This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540- changelog and also couple of security issues.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2014-16003.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79905);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6564");
script_bugtraq_id(70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);
script_xref(name:"FEDORA", value:"2014-16003");
script_name(english:"Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This is an update that fixes all issues described at
https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-
changelog and also couple of security issues.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153461"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153462"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153463"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153464"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153467"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153489"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153490"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153491"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153493"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153494"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153495"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153496"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153497"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145916.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5e9ea712"
);
# https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?576d571a"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mariadb package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mariadb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
script_set_attribute(attribute:"patch_publication_date", value:"2014/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC20", reference:"mariadb-5.5.40-1.fc20")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | mariadb | p-cpe:/a:fedoraproject:fedora:mariadb |
fedoraproject | fedora | 20 | cpe:/o:fedoraproject:fedora:20 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564
www.nessus.org/u?576d571a
www.nessus.org/u?5e9ea712
bugzilla.redhat.com/show_bug.cgi?id=1153461
bugzilla.redhat.com/show_bug.cgi?id=1153462
bugzilla.redhat.com/show_bug.cgi?id=1153463
bugzilla.redhat.com/show_bug.cgi?id=1153464
bugzilla.redhat.com/show_bug.cgi?id=1153467
bugzilla.redhat.com/show_bug.cgi?id=1153489
bugzilla.redhat.com/show_bug.cgi?id=1153490
bugzilla.redhat.com/show_bug.cgi?id=1153491
bugzilla.redhat.com/show_bug.cgi?id=1153493
bugzilla.redhat.com/show_bug.cgi?id=1153494
bugzilla.redhat.com/show_bug.cgi?id=1153495
bugzilla.redhat.com/show_bug.cgi?id=1153496
bugzilla.redhat.com/show_bug.cgi?id=1153497