7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.065 Low
EPSS
Percentile
93.8%
This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities.
Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2015:091.
# The text itself is copyright (C) Mandriva S.A.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82344);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-5615", "CVE-2013-5908", "CVE-2014-0384", "CVE-2014-0401", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0437", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6478", "CVE-2014-6484", "CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6495", "CVE-2014-6496", "CVE-2014-6500", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0391", "CVE-2015-0411", "CVE-2015-0432");
script_xref(name:"MDVSA", value:"2015:091");
script_name(english:"Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"This update provides MariaDB 5.5.42, which fixes several security
issues and other bugs. Please refer to the Oracle Critical Patch
Update Advisories and the Release Notes for MariaDB for further
information regarding the security vulnerabilities.
Additionally the jemalloc packages is being provided as it was
previousely provided with the mariadb source code, built and used but
removed from the mariadb source code since 5.5.40."
);
# http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ef1fc2a6"
);
# http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?17c46362"
);
# https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?75c6cafb"
);
# https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1ada40cc"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5535-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5536-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5537-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5538-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5539-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5540-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5541-release-notes/"
);
script_set_attribute(
attribute:"see_also",
value:"https://mariadb.com/kb/en/library/mariadb-5542-release-notes/"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64jemalloc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64jemalloc1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-feedback");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-obsolete");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-MariaDB");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64jemalloc-devel-3.6.0-2.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64jemalloc1-3.6.0-2.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-devel-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-embedded-devel-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-embedded18-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb18-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-bench-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-client-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-common-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-common-core-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-core-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-extra-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-feedback-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-obsolete-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mysql-MariaDB-5.5.42-1.mbs2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | lib64jemalloc-devel | p-cpe:/a:mandriva:linux:lib64jemalloc-devel |
mandriva | linux | lib64jemalloc1 | p-cpe:/a:mandriva:linux:lib64jemalloc1 |
mandriva | linux | lib64mariadb-devel | p-cpe:/a:mandriva:linux:lib64mariadb-devel |
mandriva | linux | lib64mariadb-embedded-devel | p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel |
mandriva | linux | lib64mariadb-embedded18 | p-cpe:/a:mandriva:linux:lib64mariadb-embedded18 |
mandriva | linux | lib64mariadb18 | p-cpe:/a:mandriva:linux:lib64mariadb18 |
mandriva | linux | mariadb | p-cpe:/a:mandriva:linux:mariadb |
mandriva | linux | mariadb-bench | p-cpe:/a:mandriva:linux:mariadb-bench |
mandriva | linux | mariadb-client | p-cpe:/a:mandriva:linux:mariadb-client |
mandriva | linux | mariadb-common | p-cpe:/a:mandriva:linux:mariadb-common |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432
www.nessus.org/u?17c46362
www.nessus.org/u?1ada40cc
www.nessus.org/u?75c6cafb
www.nessus.org/u?ef1fc2a6
mariadb.com/kb/en/library/mariadb-5535-release-notes/
mariadb.com/kb/en/library/mariadb-5536-release-notes/
mariadb.com/kb/en/library/mariadb-5537-release-notes/
mariadb.com/kb/en/library/mariadb-5538-release-notes/
mariadb.com/kb/en/library/mariadb-5539-release-notes/
mariadb.com/kb/en/library/mariadb-5540-release-notes/
mariadb.com/kb/en/library/mariadb-5541-release-notes/
mariadb.com/kb/en/library/mariadb-5542-release-notes/