Lucene search
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-21B76D179E.NASLHistoryMar 04, 2019 - 12:00 a.m.
Fedora 28 : community-mysql (2019-21b76d179e)
2019-03-0400:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
89
MySQL 5.7.25
Release notes :
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
CVEs fixed :
CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-21b76d179e.
#
include("compat.inc");
if (description)
{
script_id(122557);
script_version("1.3");
script_cvs_date("Date: 2020/02/07");
script_cve_id("CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2534", "CVE-2019-2537");
script_xref(name:"FEDORA", value:"2019-21b76d179e");
script_name(english:"Fedora 28 : community-mysql (2019-21b76d179e)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"** MySQL 5.7.25 **
Release notes :
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
CVEs fixed :
CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482
CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528
CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-21b76d179e"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected community-mysql package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/04");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC28", reference:"community-mysql-5.7.25-1.fc28")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | community-mysql | p-cpe:/a:fedoraproject:fedora:community-mysql |
| fedoraproject | fedora | 28 | cpe:/o:fedoraproject:fedora:28 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2537
bodhi.fedoraproject.org/updates/FEDORA-2019-21b76d179e
Related
amazon
amazon
Medium: mysql57
2019-03-20 23:45:00
Medium: mysql56
2019-03-20 22:27:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : MySQL vulnerabilities (USN-3867-1)
2019-01-24 00:00:00
Amazon Linux AMI : mysql57 (ALAS-2019-1181)
2019-03-26 00:00:00
MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)
2019-01-17 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2019-01-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3867-1)
2019-01-24 00:00:00
ibm
ibm
suse
suse
Security update for mysql-community-server (important)
2019-02-05 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2019-01-15 00:00:00
f5
f5
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.38-alt1
2019-03-06 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.3.13-alt1
2019-03-02 00:00:00
slackware
slackware
[slackware-security] mariadb
2019-02-02 02:10:30
osv
osv
mariadb-10.0 - security update
2019-02-01 00:00:00
CVE-2019-2434
2019-01-16 19:30:31
CVE-2019-2532
2019-01-16 19:30:35
mageia
mageia
Updated mariadb packages fix security vulnerability
2019-04-11 01:07:23
debian
debian
[SECURITY] [DLA 1655-1] mariadb-10.0 security update
2019-02-01 08:28:28
photon
photon
fedora
fedora
[SECURITY] Fedora 29 Update: community-mysql-8.0.15-1.fc29
2019-02-28 20:28:46
[SECURITY] Fedora 29 Update: community-mysql-8.0.16-1.fc29
2019-05-29 02:59:34
[SECURITY] Fedora 30 Update: mariadb-10.3.17-1.fc30
2019-08-15 18:10:30
redhatcve
redhatcve
prion
prion
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (Dos)
2019-08-15 00:08:32
Denial Of Service (Dos)
2019-08-15 00:08:31
Denial Of Service (Dos)
2019-08-15 00:08:31
cve
cve
alpinelinux
alpinelinux
debiancve
debiancve
mariadbunix
mariadbunix
oraclelinux
oraclelinux
mysql:8.0 security update
2019-08-19 00:00:00
redhat
redhat
(RHSA-2019:2511) Important: mysql:8.0 security update
2019-08-15 17:31:05
(RHSA-2019:2484) Important: rh-mysql80-mysql security update
2019-08-14 06:35:35
Related for FEDORA_2019-21B76D179E.NASL