notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10035-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10035-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090518\"\n );\n # https://kb.askmonty.org/en/mariadb-10035-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10035-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10035-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10035-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2755/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2761/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2771/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2784/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2787/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2813/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2819/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181781-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42cfbef5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-1202=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-tools-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-tools-debuginfo-10.0.35-29.20.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:47", "description": "This update for MariaDB to version 10.0.35 fixes multiple issues:\nSecurity issues fixed :\n\n - CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n - CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n - CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518)\n\n - CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518)\n\n - CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518)\n\n - CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n - CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518)\n\n - CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518)\n\n - CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518)\n\n - CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518)\n\n - CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518)\n\n - CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681)\n\nThe following changes are included :\n\n - XtraDB updated to 5.6.39-83.1\n\n - TokuDB updated to 5.6.39-83.1\n\n - InnoDB updated to 5.6.40\n\n - Fix for Crash in MVCC read after IMPORT TABLESPACE\n\n - Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state\n\n - Fix for DROP TABLE hang on InnoDB table with FULLTEXT index\n\n - Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2018-06-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2018-668)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-668.NASL", "href": "https://www.tenable.com/plugins/nessus/110679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-668.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110679);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2018-668)\");\n script_summary(english:\"Check for the openSUSE-2018-668 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MariaDB to version 10.0.35 fixes multiple issues:\nSecurity issues fixed :\n\n - CVE-2018-2782: Unspecified DoS vulnerability in InnoDB\n (bsc#1090518)\n\n - CVE-2018-2784: Unspecified DoS vulnerability in InnoDB\n (bsc#1090518)\n\n - CVE-2018-2787: Unspecified vulnerability in InnoDB\n allowing writes (bsc#1090518)\n\n - CVE-2018-2766: Unspecified DoS vulnerability InnoDB\n (bsc#1090518)\n\n - CVE-2018-2755: Unspecified vulnerability in Replication\n allowing server compromise (bsc#1090518)\n\n - CVE-2018-2819: Unspecified DoS vulnerability in InnoDB\n (bsc#1090518)\n\n - CVE-2018-2817: Unspecified DoS vulnerability in DDL\n (bsc#1090518)\n\n - CVE-2018-2761: Unspecified DoS vulnerability in Client\n programs (bsc#1090518)\n\n - CVE-2018-2781: Unspecified DoS vulnerability in\n Server/Optimizer (bsc#1090518)\n\n - CVE-2018-2771: Unspecified DoS vulnerability in the\n Server/Locking component (bsc#1090518)\n\n - CVE-2018-2813: Unspecified vulnerability in The DDL\n component allowing unauthorized reads (bsc#1090518)\n\n - CVE-2018-2767: The embedded server library now supports\n SSL when connecting to remote servers (bsc#1088681)\n\nThe following changes are included :\n\n - XtraDB updated to 5.6.39-83.1\n\n - TokuDB updated to 5.6.39-83.1\n\n - InnoDB updated to 5.6.40\n\n - Fix for Crash in MVCC read after IMPORT TABLESPACE\n\n - Fix for innodb_read_only trying to modify files if\n transactions were recovered in COMMITTED state\n\n - Fix for DROP TABLE hang on InnoDB table with FULLTEXT\n index\n\n - Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES\n whenaccessing corrupted record\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090518\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient-devel-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient18-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient18-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient_r18-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld-devel-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld18-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld18-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-bench-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-bench-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-client-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-client-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-debugsource-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-errormessages-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-test-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-test-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-tools-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-tools-debuginfo-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.35-35.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:39", "description": "MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes :\n\n - PCRE updated to 8.42\n\n - XtraDB updated to 5.6.39-83.1\n\n - TokuDB updated to 5.6.39-83.1\n\n - InnoDB updated to 5.6.40\n\n - The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767]\n\n - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE\n\n - MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state\n\n - MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index\n\n - MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record\n\n - fixes for the following security vulnerabilities:\n CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813\n\n - Release notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10035-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10035-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1382-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1382-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1382-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110089);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1382-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes :\n\n - PCRE updated to 8.42\n\n - XtraDB updated to 5.6.39-83.1\n\n - TokuDB updated to 5.6.39-83.1\n\n - InnoDB updated to 5.6.40\n\n - The embedded server library now supports SSL when\n connecting to remote servers [bsc#1088681],\n [CVE-2018-2767]\n\n - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE\n\n - MDEV-14988 - innodb_read_only tries to modify files if\n transactions were recovered in COMMITTED state\n\n - MDEV-14773 - DROP TABLE hangs for InnoDB table with\n FULLTEXT index\n\n - MDEV-15723 - Crash in\n INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing\n corrupted record\n\n - fixes for the following security vulnerabilities:\n CVE-2018-2782, CVE-2018-2784, CVE-2018-2787,\n CVE-2018-2766, CVE-2018-2755, CVE-2018-2819,\n CVE-2018-2817, CVE-2018-2761, CVE-2018-2781,\n CVE-2018-2771, CVE-2018-2813\n\n - Release notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10035-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10035-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090518\"\n );\n # https://kb.askmonty.org/en/mariadb-10035-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10035-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10035-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10035-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2755/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2761/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2771/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2784/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2787/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2813/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2819/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181382-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36a87777\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-966=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.35-20.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.35-20.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:56", "description": "MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes :\n\n - PCRE updated to 8.42\n\n - XtraDB updated to 5.6.39-83.1\n\n - TokuDB updated to 5.6.39-83.1\n\n - InnoDB updated to 5.6.40\n\n - The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767]\n\n - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE\n\n - MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state\n\n - MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index\n\n - MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record\n\n - fixes for the following security vulnerabilities:\n CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813\n\n - Release notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10035-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10035-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-25T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:1781-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1781-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1781-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110682);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:1781-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes :\n\n - PCRE updated to 8.42\n\n - XtraDB updated to 5.6.39-83.1\n\n - TokuDB updated to 5.6.39-83.1\n\n - InnoDB updated to 5.6.40\n\n - The embedded server library now supports SSL when\n connecting to remote servers [bsc#1088681],\n [CVE-2018-2767]\n\n - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE\n\n - MDEV-14988 - innodb_read_only tries to modify files if\n transactions were recovered in COMMITTED state\n\n - MDEV-14773 - DROP TABLE hangs for InnoDB table with\n FULLTEXT index\n\n - MDEV-15723 - Crash in\n INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing\n corrupted record\n\n - fixes for the following security vulnerabilities:\n CVE-2018-2782, CVE-2018-2784, CVE-2018-2787,\n CVE-2018-2766, CVE-2018-2755, CVE-2018-2819,\n CVE-2018-2817, CVE-2018-2761, CVE-2018-2781,\n CVE-2018-2771, CVE-2018-2813\n\n - Release notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10035-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10035-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090518\"\n );\n # https://kb.askmonty.org/en/mariadb-10035-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10035-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10035-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10035-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2755/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2761/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2771/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2784/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2787/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2813/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2819/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181781-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe06564a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-1202=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1202=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1202=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1202=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1202=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1202=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1202=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1202=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-1202=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient-devel-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient_r18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld-devel-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld18-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-client-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-client-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-debugsource-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-errormessages-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-tools-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-tools-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-client-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-client-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-debugsource-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-errormessages-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-tools-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-tools-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.35-29.20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.35-29.20.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:00", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-2787)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2758)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nDifficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2784)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2766)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2782)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nEasily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql56 (ALAS-2018-1027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-server", "p-cpe:/a:amazon:linux:mysql56-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1027.NASL", "href": "https://www.tenable.com/plugins/nessus/110201", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1027.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110201);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n script_xref(name:\"ALAS\", value:\"2018-1027\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2018-1027)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows high privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server as well\nas unauthorized update, insert or delete access to some of MySQL\nServer accessible data. CVSS 3.0 Base Score 5.5 (Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-2787)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2758)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith logon to the infrastructure where MySQL Server executes to\ncompromise MySQL Server. Successful attacks require human interaction\nfrom a person other than the attacker and while the vulnerability is\nin MySQL Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of\nMySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2784)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows high privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2766)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Locking). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21\nand prior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with logon to\nthe infrastructure where MySQL Server executes to compromise MySQL\nServer. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2782)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nEasily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized read access\nto a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.40-1.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.40-1.29.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:37", "description": "**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build in a unsupported way - without jemalloc. it will remain this way, until TokuDB is fixed to be able to build and run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-25T00:00:00", "type": "nessus", "title": "Fedora 27 : 3:mariadb (2018-86026275ea)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-86026275EA.NASL", "href": "https://www.tenable.com/plugins/nessus/110668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-86026275ea.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110668);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"FEDORA\", value:\"2018-86026275ea\");\n\n script_name(english:\"Fedora 27 : 3:mariadb (2018-86026275ea)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the\n daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build\n in a unsupported way - without jemalloc. it will remain\n this way, until TokuDB is fixed to be able to build and\n run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-86026275ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mariadb-10.2.15-2.fc27\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:35", "description": "This update for mysql-community-server to version 5.6.40 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-2755: Unspecified vulnerability in the Replication component\n\n - CVE-2018-2819: Unspecified vulnerability in the InnoDB component\n\n - CVE-2018-2817: Unspecified vulnerability in the Server DDL component\n\n - CVE-2018-2761: Unspecified vulnerability in the client programs\n\n - CVE-2018-2818: Unspecified vulnerability in the Server Security Privileges component\n\n - CVE-2018-2781: Unspecified vulnerability in the Server Optimizer component\n\n - CVE-2018-2771: Unspecified vulnerability in the Server locking component\n\n - CVE-2018-2813: Unspecified vulnerability in the Server DDL component\n\n - CVE-2018-2773: Unspecified vulnerability in the client programs\n\n - CVE-2018-2758: Unspecified vulnerability in the Server Security Privileges component\n\n - CVE-2018-2805: Unspecified vulnerability in the GIS Extension\n\n - CVE-2018-2782: Unspecified vulnerability in the InnoDB component\n\n - CVE-2018-2784: Unspecified vulnerability in the InnoDB component\n\n - CVE-2018-2787: Unspecified vulnerability in the InnoDB component\n\n - CVE-2018-2766: Unspecified vulnerability in the InnoDB component\n\nThis update also contains all upstream fixes and improvement in the 5.6.40 release:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html", "cvss3": {}, "published": "2018-04-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mysql-community-server (openSUSE-2018-405)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2805", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysql56client18", "p-cpe:/a:novell:opensuse:libmysql56client18-32bit", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysql56client_r18", "p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit", "p-cpe:/a:novell:opensuse:mysql-community-server", "p-cpe:/a:novell:opensuse:mysql-community-server-bench", "p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-client", "p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debugsource", "p-cpe:/a:novell:opensuse:mysql-community-server-errormessages", "p-cpe:/a:novell:opensuse:mysql-community-server-test", "p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-tools", "p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-405.NASL", "href": "https://www.tenable.com/plugins/nessus/109424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-405.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109424);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2805\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n\n script_name(english:\"openSUSE Security Update : mysql-community-server (openSUSE-2018-405)\");\n script_summary(english:\"Check for the openSUSE-2018-405 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mysql-community-server to version 5.6.40 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\n - CVE-2018-2755: Unspecified vulnerability in the\n Replication component\n\n - CVE-2018-2819: Unspecified vulnerability in the InnoDB\n component\n\n - CVE-2018-2817: Unspecified vulnerability in the Server\n DDL component\n\n - CVE-2018-2761: Unspecified vulnerability in the client\n programs\n\n - CVE-2018-2818: Unspecified vulnerability in the Server\n Security Privileges component\n\n - CVE-2018-2781: Unspecified vulnerability in the Server\n Optimizer component\n\n - CVE-2018-2771: Unspecified vulnerability in the Server\n locking component\n\n - CVE-2018-2813: Unspecified vulnerability in the Server\n DDL component\n\n - CVE-2018-2773: Unspecified vulnerability in the client\n programs\n\n - CVE-2018-2758: Unspecified vulnerability in the Server\n Security Privileges component\n\n - CVE-2018-2805: Unspecified vulnerability in the GIS\n Extension\n\n - CVE-2018-2782: Unspecified vulnerability in the InnoDB\n component\n\n - CVE-2018-2784: Unspecified vulnerability in the InnoDB\n component\n\n - CVE-2018-2787: Unspecified vulnerability in the InnoDB\n component\n\n - CVE-2018-2766: Unspecified vulnerability in the InnoDB\n component\n\nThis update also contains all upstream fixes and improvement in the\n5.6.40 release:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089987\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-community-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysql56client18-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysql56client18-debuginfo-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysql56client_r18-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-bench-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-bench-debuginfo-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-client-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-client-debuginfo-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-debuginfo-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-debugsource-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-errormessages-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-test-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-test-debuginfo-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-tools-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mysql-community-server-tools-debuginfo-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.40-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.40-36.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysql56client18-32bit / libmysql56client18 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:03", "description": "The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2805", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2021-05-21T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_5_60.NASL", "href": "https://www.tenable.com/plugins/nessus/109166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109166);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/21\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2758\",\n \"CVE-2018-2761\",\n \"CVE-2018-2766\",\n \"CVE-2018-2771\",\n \"CVE-2018-2773\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2787\",\n \"CVE-2018-2805\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2818\",\n \"CVE-2018-2819\"\n );\n script_bugtraq_id(\n 103778,\n 103802,\n 103804,\n 103814,\n 103824,\n 103828,\n 103830\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.60. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64303a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.60 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\n \"mysql_version.nasl\", \n \"mysql_login.nasl\", \n \"mysql_version_local.nasl\", \n \"mysql_win_installed.nbin\", \n \"macosx_mysql_installed.nbin\"\n );\n script_require_keys(\"installed_sw/MySQL Server\");\n\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '5.5.0', 'fixed_version' : '5.5.60'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:04", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2805", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2021-05-21T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_40.NASL", "href": "https://www.tenable.com/plugins/nessus/109168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109168);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/21\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2758\",\n \"CVE-2018-2761\",\n \"CVE-2018-2766\",\n \"CVE-2018-2771\",\n \"CVE-2018-2773\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2787\",\n \"CVE-2018-2805\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2818\",\n \"CVE-2018-2819\"\n );\n script_bugtraq_id(\n 103778,\n 103802,\n 103804,\n 103814,\n 103824,\n 103828,\n 103830\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.40. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64303a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.40 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\n \"mysql_version.nasl\", \n \"mysql_login.nasl\", \n \"mysql_version_local.nasl\", \n \"mysql_win_installed.nbin\", \n \"macosx_mysql_installed.nbin\"\n );\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '5.6.0', 'fixed_version' : '5.6.40'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:31", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2805", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_6_40_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/109169", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109169);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2758\",\n \"CVE-2018-2761\",\n \"CVE-2018-2766\",\n \"CVE-2018-2771\",\n \"CVE-2018-2773\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2787\",\n \"CVE-2018-2805\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2818\",\n \"CVE-2018-2819\"\n );\n script_bugtraq_id(\n 103778,\n 103802,\n 103804,\n 103814,\n 103824,\n 103828,\n 103830\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.40. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64303a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.40 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.40\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:13", "description": "**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build in a unsupported way - without jemalloc. it will remain this way, until TokuDB is fixed to be able to build and run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : 3:mariadb (2018-2513b888a4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-2513B888A4.NASL", "href": "https://www.tenable.com/plugins/nessus/120297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2513b888a4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120297);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"FEDORA\", value:\"2018-2513b888a4\");\n\n script_name(english:\"Fedora 28 : 3:mariadb (2018-2513b888a4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the\n daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build\n in a unsupported way - without jemalloc. it will remain\n this way, until TokuDB is fixed to be able to build and\n run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2513b888a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mariadb-10.2.15-2.fc28\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:16:07", "description": "According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1346.NASL", "href": "https://www.tenable.com/plugins/nessus/118434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118434);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3651\",\n \"CVE-2017-3653\",\n \"CVE-2017-10268\",\n \"CVE-2017-10378\",\n \"CVE-2017-10379\",\n \"CVE-2017-10384\",\n \"CVE-2018-2622\",\n \"CVE-2018-2640\",\n \"CVE-2018-2665\",\n \"CVE-2018-2668\",\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct\n 2017) (CVE-2017-10384)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan\n 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return\n of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1346\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?58b5058d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.60-1.h1\",\n \"mariadb-libs-5.5.60-1.h1\",\n \"mariadb-server-5.5.60-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:40", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2022-03-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "p-cpe:/a:huawei:euleros:mariadb-test", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1302.NASL", "href": "https://www.tenable.com/plugins/nessus/117745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117745);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/03\");\n\n script_cve_id(\n \"CVE-2017-3641\",\n \"CVE-2017-3653\",\n \"CVE-2017-10268\",\n \"CVE-2017-10378\",\n \"CVE-2017-10379\",\n \"CVE-2017-10384\",\n \"CVE-2018-2562\",\n \"CVE-2018-2622\",\n \"CVE-2018-2640\",\n \"CVE-2018-2665\",\n \"CVE-2018-2668\",\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3641)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct\n 2017) (CVE-2017-10384)\n\n - mysql: Server: Partition unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2562)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan\n 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return\n of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1302\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd6b877e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2562\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.60-1\",\n \"mariadb-bench-5.5.60-1\",\n \"mariadb-devel-5.5.60-1\",\n \"mariadb-libs-5.5.60-1\",\n \"mariadb-server-5.5.60-1\",\n \"mariadb-test-5.5.60-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:57", "description": "The following packages have been upgraded to a later upstream version:\nmariadb (5.5.60).\n\nSecurity Fix(es) :\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nBug Fix(es) :\n\n - Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time.\n With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:mariadb", "p-cpe:/a:fermilab:scientific_linux:mariadb-bench", "p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo", "p-cpe:/a:fermilab:scientific_linux:mariadb-devel", "p-cpe:/a:fermilab:scientific_linux:mariadb-embedded", "p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel", "p-cpe:/a:fermilab:scientific_linux:mariadb-libs", "p-cpe:/a:fermilab:scientific_linux:mariadb-server", "p-cpe:/a:fermilab:scientific_linux:mariadb-test", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180816_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/111806", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111806);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a later upstream version:\nmariadb (5.5.60).\n\nSecurity Fix(es) :\n\n - mysql: Client programs unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct\n 2017) (CVE-2017-10384)\n\n - mysql: Server: Partition unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2562)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan\n 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return\n of BACKRONYM) (CVE-2018-2767)\n\nBug Fix(es) :\n\n - Previously, the mysqladmin tool waited for an inadequate\n length of time if the socket it listened on did not\n respond in a specific way. Consequently, when the socket\n was used while the MariaDB server was starting, the\n mariadb service became unresponsive for a long time.\n With this update, the mysqladmin timeout has been\n shortened to 2 seconds. As a result, the mariadb service\n either starts or fails but no longer hangs in the\n described situation.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1808&L=scientific-linux-errata&F=&S=&P=2075\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b3ca8f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.60-1.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:00", "description": "According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1337.NASL", "href": "https://www.tenable.com/plugins/nessus/118425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118425);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3651\",\n \"CVE-2017-3653\",\n \"CVE-2017-10268\",\n \"CVE-2017-10378\",\n \"CVE-2017-10379\",\n \"CVE-2017-10384\",\n \"CVE-2018-2622\",\n \"CVE-2018-2640\",\n \"CVE-2018-2665\",\n \"CVE-2018-2668\",\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct\n 2017) (CVE-2017-10384)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan\n 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return\n of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1337\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1739e7a7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.60-1.h1\",\n \"mariadb-libs-5.5.60-1.h1\",\n \"mariadb-server-5.5.60-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:22", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 )\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 )\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior.\nEasily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)", "cvss3": {}, "published": "2018-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : mariadb (ALAS-2018-1078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mariadb", "p-cpe:/a:amazon:linux:mariadb-bench", "p-cpe:/a:amazon:linux:mariadb-debuginfo", "p-cpe:/a:amazon:linux:mariadb-devel", "p-cpe:/a:amazon:linux:mariadb-embedded", "p-cpe:/a:amazon:linux:mariadb-embedded-devel", "p-cpe:/a:amazon:linux:mariadb-libs", "p-cpe:/a:amazon:linux:mariadb-server", "p-cpe:/a:amazon:linux:mariadb-test", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-1078.NASL", "href": "https://www.tenable.com/plugins/nessus/117592", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1078.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117592);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"ALAS\", value:\"2018-1078\");\n\n script_name(english:\"Amazon Linux 2 : mariadb (ALAS-2018-1078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.57 and earlier. Easily exploitable vulnerability\nallows low privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 )\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.59 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Partition). Supported versions that are\naffected are 5.5.58 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server as well as\nunauthorized update, insert or delete access to some of MySQL Server\naccessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.56 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.59 and prior. Difficult to exploit vulnerability\nallows unauthenticated attacker with logon to the infrastructure where\nMySQL Server executes to compromise MySQL Server. Successful attacks\nrequire human interaction from a person other than the attacker and\nwhile the vulnerability is in MySQL Server, attacks may significantly\nimpact additional products. Successful attacks of this vulnerability\ncan result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7\n(Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.58 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.57 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized access to critical data or complete access to\nall MySQL Server accessible data. CVSS 3.0 Base Score 6.5\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 )\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.57 and earlier. Difficult to exploit vulnerability\nallows high privileged attacker with logon to the infrastructure where\nMySQL Server executes to compromise MySQL Server. Successful attacks\nof this vulnerability can result in unauthorized access to critical\ndata or complete access to all MySQL Server accessible data. CVSS 3.0\nBase Score 4.1 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.56 and earlier. Difficult to exploit vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Locking). Supported versions that are affected\nare 5.5.59 and prior. Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Encryption). Supported versions that\nare affected are 5.5.59 and prior. Difficult to exploit vulnerability\nallows low privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized read access to a subset of\nMySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.57 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.56 and earlier. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.5.59 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.58 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.58 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized read access to a subset of MySQL Server\naccessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts).\nCVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.56 and earlier. Easily exploitable vulnerability allows low\nprivileged attacker with logon to the infrastructure where MySQL\nServer executes to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of MySQL Server accessible data as well as unauthorized\nread access to a subset of MySQL Server accessible data and\nunauthorized ability to cause a partial denial of service (partial\nDOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality,\nIntegrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mariadb' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-bench-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-debuginfo-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-devel-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-embedded-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-embedded-devel-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-libs-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-server-5.5.60-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-test-5.5.60-1.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:40", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2022-03-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "p-cpe:/a:huawei:euleros:mariadb-test", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1303.NASL", "href": "https://www.tenable.com/plugins/nessus/117746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117746);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/03\");\n\n script_cve_id(\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3651\",\n \"CVE-2017-3653\",\n \"CVE-2017-10268\",\n \"CVE-2017-10378\",\n \"CVE-2017-10379\",\n \"CVE-2017-10384\",\n \"CVE-2018-2622\",\n \"CVE-2018-2640\",\n \"CVE-2018-2665\",\n \"CVE-2018-2668\",\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mysql: Client programs unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3636)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3641)\n\n - mysql: Client mysqldump unspecified vulnerability (CPU\n Jul 2017) (CVE-2017-3651)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Oct 2017) (CVE-2017-10268)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10378)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Oct 2017) (CVE-2017-10379)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct\n 2017) (CVE-2017-10384)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan\n 2018) (CVE-2018-2622)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2640)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2665)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Jan 2018) (CVE-2018-2668)\n\n - mysql: Server: Replication unspecified vulnerability\n (CPU Apr 2018) (CVE-2018-2755)\n\n - mysql: Client programs unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2761)\n\n - mysql: Server: Locking unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2771)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU\n Apr 2018) (CVE-2018-2781)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2813)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr\n 2018) (CVE-2018-2817)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n (CVE-2018-2819)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jul\n 2017) (CVE-2017-3653)\n\n - mysql: use of SSL/TLS not enforced in libmysqld (Return\n of BACKRONYM) (CVE-2018-2767)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1303\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c6e7adc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.60-1\",\n \"mariadb-bench-5.5.60-1\",\n \"mariadb-devel-5.5.60-1\",\n \"mariadb-libs-5.5.60-1\",\n \"mariadb-server-5.5.60-1\",\n \"mariadb-test-5.5.60-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:51", "description": "The version of MariaDB installed on the remote host is prior to 10.1.33. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10-1-33-release-notes advisory.\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2766)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2782, CVE-2018-2784)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2018-2787)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2819)\n\n - Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2455)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-14550)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2021-2011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "MariaDB 10.1.0 < 10.1.33 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3081", "CVE-2019-2455", "CVE-2020-14550", "CVE-2021-2011"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_1_33.NASL", "href": "https://www.tenable.com/plugins/nessus/167883", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167883);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2766\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2787\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\",\n \"CVE-2018-3081\",\n \"CVE-2019-2455\",\n \"CVE-2020-14550\",\n \"CVE-2021-2011\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"MariaDB 10.1.0 < 10.1.33 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.1.33. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10-1-33-release-notes advisory.\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server\n executes to compromise MySQL Server. Successful attacks require human interaction from a person other than\n the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2018-2766)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of MySQL Server accessible data. (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2018-2782, CVE-2018-2784)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2018-2787)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset\n of MySQL Server accessible data. (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2819)\n\n - Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high privileged attacker with network access via multiple\n protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as\n unauthorized update, insert or delete access to some of MySQL Client accessible data. (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2455)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-14550)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Client. (CVE-2021-2011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-1-33-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.1.33 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2755\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\");\n script_require_keys(\"installed_sw/MariaDB\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.1', 'fixed_version' : '10.1.33' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:38:03", "description": "The version of MariaDB installed on the remote host is prior to 10.0.35. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10-0-35-release-notes advisory.\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2766)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2782, CVE-2018-2784)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2018-2787)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2819)\n\n - Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2455)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-14550)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2021-2011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "MariaDB 10.0.0 < 10.0.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3081", "CVE-2019-2455", "CVE-2020-14550", "CVE-2021-2011"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_35.NASL", "href": "https://www.tenable.com/plugins/nessus/167860", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167860);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2766\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2787\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\",\n \"CVE-2018-3081\",\n \"CVE-2019-2455\",\n \"CVE-2020-14550\",\n \"CVE-2021-2011\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"MariaDB 10.0.0 < 10.0.35 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.0.35. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10-0-35-release-notes advisory.\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server\n executes to compromise MySQL Server. Successful attacks require human interaction from a person other than\n the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2018-2766)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior.\n Difficult to exploit vulnerability allows low privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of MySQL Server accessible data. (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to\n exploit vulnerability allows high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2018-2782, CVE-2018-2784)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2018-2787)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset\n of MySQL Server accessible data. (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2819)\n\n - Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high privileged attacker with network access via multiple\n protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as\n unauthorized update, insert or delete access to some of MySQL Client accessible data. (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2455)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-14550)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Client. (CVE-2021-2011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-0-35-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.35 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2755\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\");\n script_require_keys(\"installed_sw/MariaDB\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.0', 'fixed_version' : '10.0.35' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:09", "description": "This update for mariadb to version 10.2.15 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return of BACKRONYM) (bsc#1088681).\n\n - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987).\n\n - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2787: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2766: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Replication). Difficult to exploit vulnerability allowed unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Optimizer). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Locking). Difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data (bsc#1089987, bsc#1090518).\n\nThese non-security issues were fixed :\n\n - PCRE updated to 8.42\n\n - Incomplete validation of missing tablespace during recovery\n\n - ib_buffer_pool unnecessarily includes the temporary tablespace\n\n - InnoDB may write uninitialized garbage to redo log\n\n - Virtual Columns: Assertion failed in dict_table_get_col_name\n\n - slow innodb startup/shutdown can exceed systemd timeout\n\n - Assertion failed in dict_check_sys_tables on upgrade from 5.5\n\n - Change buffer crash during TRUNCATE or DROP TABLE\n\n - temporary table ROLLBACK fixes\n\nFor additional details please see\n\n- https://mariadb.com/kb/en/library/mariadb-10215-release-notes\n\n- https://mariadb.com/kb/en/library/mariadb-10215-changelog", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2018-572)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld19", "p-cpe:/a:novell:opensuse:libmysqld19-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-galera", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-572.NASL", "href": "https://www.tenable.com/plugins/nessus/110408", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-572.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110408);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2018-572)\");\n script_summary(english:\"Check for the openSUSE-2018-572 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb to version 10.2.15 fixes the following \nissues :\n\nThese security issues were fixed :\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server\n library (Return of BACKRONYM) (bsc#1088681).\n\n - CVE-2018-2786: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server\n accessible data (bsc#1089987).\n\n - CVE-2018-2759: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2777: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2810: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2782: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2784: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2787: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server\n accessible data (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2766: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2755: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Replication). Difficult to exploit vulnerability allowed\n unauthenticated attacker with logon to the\n infrastructure where MySQL Server executes to compromise\n MySQL Server. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in MySQL Server, attacks may\n significantly impact additional products. Successful\n attacks of this vulnerability can result in takeover of\n MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2819: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2817: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2761: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Client\n programs). Difficult to exploit vulnerability allowed\n unauthenticated attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server\n (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2781: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Optimizer). Easily exploitable vulnerability allowed\n high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server\n (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2771: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Locking). Difficult to exploit vulnerability allowed\n high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server\n (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2813: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized read access to\n a subset of MySQL Server accessible data (bsc#1089987,\n bsc#1090518).\n\nThese non-security issues were fixed :\n\n - PCRE updated to 8.42\n\n - Incomplete validation of missing tablespace during\n recovery\n\n - ib_buffer_pool unnecessarily includes the temporary\n tablespace\n\n - InnoDB may write uninitialized garbage to redo log\n\n - Virtual Columns: Assertion failed in\n dict_table_get_col_name\n\n - slow innodb startup/shutdown can exceed systemd timeout\n\n - Assertion failed in dict_check_sys_tables on upgrade\n from 5.5\n\n - Change buffer crash during TRUNCATE or DROP TABLE\n\n - temporary table ROLLBACK fixes\n\nFor additional details please see\n\n- https://mariadb.com/kb/en/library/mariadb-10215-release-notes\n\n- https://mariadb.com/kb/en/library/mariadb-10215-changelog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092544\"\n );\n # https://mariadb.com/kb/en/library/mariadb-10215-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10215-changelog/\"\n );\n # https://mariadb.com/kb/en/library/mariadb-10215-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10215-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld-devel-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld19-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld19-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-bench-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-bench-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-client-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-client-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-debugsource-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-errormessages-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-galera-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-test-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-test-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-tools-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-tools-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqld-devel / libmysqld19 / libmysqld19-debuginfo / mariadb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:30:28", "description": "This update for mariadb to version 10.2.15 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return of BACKRONYM) (bsc#1088681).\n\n - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987).\n\n - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2787: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2766: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Replication). Difficult to exploit vulnerability allowed unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Optimizer). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server:\n Locking). Difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data (bsc#1089987, bsc#1090518).\n\nThese non-security issues were fixed :\n\n - PCRE updated to 8.42\n\n - Incomplete validation of missing tablespace during recovery\n\n - ib_buffer_pool unnecessarily includes the temporary tablespace\n\n - InnoDB may write uninitialized garbage to redo log\n\n - Virtual Columns: Assertion failed in dict_table_get_col_name\n\n - slow innodb startup/shutdown can exceed systemd timeout\n\n - Assertion failed in dict_check_sys_tables on upgrade from 5.5\n\n - Change buffer crash during TRUNCATE or DROP TABLE\n\n - temporary table ROLLBACK fixes\n\nFor additional details please see\n\n- https://mariadb.com/kb/en/library/mariadb-10215-release-notes\n\n- https://mariadb.com/kb/en/library/mariadb-10215-changelog", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2019-427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld19", "p-cpe:/a:novell:opensuse:libmysqld19-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-galera", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-427.NASL", "href": "https://www.tenable.com/plugins/nessus/123187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-427.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123187);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2019-427)\");\n script_summary(english:\"Check for the openSUSE-2019-427 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb to version 10.2.15 fixes the following \nissues :\n\nThese security issues were fixed :\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server\n library (Return of BACKRONYM) (bsc#1088681).\n\n - CVE-2018-2786: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server\n accessible data (bsc#1089987).\n\n - CVE-2018-2759: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2777: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2810: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2782: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2784: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2787: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server\n accessible data (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2766: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2755: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Replication). Difficult to exploit vulnerability allowed\n unauthenticated attacker with logon to the\n infrastructure where MySQL Server executes to compromise\n MySQL Server. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in MySQL Server, attacks may\n significantly impact additional products. Successful\n attacks of this vulnerability can result in takeover of\n MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2819: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: InnoDB). Easily\n exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2817: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2761: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Client\n programs). Difficult to exploit vulnerability allowed\n unauthenticated attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server\n (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2781: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Optimizer). Easily exploitable vulnerability allowed\n high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server\n (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2771: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Locking). Difficult to exploit vulnerability allowed\n high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server\n (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2813: Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: DDL).\n Easily exploitable vulnerability allowed low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized read access to\n a subset of MySQL Server accessible data (bsc#1089987,\n bsc#1090518).\n\nThese non-security issues were fixed :\n\n - PCRE updated to 8.42\n\n - Incomplete validation of missing tablespace during\n recovery\n\n - ib_buffer_pool unnecessarily includes the temporary\n tablespace\n\n - InnoDB may write uninitialized garbage to redo log\n\n - Virtual Columns: Assertion failed in\n dict_table_get_col_name\n\n - slow innodb startup/shutdown can exceed systemd timeout\n\n - Assertion failed in dict_check_sys_tables on upgrade\n from 5.5\n\n - Change buffer crash during TRUNCATE or DROP TABLE\n\n - temporary table ROLLBACK fixes\n\nFor additional details please see\n\n- https://mariadb.com/kb/en/library/mariadb-10215-release-notes\n\n- https://mariadb.com/kb/en/library/mariadb-10215-changelog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092544\"\n );\n # https://mariadb.com/kb/en/library/mariadb-10215-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10215-changelog/\"\n );\n # https://mariadb.com/kb/en/library/mariadb-10215-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10215-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld-devel-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld19-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld19-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-bench-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-bench-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-client-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-client-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-debugsource-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-errormessages-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-galera-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-test-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-test-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-tools-10.2.15-lp150.2.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-tools-debuginfo-10.2.15-lp150.2.3.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqld-devel / libmysqld19 / libmysqld19-debuginfo / mariadb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:56", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "RHEL 7 : mariadb (RHSA-2018:2439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3133", "CVE-2019-2455"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-bench", "p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-test", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-2439.NASL", "href": "https://www.tenable.com/plugins/nessus/111802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2439. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111802);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-3133\", \"CVE-2019-2455\");\n script_xref(name:\"RHSA\", value:\"2018:2439\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2018:2439)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of\nBACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of\ntime if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was\nstarting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2\nseconds. As a result, the mariadb service either starts or fails but\nno longer hangs in the described situation. (BZ#1584023)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2455\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2439\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.60-1.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.60-1.el7_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:39", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)", "cvss3": {}, "published": "2018-08-21T00:00:00", "type": "nessus", "title": "CentOS 7 : mariadb (CESA-2018:2439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3133", "CVE-2019-2455"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mariadb", "p-cpe:/a:centos:centos:mariadb-bench", "p-cpe:/a:centos:centos:mariadb-devel", "p-cpe:/a:centos:centos:mariadb-embedded", "p-cpe:/a:centos:centos:mariadb-embedded-devel", "p-cpe:/a:centos:centos:mariadb-libs", "p-cpe:/a:centos:centos:mariadb-server", "p-cpe:/a:centos:centos:mariadb-test", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-2439.NASL", "href": "https://www.tenable.com/plugins/nessus/112020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2439 and \n# CentOS Errata and Security Advisory 2018:2439 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112020);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-3133\", \"CVE-2019-2455\");\n script_xref(name:\"RHSA\", value:\"2018:2439\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2018:2439)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of\nBACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of\ntime if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was\nstarting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2\nseconds. As a result, the mariadb service either starts or fails but\nno longer hangs in the described situation. (BZ#1584023)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-August/022995.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f416f9e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2562\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.60-1.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:14:43", "description": "From Red Hat Security Advisory 2018:2439 :\n\nAn update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : mariadb (ELSA-2018-2439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3133", "CVE-2019-2455"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-bench", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-libs", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-test", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-2439.NASL", "href": "https://www.tenable.com/plugins/nessus/111800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:2439 and \n# Oracle Linux Security Advisory ELSA-2018-2439 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111800);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-10268\", \"CVE-2017-10378\", \"CVE-2017-10379\", \"CVE-2017-10384\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3651\", \"CVE-2017-3653\", \"CVE-2018-2562\", \"CVE-2018-2622\", \"CVE-2018-2640\", \"CVE-2018-2665\", \"CVE-2018-2668\", \"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-3133\", \"CVE-2019-2455\");\n script_xref(name:\"RHSA\", value:\"2018:2439\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2018-2439)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:2439 :\n\nAn update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)\n\nSecurity Fix(es) :\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3636)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3641)\n\n* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3651)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10268)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10378)\n\n* mysql: Client programs unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10379)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)\n(CVE-2017-10384)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2562)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2622)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2640)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2665)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)\n(CVE-2018-2668)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2755)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2761)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2771)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2781)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2817)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018)\n(CVE-2018-2819)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)\n(CVE-2017-3653)\n\n* mysql: use of SSL/TLS not enforced in libmysqld (Return of\nBACKRONYM) (CVE-2018-2767)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) :\n\n* Previously, the mysqladmin tool waited for an inadequate length of\ntime if the socket it listened on did not respond in a specific way.\nConsequently, when the socket was used while the MariaDB server was\nstarting, the mariadb service became unresponsive for a long time.\nWith this update, the mysqladmin timeout has been shortened to 2\nseconds. As a result, the mariadb service either starts or fails but\nno longer hangs in the described situation. (BZ#1584023)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-August/007941.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.60-1.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.60-1.el7_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:45", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2017-3651)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).\n (CVE-2017-3636)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2017-3641)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2017-3653)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2017-10378)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2017-10268)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.\n CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2017-10379)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2017-10384)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\n (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).\n (CVE-2018-2562)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2622)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2819)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2455)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3133", "CVE-2019-2455"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0034_MARIADB.NASL", "href": "https://www.tenable.com/plugins/nessus/127203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0034. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127203);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2017-3636\",\n \"CVE-2017-3641\",\n \"CVE-2017-3651\",\n \"CVE-2017-3653\",\n \"CVE-2017-10268\",\n \"CVE-2017-10378\",\n \"CVE-2017-10379\",\n \"CVE-2017-10384\",\n \"CVE-2018-2562\",\n \"CVE-2018-2622\",\n \"CVE-2018-2640\",\n \"CVE-2018-2665\",\n \"CVE-2018-2668\",\n \"CVE-2018-2755\",\n \"CVE-2018-2761\",\n \"CVE-2018-2767\",\n \"CVE-2018-2771\",\n \"CVE-2018-2781\",\n \"CVE-2018-2813\",\n \"CVE-2018-2817\",\n \"CVE-2018-2819\",\n \"CVE-2018-3133\",\n \"CVE-2019-2455\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected\nby multiple vulnerabilities:\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Client mysqldump). Supported\n versions that are affected are 5.5.56 and earlier,\n 5.6.36 and earlier and 5.7.18 and earlier. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data. CVSS 3.0\n Base Score 4.3 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2017-3651)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.56 and earlier and\n 5.6.36 and earlier. Easily exploitable vulnerability\n allows low privileged attacker with logon to the\n infrastructure where MySQL Server executes to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data and unauthorized ability to cause a\n partial denial of service (partial DOS) of MySQL Server.\n CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).\n (CVE-2017-3636)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DML). Supported versions\n that are affected are 5.5.56 and earlier, 5.6.36 and\n earlier and 5.7.18 and earlier. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2017-3641)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Supported versions\n that are affected are 5.5.56 and earlier, 5.6.36 and\n earlier and 5.7.18 and earlier. Difficult to exploit\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data. CVSS 3.0\n Base Score 3.1 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2017-3653)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.5.57 and earlier,\n 5.6.37 and earlier and 5.7.11 and earlier. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2017-10378)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.5.57 and earlier,\n 5.6.37 and earlier and 5.7.19 and earlier. Difficult to\n exploit vulnerability allows high privileged attacker\n with logon to the infrastructure where MySQL Server\n executes to compromise MySQL Server. Successful attacks\n of this vulnerability can result in unauthorized access\n to critical data or complete access to all MySQL Server\n accessible data. CVSS 3.0 Base Score 4.1\n (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2017-10268)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.57 and earlier,\n 5.6.37 and earlier and 5.7.19 and earlier. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized access to critical data or\n complete access to all MySQL Server accessible data.\n CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).\n (CVE-2017-10379)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Supported versions\n that are affected are 5.5.57 and earlier 5.6.37 and\n earlier 5.7.19 and earlier. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2017-10384)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39\n and prior and 5.7.21 and prior. Difficult to exploit\n vulnerability allows unauthenticated attacker with logon\n to the infrastructure where MySQL Server executes to\n compromise MySQL Server. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in MySQL Server, attacks\n may significantly impact additional products. Successful\n attacks of this vulnerability can result in takeover of\n MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality,\n Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\n (CVE-2018-2755)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Encryption).\n Supported versions that are affected are 5.5.60 and\n prior, 5.6.40 and prior and 5.7.22 and prior. Difficult\n to exploit vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized read access to a subset of\n MySQL Server accessible data. CVSS 3.0 Base Score 3.1\n (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2018-2767)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server : Partition). Supported\n versions that are affected are 5.5.58 and prior, 5.6.38\n and prior and 5.7.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server as well as unauthorized update, insert or delete\n access to some of MySQL Server accessible data. CVSS 3.0\n Base Score 7.1 (Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).\n (CVE-2018-2562)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Supported versions\n that are affected are 5.5.58 and prior, 5.6.38 and prior\n and 5.7.20 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2622)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.5.58 and prior, 5.6.38\n and prior and 5.7.20 and prior. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39\n and prior and 5.7.21 and prior. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 5.9 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2761)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Locking). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39\n and prior and 5.7.21 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2771)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.5.59 and prior, 5.6.39\n and prior and 5.7.21 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2781)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and prior\n and 5.7.21 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 4.3\n (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2018-2813)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Supported versions\n that are affected are 5.5.59 and prior, 5.6.39 and prior\n and 5.7.21 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2817)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Supported versions that\n are affected are 5.5.59 and prior, 5.6.39 and prior and\n 5.7.21 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-2819)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Parser). Supported versions\n that are affected are 5.6.42 and prior, 5.7.24 and prior\n and 8.0.13 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS\n 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2455)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Parser). Supported versions\n that are affected are 5.5.61 and prior, 5.6.41 and\n prior, 5.7.23 and prior and 8.0.12 and prior. Easily\n exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3133)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0034\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL mariadb packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2562\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2755\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"mariadb-5.5.60-1.el7_5\",\n \"mariadb-bench-5.5.60-1.el7_5\",\n \"mariadb-debuginfo-5.5.60-1.el7_5\",\n \"mariadb-devel-5.5.60-1.el7_5\",\n \"mariadb-embedded-5.5.60-1.el7_5\",\n \"mariadb-embedded-devel-5.5.60-1.el7_5\",\n \"mariadb-libs-5.5.60-1.el7_5\",\n \"mariadb-server-5.5.60-1.el7_5\",\n \"mariadb-test-5.5.60-1.el7_5\"\n ],\n \"CGSL MAIN 5.04\": [\n \"mariadb-5.5.60-1.el7_5\",\n \"mariadb-bench-5.5.60-1.el7_5\",\n \"mariadb-debuginfo-5.5.60-1.el7_5\",\n \"mariadb-devel-5.5.60-1.el7_5\",\n \"mariadb-embedded-5.5.60-1.el7_5\",\n \"mariadb-embedded-devel-5.5.60-1.el7_5\",\n \"mariadb-libs-5.5.60-1.el7_5\",\n \"mariadb-server-5.5.60-1.el7_5\",\n \"mariadb-test-5.5.60-1.el7_5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:57", "description": "New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.", "cvss3": {}, "published": "2017-09-11T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 : mariadb (SSA:2017-251-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-251-02.NASL", "href": "https://www.tenable.com/plugins/nessus/103090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-251-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103090);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_xref(name:\"SSA\", value:\"2017-251-02\");\n\n script_name(english:\"Slackware 14.1 / 14.2 : mariadb (SSA:2017-251-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1 and 14.2 to fix\nsecurity issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.353960\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e91bcb6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.57\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.57\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.32\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.32\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:34", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.26. Please see the MariaDB 10.1 Release Notes for further details :\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10124-release- notes/\n - https://mariadb.com/kb/en/mariadb/mariadb-10125-release- notes/\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10126-release- notes/", "cvss3": {}, "published": "2017-08-28T00:00:00", "type": "nessus", "title": "Debian DSA-3955-1 : mariadb-10.1 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mariadb-10.1", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3955.NASL", "href": "https://www.tenable.com/plugins/nessus/102791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3955. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102791);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_xref(name:\"DSA\", value:\"3955\");\n\n script_name(english:\"Debian DSA-3955-1 : mariadb-10.1 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.1.26. Please see the MariaDB 10.1 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10124-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10125-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10126-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10124-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10125-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10126-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/mariadb-10.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3955\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.1 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 10.1.26-0+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libmariadbclient-dev\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmariadbclient-dev-compat\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmariadbclient18\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmariadbd-dev\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmariadbd18\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-client\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-client-10.1\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-client-core-10.1\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-common\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-connect\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-cracklib-password-check\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-gssapi-client\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-gssapi-server\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-mroonga\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-oqgraph\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-spider\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-plugin-tokudb\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-server\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-server-10.1\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-server-core-10.1\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-test\", reference:\"10.1.26-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mariadb-test-data\", reference:\"10.1.26-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:55", "description": "This update for mariadb fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service (bsc#1049399)\n\n - CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service (bsc#1049404)\n\n - CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access (bsc#1049417)\n\nThese non-security issues were fixed :\n\n - Add ODBC support for Connect engine (bsc#1039034)\n\n - Relax required version for mariadb-errormessages (bsc#1072665)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2018-01-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2018-33)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-33.NASL", "href": "https://www.tenable.com/plugins/nessus/106062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-33.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106062);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2018-33)\");\n script_summary(english:\"Check for the openSUSE-2018-33 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-3636: Client programs had an unspecified\n vulnerability that could lead to unauthorized access and\n denial of service (bsc#1049399)\n\n - CVE-2017-3641: DDL unspecified vulnerability could lead\n to denial of service (bsc#1049404)\n\n - CVE-2017-3653: DML Unspecified vulnerability could lead\n to unautho

EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)

Description

Related