Search...

Oracle MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)

2016-07-11T00:00:00

ID MYSQL_5_5_50_RPM.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2016-07-11T00:00:00

Description

The version of Oracle MySQL installed on the remote host is 5.5.x prior to 5.5.50. It is, therefore, affected by the following vulnerabilities :

An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)

An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)

An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)

An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)

Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.

A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91994);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");

  script_cve_id(
    "CVE-2016-3477",
    "CVE-2016-3521",
    "CVE-2016-3615",
    "CVE-2016-5440"
  );
  script_bugtraq_id(
    91902,
    91932,
    91953,
    91960
  );

  script_name(english:"Oracle MySQL 5.5.x &lt; 5.5.50 Multiple Vulnerabilities (July 2016 CPU)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle MySQL installed on the remote host is 5.5.x
prior to 5.5.50. It is, therefore, affected by the following
vulnerabilities :

  - An unspecified flaw exists in the Parser subcomponent
    that allows a local attacker to gain elevated
    privileges. (CVE-2016-3477)

  - An unspecified flaw exists in the Types subcomponent
    that allows an authenticated, remote attacker to cause
    a denial of service condition. (CVE-2016-3521)

  - An unspecified flaw exists in the DML subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-3615)

  - An unspecified flaw exists in the RBR subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-5440)

  - Multiple overflow conditions exist due to improper
    validation of user-supplied input. An authenticated,
    remote attacker can exploit these issues to cause a
    denial of service condition or the execution of
    arbitrary code.

  - A NULL pointer dereference flaw exists in a parser
    structure that is triggered during the validation of
    stored procedure names. An authenticated, remote
    attacker can exploit this to crash the database,
    resulting in a denial of service condition.");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html");
  # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42cde00c");
  script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2157431.1");
  # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.5.50 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3477");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/11");

  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled");
  script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");

  exit(0);
}

include("mysql_version.inc");

fix_version = "5.5.50";
exists_version = "5.5";

mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);

JSON Vulners Source

Initial Source

{"id": "MYSQL_5_5_50_RPM.NASL", "bulletinFamily": "scanner", "title": "Oracle MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)", "description": "The version of Oracle MySQL installed on the remote host is 5.5.x\nprior to 5.5.50. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5440)\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.", "published": "2016-07-11T00:00:00", "modified": "2016-07-11T00:00:00", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/91994", "reporter": "This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html", "http://www.nessus.org/u?453b5f8c", "http://www.nessus.org/u?42cde00c", "https://support.oracle.com/rs?type=doc&id=2157431.1"], "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "type": "nessus", "lastseen": "2020-06-04T19:09:44", "edition": 21, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-3615", "CVE-2016-5440", "CVE-2016-3477", "CVE-2016-3521"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3632-1:F9C2A", "DEBIAN:DSA-3624-1:EC39B", "DEBIAN:DLA-567-2:D29AF"]}, {"type": "openvas", "idList": ["OPENVAS:703632", "OPENVAS:1361412562310808595", "OPENVAS:1361412562311220161035", "OPENVAS:1361412562310120726", "OPENVAS:1361412562310871652", "OPENVAS:1361412562310703632", "OPENVAS:1361412562310703624", "OPENVAS:703624", "OPENVAS:1361412562310851429", "OPENVAS:1361412562310808588"]}, {"type": "nessus", "idList": ["OPENSUSE-2016-1068.NASL", "DEBIAN_DSA-3624.NASL", "MYSQL_5_5_50.NASL", "OPENSUSE-2016-1274.NASL", "SUSE_SU-2016-2343-1.NASL", "SUSE_SU-2016-2218-1.NASL", "ALA_ALAS-2016-737.NASL", "DEBIAN_DSA-3632.NASL", "SUSE_SU-2016-2248-1.NASL", "DEBIAN_DLA-567.NASL"]}, {"type": "redhat", "idList": ["RHSA-2016:1602", "RHSA-2016:1603", "RHSA-2016:1601", "RHSA-2016:1637", "RHSA-2016:1480", "RHSA-2016:1604"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2788-1", "SUSE-SU-2016:2343-1", "OPENSUSE-SU-2016:2746-1", "OPENSUSE-SU-2016:2769-1"]}, {"type": "amazon", "idList": ["ALAS-2016-738", "ALAS-2016-737"]}, {"type": "centos", "idList": ["CESA-2016:1602"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1602"]}, {"type": "ubuntu", "idList": ["USN-3040-1"]}, {"type": "f5", "idList": ["SOL42204713", "F5:K42204713"]}, {"type": "kaspersky", "idList": ["KLA10847"]}, {"type": "freebsd", "idList": ["CA5CB202-4F51-11E6-B2EC-B499BAEBFEAF"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2016"]}], "modified": "2020-06-04T19:09:44", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-06-04T19:09:44", "rev": 2}, "vulnersScore": 7.0}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91994);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-3477\",\n \"CVE-2016-3521\",\n \"CVE-2016-3615\",\n \"CVE-2016-5440\"\n );\n script_bugtraq_id(\n 91902,\n 91932,\n 91953,\n 91960\n );\n\n script_name(english:\"Oracle MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL installed on the remote host is 5.5.x\nprior to 5.5.50. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5440)\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\");\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42cde00c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2157431.1\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.50 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3477\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/11\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.50\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "naslFamily": "Databases", "pluginID": "91994", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "scheme": null, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:07:40", "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T10:14:00", "title": "CVE-2016-5440", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5440"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:mysql:5.7.12", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.5.49", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/a:ibm:powerkvm:3.1", "cpe:/a:ibm:powerkvm:2.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-5440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5440", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:07:37", "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.\nScores reflect additional information provided in http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml:\n\n\"Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.\"", "edition": 7, "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-07-21T10:12:00", "title": "CVE-2016-3477", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3477"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/a:oracle:mysql:5.7.12", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.5.49", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:ibm:powerkvm:3.1", "cpe:/a:ibm:powerkvm:2.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:oracle:linux:7", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-3477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3477", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:07:38", "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T10:13:00", "title": "CVE-2016-3521", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3521"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/a:oracle:mysql:5.7.12", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.5.49", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:ibm:powerkvm:3.1", "cpe:/a:ibm:powerkvm:2.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:oracle:linux:7", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-3521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3521", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:07:38", "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", "edition": 7, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T10:14:00", "title": "CVE-2016-3615", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3615"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/a:oracle:mysql:5.7.12", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:5.5.49", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:ibm:powerkvm:3.1", "cpe:/a:ibm:powerkvm:2.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:oracle:linux:7", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-3615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3615", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2020-04-03T18:52:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2020-04-01T00:00:00", "published": "2016-07-21T00:00:00", "id": "OPENVAS:1361412562310808588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808588", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-01 July16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln01_july16_win.nasl 61124 2016-07-21 10:49:47 +0530 April$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-01 July16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808588\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_bugtraq_id(91902, 91932, 91960, 91953);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-21 10:49:47 +0530 (Thu, 21 Jul 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-01 July16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple unspecified errors exists in the\n MySQL Server component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.49 and earlier,\n 5.6.30 and earlier, 5.7.12 and earlier on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.[5-7]\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5.0\", test_version2:\"5.5.49\") ||\n version_in_range(version:vers, test_version:\"5.6.0\", test_version2:\"5.6.30\") ||\n version_in_range(version:vers, test_version:\"5.7.0\", test_version2:\"5.7.12\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:54:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.50. Please see the MySQL 5.5 Release Notes and\nOracle", "modified": "2017-07-07T00:00:00", "published": "2016-07-21T00:00:00", "id": "OPENVAS:703624", "href": "http://plugins.openvas.org/nasl.php?oid=703624", "type": "openvas", "title": "Debian Security Advisory DSA 3624-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3624.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3624-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703624);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_name(\"Debian Security Advisory DSA 3624-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-07-21 00:00:00 +0200 (Thu, 21 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3624.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 5.5.50-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.50. Please see the MySQL 5.5 Release Notes and\nOracle's Critical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.50-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-04-03T18:52:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2020-04-01T00:00:00", "published": "2016-07-21T00:00:00", "id": "OPENVAS:1361412562310808595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808595", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-01 July16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln01_july16_lin.nasl 61124 2016-07-21 10:49:47 +0530 April$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-01 July16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808595\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_bugtraq_id(91902, 91932, 91960, 91953);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-21 12:52:28 +0530 (Thu, 21 Jul 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-01 July16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple unspecified errors exists in the\n MySQL Server component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.49 and earlier,\n 5.6.30 and earlier, 5.7.12 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.[5-7]\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5.0\", test_version2:\"5.5.49\") ||\n version_in_range(version:vers, test_version:\"5.6.0\", test_version2:\"5.6.30\") ||\n version_in_range(version:vers, test_version:\"5.7.0\", test_version2:\"5.7.12\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.50.", "modified": "2019-03-18T00:00:00", "published": "2016-07-21T00:00:00", "id": "OPENVAS:1361412562310703624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703624", "type": "openvas", "title": "Debian Security Advisory DSA 3624-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3624.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3624-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703624\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_name(\"Debian Security Advisory DSA 3624-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-21 00:00:00 +0200 (Thu, 21 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3624.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 5.5.50-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.50.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.50-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "Several issues have been discovered\nin the MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.26.", "modified": "2019-03-18T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310703632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703632", "type": "openvas", "title": "Debian Security Advisory DSA 3632-1 (mariadb-10.0 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3632.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3632-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703632\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_name(\"Debian Security Advisory DSA 3632-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:58:31 +0530 (Tue, 02 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3632.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 10.0.26-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.26-1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered\nin the MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.26.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.26-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:54:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "Several issues have been discovered\nin the MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release\nNotes for further details:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/", "modified": "2017-07-07T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:703632", "href": "http://plugins.openvas.org/nasl.php?oid=703632", "type": "openvas", "title": "Debian Security Advisory DSA 3632-1 (mariadb-10.0 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3632.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3632-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703632);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_name(\"Debian Security Advisory DSA 3632-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:58:31 +0530 (Tue, 02 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3632.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 10.0.26-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.26-1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin the MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release\nNotes for further details:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.26-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:35:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5630", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5612", "CVE-2016-5440", "CVE-2016-6662", "CVE-2016-3521"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310851429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851429", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2016:2746-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851429\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:41 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\",\n \"CVE-2016-5612\", \"CVE-2016-5630\", \"CVE-2016-6662\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2016:2746-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb to 10.0.27 fixes the following issues:\n\n * fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630, CVE-2016-6662\n 10.0.26: CVE-2016-5440, CVE-2016-3615, CVE-2016-3521, CVE-2016-3477\n\n * fix: [boo#1005561], [boo#1005570], [boo#998309], [boo#989926],\n [boo#989922], [boo#989919], [boo#989913]\n\n - requires devel packages for aio and lzo2\n\n - remove mariadb-10.0.21-mysql-test_main_bootstrap.patch that is no longer\n needed [boo#984858]\n\n - append '--ignore-db-dir=lost+found' to the mysqld options in\n 'mysql-systemd-helper' script if 'lost+found' directory is found in\n $datadir [boo#986251]\n\n - remove syslog.target from *.service files [boo#983938]\n\n - add systemd to deps to build on leap and friends\n\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n\n - remove useless mysql@default.service [boo#971456]\n\n - make ORDER BY optimization functions take into account multiple\n equalities [boo#949520]\n\n - adjust mysql-test results in order to take account of a new option\n (orderby_uses_equalities) added by the optimizer patch [boo#1003800]\n\n - replace all occurrences of the string '@sysconfdir@' with '/etc' in\n mysql-community-server-5.1.46-logrotate.patch as it wasn't expanded\n properly [boo#990890]\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2746-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.27~2.27.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:55:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-3521"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120726", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-737)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120726\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:21 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-737)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Oracle MySQL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update mysql56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-737.html\");\n script_cve_id(\"CVE-2016-5440\", \"CVE-2016-3459\", \"CVE-2016-5439\", \"CVE-2016-3477\", \"CVE-2016-3614\", \"CVE-2016-3615\", \"CVE-2016-3521\", \"CVE-2016-3486\", \"CVE-2016-3501\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-common\", rpm:\"mysql56-common~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-test\", rpm:\"mysql56-test~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-devel\", rpm:\"mysql56-devel~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-libs\", rpm:\"mysql56-libs~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-server\", rpm:\"mysql56-server~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-embedded-devel\", rpm:\"mysql56-embedded-devel~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-errmsg\", rpm:\"mysql56-errmsg~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-debuginfo\", rpm:\"mysql56-debuginfo~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-embedded\", rpm:\"mysql56-embedded~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-bench\", rpm:\"mysql56-bench~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56\", rpm:\"mysql56~5.6.32~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0641", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-0649", "CVE-2016-5440", "CVE-2016-0646", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-0666", "CVE-2016-0643", "CVE-2016-0640", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3521"], "description": "Check the version of mariadb", "modified": "2019-03-08T00:00:00", "published": "2016-08-13T00:00:00", "id": "OPENVAS:1361412562310882543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882543", "type": "openvas", "title": "CentOS Update for mariadb CESA-2016:1602 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mariadb CESA-2016:1602 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882543\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-13 05:51:58 +0200 (Sat, 13 Aug 2016)\");\n script_cve_id(\"CVE-2016-0640\", \"CVE-2016-0641\", \"CVE-2016-0643\", \"CVE-2016-0644\",\n \"CVE-2016-0646\", \"CVE-2016-0647\", \"CVE-2016-0648\", \"CVE-2016-0649\",\n \"CVE-2016-0650\", \"CVE-2016-0666\", \"CVE-2016-3452\", \"CVE-2016-3477\",\n \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\", \"CVE-2016-5444\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mariadb CESA-2016:1602 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of mariadb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL\ndatabase server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.50).\n\nSecurity Fix(es):\n\n * This update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2016-0640,\nCVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647,\nCVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452,\nCVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)\");\n script_tag(name:\"affected\", value:\"mariadb on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1602\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-August/022035.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.50~1.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0641", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-0649", "CVE-2016-5440", "CVE-2016-0646", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-0666", "CVE-2016-0643", "CVE-2016-0640", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3521"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-08-12T00:00:00", "id": "OPENVAS:1361412562310871652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871652", "type": "openvas", "title": "RedHat Update for mariadb RHSA-2016:1602-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2016:1602-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871652\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-12 05:47:11 +0200 (Fri, 12 Aug 2016)\");\n script_cve_id(\"CVE-2016-0640\", \"CVE-2016-0641\", \"CVE-2016-0643\", \"CVE-2016-0644\",\n \"CVE-2016-0646\", \"CVE-2016-0647\", \"CVE-2016-0648\", \"CVE-2016-0649\",\n \"CVE-2016-0650\", \"CVE-2016-0666\", \"CVE-2016-3452\", \"CVE-2016-3477\",\n \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\", \"CVE-2016-5444\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for mariadb RHSA-2016:1602-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded\nSQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.50).\n\nSecurity Fix(es):\n\n * This update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2016-0640,\nCVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647,\nCVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452,\nCVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux\nServer (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:1602-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-August/msg00024.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.50~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-07T14:24:40", "description": "This update for mariadb fixes the following issues :\n\n - CVE-2016-3477: Unspecified vulnerability in subcomponent\n parser [bsc#991616]\n\n - CVE-2016-3521: Unspecified vulnerability in subcomponent\n types [bsc#991616]\n\n - CVE-2016-3615: Unspecified vulnerability in subcomponent\n dml [bsc#991616]\n\n - CVE-2016-5440: Unspecified vulnerability in subcomponent\n rbr [bsc#991616]\n\n - mariadb failing test main.bootstrap [bsc#984858]\n\n - left over 'openSUSE' comments in MariaDB on SLE12 GM and\n SP1 [bsc#985217]\n\n - remove unnecessary conditionals from specfile\n\n - add '--ignore-db-dir=lost+found' option to\n rc.mysql-multi in order not to misinterpret the\n lost+found directory as a database [bsc#986251]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-09-08T00:00:00", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2248-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "modified": "2016-09-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2016-2248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2248-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93372);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2248-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb fixes the following issues :\n\n - CVE-2016-3477: Unspecified vulnerability in subcomponent\n parser [bsc#991616]\n\n - CVE-2016-3521: Unspecified vulnerability in subcomponent\n types [bsc#991616]\n\n - CVE-2016-3615: Unspecified vulnerability in subcomponent\n dml [bsc#991616]\n\n - CVE-2016-5440: Unspecified vulnerability in subcomponent\n rbr [bsc#991616]\n\n - mariadb failing test main.bootstrap [bsc#984858]\n\n - left over 'openSUSE' comments in MariaDB on SLE12 GM and\n SP1 [bsc#985217]\n\n - remove unnecessary conditionals from specfile\n\n - add '--ignore-db-dir=lost+found' option to\n rc.mysql-multi in order not to misinterpret the\n lost+found directory as a database [bsc#986251]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3477/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3521/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5440/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162248-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8dc0d26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1199=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1199=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.26-20.10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.26-20.10.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:49:43", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.26. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10026-release-\n notes/", "edition": 25, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-07-28T00:00:00", "title": "Debian DSA-3632-1 : mariadb-10.0 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "modified": "2016-07-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mariadb-10.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3632.NASL", "href": "https://www.tenable.com/plugins/nessus/92588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3632. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92588);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_xref(name:\"DSA\", value:\"3632\");\n\n script_name(english:\"Debian DSA-3632-1 : mariadb-10.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.26. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10026-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10026-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3632\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 10.0.26-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.26-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.26-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:43:55", "description": "Several vulnerabilities have been found in the MySQL Database Server.\nThese vulnerabilities are addressed by upgrading MySQL to the recent\nupstream 5.5.50 version. Please refer to the MySQL 5.5 Release Notes\nand Oracle's Critical Patch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720\n.html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.50-0+deb7u2.\n\nRegression note: I have wrongly built the previous 5.5.50-0+deb7u1\nupload over the jessie-security debian packaging. Although I have not\nidentified any issues on amd64, I have uploaded a new release built on\nthe regular wheezy packaging.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-08-08T00:00:00", "title": "Debian DLA-567-2 : mysql-5.5 security and regression update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "modified": "2016-08-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-client-5.5", "p-cpe:/a:debian:debian_linux:libmysqld-dev", "p-cpe:/a:debian:debian_linux:libmysqld-pic", "p-cpe:/a:debian:debian_linux:mysql-common", "p-cpe:/a:debian:debian_linux:mysql-server-5.5", "p-cpe:/a:debian:debian_linux:mysql-server-core-5.5", "p-cpe:/a:debian:debian_linux:mysql-server", "p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5", "p-cpe:/a:debian:debian_linux:libmysqlclient18", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libmysqlclient-dev", "p-cpe:/a:debian:debian_linux:mysql-client", "p-cpe:/a:debian:debian_linux:mysql-source-5.5"], "id": "DEBIAN_DLA-567.NASL", "href": "https://www.tenable.com/plugins/nessus/92762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-567-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92762);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n\n script_name(english:\"Debian DLA-567-2 : mysql-5.5 security and regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the MySQL Database Server.\nThese vulnerabilities are addressed by upgrading MySQL to the recent\nupstream 5.5.50 version. Please refer to the MySQL 5.5 Release Notes\nand Oracle's Critical Patch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720\n.html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.50-0+deb7u2.\n\nRegression note: I have wrongly built the previous 5.5.50-0+deb7u1\nupload over the jessie-security debian packaging. Although I have not\nidentified any issues on amd64, I have uploaded a new release built on\nthe regular wheezy packaging.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/08/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f22d813\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-core-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-source-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.50-0+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.50-0+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T14:24:39", "description": "This update for mariadb fixes the following issues :\n\n - CVE-2016-3477: Unspecified vulnerability in subcomponent\n parser [bsc#991616]\n\n - CVE-2016-3521: Unspecified vulnerability in subcomponent\n types [bsc#991616]\n\n - CVE-2016-3615: Unspecified vulnerability in subcomponent\n dml [bsc#991616]\n\n - CVE-2016-5440: Unspecified vulnerability in subcomponent\n rbr [bsc#991616]\n\n - mariadb failing test main.bootstrap [bsc#984858]\n\n - left over 'openSUSE' comments in MariaDB on SLE12 GM and\n SP1 [bsc#985217]\n\n - remove unnecessary conditionals from specfile\n\n - add '--ignore-db-dir=lost+found' option to\n rc.mysql-multi in order not to misinterpret the\n lost+found directory as a database [bsc#986251]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-09-08T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:2218-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "modified": "2016-09-08T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2016-2218-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2218-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93368);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:2218-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb fixes the following issues :\n\n - CVE-2016-3477: Unspecified vulnerability in subcomponent\n parser [bsc#991616]\n\n - CVE-2016-3521: Unspecified vulnerability in subcomponent\n types [bsc#991616]\n\n - CVE-2016-3615: Unspecified vulnerability in subcomponent\n dml [bsc#991616]\n\n - CVE-2016-5440: Unspecified vulnerability in subcomponent\n rbr [bsc#991616]\n\n - mariadb failing test main.bootstrap [bsc#984858]\n\n - left over 'openSUSE' comments in MariaDB on SLE12 GM and\n SP1 [bsc#985217]\n\n - remove unnecessary conditionals from specfile\n\n - add '--ignore-db-dir=lost+found' option to\n rc.mysql-multi in order not to misinterpret the\n lost+found directory as a database [bsc#986251]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3477/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3521/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5440/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162218-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58045d09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1308=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1308=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1308=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1308=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.26-9.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.26-9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:49:42", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -50.html\n -\n http://www.oracle.com/technetwork/security-advisory/cpuj\n ul2016-2881720.html", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-07-22T00:00:00", "title": "Debian DSA-3624-1 : mysql-5.5 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "modified": "2016-07-22T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:mysql-5.5"], "id": "DEBIAN_DSA-3624.NASL", "href": "https://www.tenable.com/plugins/nessus/92502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3624. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92502);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n script_xref(name:\"DSA\", value:\"3624\");\n\n script_name(english:\"Debian DSA-3624-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -50.html\n -\n http://www.oracle.com/technetwork/security-advisory/cpuj\n ul2016-2881720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f22d813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3624\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.5.50-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient18\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-dev\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-pic\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-common\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite\", reference:\"5.5.50-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.50-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:29:10", "description": "This update for mariadb fixes the following issues :\n\n - CVE-2016-3477: Unspecified vulnerability in subcomponent\n parser [bsc#991616]\n\n - CVE-2016-3521: Unspecified vulnerability in subcomponent\n types [bsc#991616] \n\n - CVE-2016-3615: Unspecified vulnerability in subcomponent\n dml [bsc#991616] \n\n - CVE-2016-5440: Unspecified vulnerability in subcomponent\n rbr [bsc#991616]\n\n - mariadb failing test main.bootstrap [bsc#984858]\n\n - left over 'openSUSE' comments in MariaDB on SLE12 GM and\n SP1 [bsc#985217]\n\n - remove unnecessary conditionals from specfile\n\n - add '--ignore-db-dir=lost+found' option to\n rc.mysql-multi in order not to misinterpret the\n lost+found directory as a database [bsc#986251]\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 19, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-09-12T00:00:00", "title": "openSUSE Security Update : mariadb (openSUSE-2016-1068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "modified": "2016-09-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit"], "id": "OPENSUSE-2016-1068.NASL", "href": "https://www.tenable.com/plugins/nessus/93431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1068.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93431);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2016-1068)\");\n script_summary(english:\"Check for the openSUSE-2016-1068 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb fixes the following issues :\n\n - CVE-2016-3477: Unspecified vulnerability in subcomponent\n parser [bsc#991616]\n\n - CVE-2016-3521: Unspecified vulnerability in subcomponent\n types [bsc#991616] \n\n - CVE-2016-3615: Unspecified vulnerability in subcomponent\n dml [bsc#991616] \n\n - CVE-2016-5440: Unspecified vulnerability in subcomponent\n rbr [bsc#991616]\n\n - mariadb failing test main.bootstrap [bsc#984858]\n\n - left over 'openSUSE' comments in MariaDB on SLE12 GM and\n SP1 [bsc#985217]\n\n - remove unnecessary conditionals from specfile\n\n - add '--ignore-db-dir=lost+found' option to\n rc.mysql-multi in order not to misinterpret the\n lost+found directory as a database [bsc#986251]\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991616\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient-devel-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient_r18-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld-devel-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debugsource-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-errormessages-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-debuginfo-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.26-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.26-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:46:25", "description": "This mysql update to verson 5.5.52 fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2016-3477: Fixed unspecified vulnerability in\n subcomponent parser (bsc#989913).\n\n - CVE-2016-3521: Fixed unspecified vulnerability in\n subcomponent types (bsc#989919).\n\n - CVE-2016-3615: Fixed unspecified vulnerability in\n subcomponent dml (bsc#989922).\n\n - CVE-2016-5440: Fixed unspecified vulnerability in\n subcomponent rbr (bsc#989926).\n\n - CVE-2016-6662: A malicious user with SQL and filesystem\n access could create a my.cnf in the datadir and , under\n certain circumstances, execute arbitrary code as mysql\n (or even root) user. (bsc#998309) More details can be\n found on:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 52.html\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 51.html\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 50.html Bugs fixed :\n\n - bsc#967374: properly restart mysql multi instances\n during upgrade\n\n - bnc#937258: multi script to restart after crash\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-21T00:00:00", "title": "SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2343-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-6662", "CVE-2016-3521"], "modified": "2016-09-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:novell:suse_linux:mysql-tools", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libmysql55client18", "p-cpe:/a:novell:suse_linux:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:mysql-client"], "id": "SUSE_SU-2016-2343-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2343-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93615);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\", \"CVE-2016-6662\");\n\n script_name(english:\"SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2343-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mysql update to verson 5.5.52 fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2016-3477: Fixed unspecified vulnerability in\n subcomponent parser (bsc#989913).\n\n - CVE-2016-3521: Fixed unspecified vulnerability in\n subcomponent types (bsc#989919).\n\n - CVE-2016-3615: Fixed unspecified vulnerability in\n subcomponent dml (bsc#989922).\n\n - CVE-2016-5440: Fixed unspecified vulnerability in\n subcomponent rbr (bsc#989926).\n\n - CVE-2016-6662: A malicious user with SQL and filesystem\n access could create a my.cnf in the datadir and , under\n certain circumstances, execute arbitrary code as mysql\n (or even root) user. (bsc#998309) More details can be\n found on:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 52.html\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 51.html\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 50.html Bugs fixed :\n\n - bsc#967374: properly restart mysql multi instances\n during upgrade\n\n - bnc#937258: multi script to restart after crash\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3477/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3521/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5440/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6662/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162343-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26d998e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-mysql-12752=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-mysql-12752=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-mysql-12752=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mysql-12752=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mysql-12752=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-mysql-12752=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mysql-12752=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mysql-12752=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mysql-12752=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libmysql55client18-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libmysql55client_r18-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-client-5.5.52-0.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-tools-5.5.52-0.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:53:59", "description": "The version of MySQL running on the remote host is 5.5.x prior to\n5.5.50. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n No other details are available. (CVE-2016-3452)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. No other details are available.\n (CVE-2016-3471)\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. No other details are available.\n (CVE-2016-3477)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. No other details are\n available. (CVE-2016-3521)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. No other details are\n available. (CVE-2016-3615)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. No other details are\n available. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n No other details are available. (CVE-2016-5444)\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-07-20T00:00:00", "title": "MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3471", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-3521"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_5_50.NASL", "href": "https://www.tenable.com/plugins/nessus/91993", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91993);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-3452\",\n \"CVE-2016-3471\",\n \"CVE-2016-3477\",\n \"CVE-2016-3521\",\n \"CVE-2016-3615\",\n \"CVE-2016-5440\",\n \"CVE-2016-5444\"\n );\n script_bugtraq_id(\n 91902,\n 91913,\n 91932,\n 91953,\n 91960,\n 91987,\n 91999\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.50. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n No other details are available. (CVE-2016-3452)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. No other details are available.\n (CVE-2016-3471)\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. No other details are available.\n (CVE-2016-3477)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. No other details are\n available. (CVE-2016-3521)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. No other details are\n available. (CVE-2016-3615)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. No other details are\n available. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n No other details are available. (CVE-2016-5444)\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.50 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3471\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.5.50', min:'5.5', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:26", "description": "This update for mariadb to 10.0.27 fixes the following issues :\n\n - release notes :\n\n - https://kb.askmonty.org/en/mariadb-10027-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10026-release-notes\n\n - changelog :\n\n - https://kb.askmonty.org/en/mariadb-10027-changelog\n\n - https://kb.askmonty.org/en/mariadb-10026-changelog\n\n - fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630,\n CVE-2016-6662 10.0.26: CVE-2016-5440, CVE-2016-3615,\n CVE-2016-3521, CVE-2016-3477\n\n - fix: [boo#1005561], [boo#1005570], [boo#998309],\n [boo#989926], [boo#989922], [boo#989919], [boo#989913]\n\n - requires devel packages for aio and lzo2\n\n - remove mariadb-10.0.21-mysql-test_main_bootstrap.patch\n that is no longer needed [boo#984858] \n\n - append '--ignore-db-dir=lost+found' to the mysqld\n options in 'mysql-systemd-helper' script if 'lost+found'\n directory is found in $datadir [boo#986251]\n\n - remove syslog.target from *.service files [boo#983938]\n\n - add systemd to deps to build on leap and friends \n\n - replace '%(_libexecdir)/systemd/system' with %(_unitdir)\n macro\n\n - remove useless mysql@default.service [boo#971456] \n\n - make ORDER BY optimization functions take into account\n multiple equalities [boo#949520]\n\n - adjust mysql-test results in order to take account of a\n new option (orderby_uses_equalities) added by the\n optimizer patch [boo#1003800]\n\n - replace all occurrences of the string '@sysconfdir@'\n with '/etc' in\n mysql-community-server-5.1.46-logrotate.patch as it\n wasn't expanded properly [boo#990890]", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-09T00:00:00", "title": "openSUSE Security Update : mariadb (openSUSE-2016-1274)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5630", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5612", "CVE-2016-5440", "CVE-2016-6662", "CVE-2016-3521"], "modified": "2016-11-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit"], "id": "OPENSUSE-2016-1274.NASL", "href": "https://www.tenable.com/plugins/nessus/94649", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1274.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94649);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3477\", \"CVE-2016-3521\", \"CVE-2016-3615\", \"CVE-2016-5440\", \"CVE-2016-5612\", \"CVE-2016-5630\", \"CVE-2016-6662\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2016-1274)\");\n script_summary(english:\"Check for the openSUSE-2016-1274 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb to 10.0.27 fixes the following issues :\n\n - release notes :\n\n - https://kb.askmonty.org/en/mariadb-10027-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10026-release-notes\n\n - changelog :\n\n - https://kb.askmonty.org/en/mariadb-10027-changelog\n\n - https://kb.askmonty.org/en/mariadb-10026-changelog\n\n - fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630,\n CVE-2016-6662 10.0.26: CVE-2016-5440, CVE-2016-3615,\n CVE-2016-3521, CVE-2016-3477\n\n - fix: [boo#1005561], [boo#1005570], [boo#998309],\n [boo#989926], [boo#989922], [boo#989919], [boo#989913]\n\n - requires devel packages for aio and lzo2\n\n - remove mariadb-10.0.21-mysql-test_main_bootstrap.patch\n that is no longer needed [boo#984858] \n\n - append '--ignore-db-dir=lost+found' to the mysqld\n options in 'mysql-systemd-helper' script if 'lost+found'\n directory is found in $datadir [boo#986251]\n\n - remove syslog.target from *.service files [boo#983938]\n\n - add systemd to deps to build on leap and friends \n\n - replace '%(_libexecdir)/systemd/system' with %(_unitdir)\n macro\n\n - remove useless mysql@default.service [boo#971456] \n\n - make ORDER BY optimization functions take into account\n multiple equalities [boo#949520]\n\n - adjust mysql-test results in order to take account of a\n new option (orderby_uses_equalities) added by the\n optimizer patch [boo#1003800]\n\n - replace all occurrences of the string '@sysconfdir@'\n with '/etc' in\n mysql-community-server-5.1.46-logrotate.patch as it\n wasn't expanded properly [boo#990890]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998309\"\n );\n # https://kb.askmonty.org/en/mariadb-10026-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10026-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10026-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10026-release-notes/\"\n );\n # https://kb.askmonty.org/en/mariadb-10027-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10027-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10027-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10027-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient-devel-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient18-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient18-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient_r18-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqld-devel-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqld18-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqld18-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-bench-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-bench-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-client-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-client-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-debugsource-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-errormessages-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-test-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-test-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-tools-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-tools-debuginfo-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.27-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.27-2.27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:19:24", "description": "Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: RBR. (CVE-2016-5440)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: InnoDB. (CVE-2016-3459)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: Privileges. (CVE-2016-5439)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nvectors related to Server: Parser. (CVE-2016-3477)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Security: Encryption. (CVE-2016-3614)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: DML. (CVE-2016-3615)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Types. (CVE-2016-3521)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: FTS. (CVE-2016-3486)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Optimizer. (CVE-2016-3501)", "edition": 24, "cvss3": {"score": 8.1, "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-08-18T00:00:00", "title": "Amazon Linux AMI : mysql56 (ALAS-2016-737)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-3521"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-test", "p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-737.NASL", "href": "https://www.tenable.com/plugins/nessus/93015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-737.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93015);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-3459\", \"CVE-2016-3477\", \"CVE-2016-3486\", \"CVE-2016-3501\", \"CVE-2016-3521\", \"CVE-2016-3614\", \"CVE-2016-3615\", \"CVE-2016-5439\", \"CVE-2016-5440\");\n script_xref(name:\"ALAS\", value:\"2016-737\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2016-737)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: RBR. (CVE-2016-5440)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: InnoDB. (CVE-2016-3459)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: Privileges. (CVE-2016-5439)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nvectors related to Server: Parser. (CVE-2016-3477)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Security: Encryption. (CVE-2016-3614)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: DML. (CVE-2016-3615)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Types. (CVE-2016-3521)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: FTS. (CVE-2016-3486)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Optimizer. (CVE-2016-3501)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-737.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.32-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:55:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3632-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 27, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.26. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.26-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.26-1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-07-27T14:49:12", "published": "2016-07-27T14:49:12", "id": "DEBIAN:DSA-3632-1:F9C2A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00210.html", "title": "[SECURITY] [DSA 3632-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T00:52:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3624-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 21, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.50-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-07-21T19:41:31", "published": "2016-07-21T19:41:31", "id": "DEBIAN:DSA-3624-1:EC39B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00202.html", "title": "[SECURITY] [DSA 3624-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3521"], "description": "Package : mysql-5.5\nVersion : 5.5.50-0+deb7u2\nCVE ID : CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440\n\nSeveral vulnerabilities have been found in the MySQL Database Server. These\nvulnerabilities are addressed by upgrading MySQL to the recent upstream 5.5.50\nversion. Please refer to the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.50-0+deb7u2.\n\nRegression note: I have wrongly built the previous 5.5.50-0+deb7u1 upload over\nthe jessie-security debian packaging. Although I have not identified any issues\non amd64, I have uploaded a new release built on the regular wheezy packaging.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2016-08-05T08:16:21", "published": "2016-08-05T08:16:21", "id": "DEBIAN:DLA-567-2:D29AF", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201608/msg00008.html", "title": "[SECURITY] [DLA 567-2] mysql-5.5 security and regression update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb (10.1.16).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440)", "modified": "2018-06-13T01:28:22", "published": "2016-08-18T22:22:02", "id": "RHSA-2016:1637", "href": "https://access.redhat.com/errata/RHSA-2016:1637", "type": "redhat", "title": "(RHSA-2016:1637) Important: rh-mariadb101-mariadb security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: mariadb55-mariadb (5.5.50).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440)", "modified": "2018-06-13T01:28:16", "published": "2016-08-11T16:05:47", "id": "RHSA-2016:1603", "href": "https://access.redhat.com/errata/RHSA-2016:1603", "type": "redhat", "title": "(RHSA-2016:1603) Important: mariadb55-mariadb security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb (10.0.26).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440)", "modified": "2018-06-13T01:28:17", "published": "2016-08-11T16:06:21", "id": "RHSA-2016:1604", "href": "https://access.redhat.com/errata/RHSA-2016:1604", "type": "redhat", "title": "(RHSA-2016:1604) Important: rh-mariadb100-mariadb security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:32:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3521", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5609", "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5630", "CVE-2016-8284", "CVE-2016-8288"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a newer upstream version: rh-mysql56-mysql (5.6.32).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3614, CVE-2016-3615, CVE-2016-5439, CVE-2016-5440)", "modified": "2018-06-13T01:28:19", "published": "2016-08-11T16:01:14", "id": "RHSA-2016:1601", "href": "https://access.redhat.com/errata/RHSA-2016:1601", "type": "redhat", "title": "(RHSA-2016:1601) Important: rh-mysql56-mysql security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0666", "CVE-2016-3452", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: mariadb (5.5.50).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)", "modified": "2018-04-12T03:33:33", "published": "2016-08-11T16:05:12", "id": "RHSA-2016:1602", "href": "https://access.redhat.com/errata/RHSA-2016:1602", "type": "redhat", "title": "(RHSA-2016:1602) Important: mariadb security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4913", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0606", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0616", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0651", "CVE-2016-0666", "CVE-2016-2047", "CVE-2016-3452", "CVE-2016-3471", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.50).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-2047, CVE-2016-3452, CVE-2016-3471, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)", "modified": "2018-06-13T01:28:23", "published": "2016-07-25T11:45:08", "id": "RHSA-2016:1480", "href": "https://access.redhat.com/errata/RHSA-2016:1480", "type": "redhat", "title": "(RHSA-2016:1480) Important: mysql55-mysql security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-20T20:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-6662", "CVE-2016-3521"], "edition": 1, "description": "This mysql update to verson 5.5.52 fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser\n (bsc#989913).\n - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types\n (bsc#989919).\n - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml\n (bsc#989922).\n - CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr\n (bsc#989926).\n - CVE-2016-6662: A malicious user with SQL and filesystem access could\n create a my.cnf in the datadir and , under certain circumstances,\n execute arbitrary code as mysql (or even root) user. (bsc#998309)\n\n\n More details can be found on:\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html</a>\n\n Bugs fixed:\n - bsc#967374: properly restart mysql multi instances during upgrade\n - bnc#937258: multi script to restart after crash\n\n", "modified": "2016-09-20T20:09:32", "published": "2016-09-20T20:09:32", "id": "SUSE-SU-2016:2343-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00016.html", "type": "suse", "title": "Security update for mysql (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-08T17:27:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5630", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5612", "CVE-2016-5440", "CVE-2016-6662", "CVE-2016-3521"], "edition": 1, "description": "This update for mariadb to 10.0.27 fixes the following issues:\n\n * release notes:\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10027-release-notes\">https://kb.askmonty.org/en/mariadb-10027-release-notes</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10026-release-notes\">https://kb.askmonty.org/en/mariadb-10026-release-notes</a>\n * changelog:\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10027-changelog\">https://kb.askmonty.org/en/mariadb-10027-changelog</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10026-changelog\">https://kb.askmonty.org/en/mariadb-10026-changelog</a>\n * fixed CVE's 10.0.27: CVE-2016-5612, CVE-2016-5630, CVE-2016-6662\n 10.0.26: CVE-2016-5440, CVE-2016-3615, CVE-2016-3521, CVE-2016-3477\n * fix: [boo#1005561], [boo#1005570], [boo#998309], [boo#989926],\n [boo#989922], [boo#989919], [boo#989913]\n - requires devel packages for aio and lzo2\n - remove mariadb-10.0.21-mysql-test_main_bootstrap.patch that is no longer\n needed [boo#984858]\n - append "--ignore-db-dir=lost+found" to the mysqld options in\n "mysql-systemd-helper" script if "lost+found" directory is found in\n $datadir [boo#986251]\n - remove syslog.target from *.service files [boo#983938]\n - add systemd to deps to build on leap and friends\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n - remove useless mysql@default.service [boo#971456]\n - make ORDER BY optimization functions take into account multiple\n equalities [boo#949520]\n - adjust mysql-test results in order to take account of a new option\n (orderby_uses_equalities) added by the optimizer patch [boo#1003800]\n - replace all occurrences of the string "@sysconfdir@" with "/etc" in\n mysql-community-server-5.1.46-logrotate.patch as it wasn't expanded\n properly [boo#990890]\n\n", "modified": "2016-11-08T18:07:29", "published": "2016-11-08T18:07:29", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00018.html", "id": "OPENSUSE-SU-2016:2746-1", "type": "suse", "title": "Security update for mariadb (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-12T17:27:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5630", "CVE-2016-5609", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-3492", "CVE-2016-5612", "CVE-2016-8288", "CVE-2016-5617", "CVE-2016-5440", "CVE-2016-5616", "CVE-2016-2105", "CVE-2016-5627", "CVE-2016-6304", "CVE-2016-6662", "CVE-2016-3501", "CVE-2016-5626", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-8283", "CVE-2016-5507", "CVE-2016-5584", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-8284", "CVE-2016-3521", "CVE-2016-7440", "CVE-2016-5629"], "edition": 1, "description": "mysql-community-server was updated to 5.6.34 to fix the following issues:\n\n * Changes <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html</a>\n * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,\n CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,\n CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,\n CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,\n CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,\n CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,\n CVE-2016-3459, CVE-2016-5439, CVE-2016-5440\n * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581],\n [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566],\n [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582],\n [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570],\n [boo#1005583], [boo#1005586], [boo#989913], [boo#977614],\n [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921],\n [boo#989911], [boo#989925], [boo#989926]\n - append "--ignore-db-dir=lost+found" to the mysqld options in\n "mysql-systemd-helper" script if "lost+found" directory is found in\n $datadir [boo#986251]\n - remove syslog.target from *.service files [boo#983938]\n - add systemd to deps to build on leap and friends\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n - remove useless mysql@default.service [boo#971456]\n - replace all occurrences of the string "@sysconfdir@" with "/etc" in\n mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded\n properly [boo#990890]\n - remove '%define _rundir' as 13.1 is out of support scope\n - run 'usermod -g mysql mysql' only if mysql user is not in mysql group.\n Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have\n '/bin/false' shell set.\n - re-enable mysql profiling\n\n", "modified": "2016-11-12T15:04:50", "published": "2016-11-12T15:04:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", "id": "OPENSUSE-SU-2016:2788-1", "title": "Security update for mysql-community-server (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-10T17:28:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5630", "CVE-2016-5609", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-3492", "CVE-2016-5612", "CVE-2016-8288", "CVE-2016-5617", "CVE-2016-5440", "CVE-2016-5616", "CVE-2016-2105", "CVE-2016-5627", "CVE-2016-6304", "CVE-2016-6662", "CVE-2016-3501", "CVE-2016-5626", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-8283", "CVE-2016-5507", "CVE-2016-5584", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-8284", "CVE-2016-3521", "CVE-2016-7440", "CVE-2016-5629"], "edition": 1, "description": "mysql-community-server was updated to 5.6.34 to fix the following issues:\n\n * Changes <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html</a>\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html</a>\n * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584,\n CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492,\n CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609,\n CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284,\n CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486,\n CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614,\n CVE-2016-3459, CVE-2016-5439, CVE-2016-5440\n * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581],\n [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566],\n [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582],\n [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570],\n [boo#1005583], [boo#1005586], [boo#989913], [boo#977614],\n [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921],\n [boo#989911], [boo#989925], [boo#989926]\n - append "--ignore-db-dir=lost+found" to the mysqld options in\n "mysql-systemd-helper" script if "lost+found" directory is found in\n $datadir [boo#986251]\n - remove syslog.target from *.service files [boo#983938]\n - add systemd to deps to build on leap and friends\n - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro\n - remove useless mysql@default.service [boo#971456]\n - replace all occurrences of the string "@sysconfdir@" with "/etc" in\n mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded\n properly [boo#990890]\n - remove '%define _rundir' as 13.1 is out of support scope\n - run 'usermod -g mysql mysql' only if mysql user is not in mysql group.\n Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have\n '/bin/false' shell set.\n - re-enable mysql profiling\n\n", "modified": "2016-11-10T17:08:28", "published": "2016-11-10T17:08:28", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", "id": "OPENSUSE-SU-2016:2769-1", "type": "suse", "title": "Security update for mysql-community-server (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-3521"], "description": "**Issue Overview:**\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. ([CVE-2016-5440 __](<https://access.redhat.com/security/cve/CVE-2016-5440>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. ([CVE-2016-3459 __](<https://access.redhat.com/security/cve/CVE-2016-3459>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. ([CVE-2016-5439 __](<https://access.redhat.com/security/cve/CVE-2016-5439>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. ([CVE-2016-3477 __](<https://access.redhat.com/security/cve/CVE-2016-3477>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. ([CVE-2016-3614 __](<https://access.redhat.com/security/cve/CVE-2016-3614>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. ([CVE-2016-3615 __](<https://access.redhat.com/security/cve/CVE-2016-3615>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. ([CVE-2016-3521 __](<https://access.redhat.com/security/cve/CVE-2016-3521>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. ([CVE-2016-3486 __](<https://access.redhat.com/security/cve/CVE-2016-3486>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. ([CVE-2016-3501 __](<https://access.redhat.com/security/cve/CVE-2016-3501>))\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-common-5.6.32-1.16.amzn1.i686 \n mysql56-test-5.6.32-1.16.amzn1.i686 \n mysql56-devel-5.6.32-1.16.amzn1.i686 \n mysql56-libs-5.6.32-1.16.amzn1.i686 \n mysql56-server-5.6.32-1.16.amzn1.i686 \n mysql56-5.6.32-1.16.amzn1.i686 \n mysql56-embedded-devel-5.6.32-1.16.amzn1.i686 \n mysql56-errmsg-5.6.32-1.16.amzn1.i686 \n mysql56-debuginfo-5.6.32-1.16.amzn1.i686 \n mysql56-embedded-5.6.32-1.16.amzn1.i686 \n mysql56-bench-5.6.32-1.16.amzn1.i686 \n \n src: \n mysql56-5.6.32-1.16.amzn1.src \n \n x86_64: \n mysql56-test-5.6.32-1.16.amzn1.x86_64 \n mysql56-libs-5.6.32-1.16.amzn1.x86_64 \n mysql56-5.6.32-1.16.amzn1.x86_64 \n mysql56-devel-5.6.32-1.16.amzn1.x86_64 \n mysql56-embedded-5.6.32-1.16.amzn1.x86_64 \n mysql56-errmsg-5.6.32-1.16.amzn1.x86_64 \n mysql56-server-5.6.32-1.16.amzn1.x86_64 \n mysql56-embedded-devel-5.6.32-1.16.amzn1.x86_64 \n mysql56-bench-5.6.32-1.16.amzn1.x86_64 \n mysql56-common-5.6.32-1.16.amzn1.x86_64 \n mysql56-debuginfo-5.6.32-1.16.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-08-17T13:30:00", "published": "2016-08-17T13:30:00", "id": "ALAS-2016-737", "href": "https://alas.aws.amazon.com/ALAS-2016-737.html", "title": "Important: mysql56", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:36:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0608", "CVE-2016-0600", "CVE-2016-0641", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-0546", "CVE-2016-2047", "CVE-2016-0649", "CVE-2016-5440", "CVE-2016-0606", "CVE-2016-0646", "CVE-2016-0616", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-0609", "CVE-2016-0596", "CVE-2016-0666", "CVE-2016-0643", "CVE-2016-0642", "CVE-2016-0640", "CVE-2016-0598", "CVE-2016-0651", "CVE-2016-0650", "CVE-2016-0597", "CVE-2016-0644", "CVE-2016-3521", "CVE-2016-0505"], "description": "**Issue Overview:**\n\nIt was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. ([CVE-2016-2047 __](<https://access.redhat.com/security/cve/CVE-2016-2047>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to UDF. ([CVE-2016-0608 __](<https://access.redhat.com/security/cve/CVE-2016-0608>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. ([CVE-2016-0609 __](<https://access.redhat.com/security/cve/CVE-2016-0609>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. ([CVE-2016-0505 __](<https://access.redhat.com/security/cve/CVE-2016-0505>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0600 __](<https://access.redhat.com/security/cve/CVE-2016-0600>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0616 __](<https://access.redhat.com/security/cve/CVE-2016-0616>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. ([CVE-2016-3452 __](<https://access.redhat.com/security/cve/CVE-2016-3452>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DDL. ([CVE-2016-0644 __](<https://access.redhat.com/security/cve/CVE-2016-0644>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. ([CVE-2016-3477 __](<https://access.redhat.com/security/cve/CVE-2016-3477>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0596 __](<https://access.redhat.com/security/cve/CVE-2016-0596>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0597 __](<https://access.redhat.com/security/cve/CVE-2016-0597>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect integrity and availability via vectors related to DML. ([CVE-2016-0640 __](<https://access.redhat.com/security/cve/CVE-2016-0640>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. ([CVE-2016-3521 __](<https://access.redhat.com/security/cve/CVE-2016-3521>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect integrity and availability via vectors related to Federated. ([CVE-2016-0642 __](<https://access.redhat.com/security/cve/CVE-2016-0642>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect confidentiality via vectors related to DML. ([CVE-2016-0643 __](<https://access.redhat.com/security/cve/CVE-2016-0643>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to Security: Privileges. ([CVE-2016-0666 __](<https://access.redhat.com/security/cve/CVE-2016-0666>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. ([CVE-2016-0651 __](<https://access.redhat.com/security/cve/CVE-2016-0651>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to Replication. ([CVE-2016-0650 __](<https://access.redhat.com/security/cve/CVE-2016-0650>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0598 __](<https://access.redhat.com/security/cve/CVE-2016-0598>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to PS. ([CVE-2016-0649 __](<https://access.redhat.com/security/cve/CVE-2016-0649>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. ([CVE-2016-5440 __](<https://access.redhat.com/security/cve/CVE-2016-5440>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection. ([CVE-2016-5444 __](<https://access.redhat.com/security/cve/CVE-2016-5444>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. ([CVE-2016-0606 __](<https://access.redhat.com/security/cve/CVE-2016-0606>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to PS. ([CVE-2016-0648 __](<https://access.redhat.com/security/cve/CVE-2016-0648>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DML. ([CVE-2016-0646 __](<https://access.redhat.com/security/cve/CVE-2016-0646>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. ([CVE-2016-0546 __](<https://access.redhat.com/security/cve/CVE-2016-0546>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to FTS. ([CVE-2016-0647 __](<https://access.redhat.com/security/cve/CVE-2016-0647>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. ([CVE-2016-3615 __](<https://access.redhat.com/security/cve/CVE-2016-3615>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. ([CVE-2016-0641 __](<https://access.redhat.com/security/cve/CVE-2016-0641>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-libs-5.5.51-1.11.amzn1.i686 \n mysql55-debuginfo-5.5.51-1.11.amzn1.i686 \n mysql55-bench-5.5.51-1.11.amzn1.i686 \n mysql55-embedded-devel-5.5.51-1.11.amzn1.i686 \n mysql55-test-5.5.51-1.11.amzn1.i686 \n mysql55-devel-5.5.51-1.11.amzn1.i686 \n mysql55-5.5.51-1.11.amzn1.i686 \n mysql55-server-5.5.51-1.11.amzn1.i686 \n mysql-config-5.5.51-1.11.amzn1.i686 \n mysql55-embedded-5.5.51-1.11.amzn1.i686 \n \n src: \n mysql55-5.5.51-1.11.amzn1.src \n \n x86_64: \n mysql-config-5.5.51-1.11.amzn1.x86_64 \n mysql55-bench-5.5.51-1.11.amzn1.x86_64 \n mysql55-debuginfo-5.5.51-1.11.amzn1.x86_64 \n mysql55-libs-5.5.51-1.11.amzn1.x86_64 \n mysql55-server-5.5.51-1.11.amzn1.x86_64 \n mysql55-embedded-5.5.51-1.11.amzn1.x86_64 \n mysql55-embedded-devel-5.5.51-1.11.amzn1.x86_64 \n mysql55-devel-5.5.51-1.11.amzn1.x86_64 \n mysql55-test-5.5.51-1.11.amzn1.x86_64 \n mysql55-5.5.51-1.11.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-08-17T13:30:00", "published": "2016-08-17T13:30:00", "id": "ALAS-2016-738", "href": "https://alas.aws.amazon.com/ALAS-2016-738.html", "title": "Important: mysql55", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:26", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0641", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-0649", "CVE-2016-5440", "CVE-2016-0646", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-0666", "CVE-2016-0643", "CVE-2016-0640", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3521"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1602\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: mariadb (5.5.50).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/034073.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1602.html", "edition": 3, "modified": "2016-08-12T11:27:37", "published": "2016-08-12T11:27:37", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/034073.html", "id": "CESA-2016:1602", "title": "mariadb security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0641", "CVE-2016-3615", "CVE-2016-3477", "CVE-2016-0649", "CVE-2016-5440", "CVE-2016-0646", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-0666", "CVE-2016-0643", "CVE-2016-0640", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3521"], "description": "[1:5.5.50-1]\n- Rebase to 5.5.50\n Resolves: #1359628", "edition": 4, "modified": "2016-08-11T00:00:00", "published": "2016-08-11T00:00:00", "id": "ELSA-2016-1602", "href": "http://linux.oracle.com/errata/ELSA-2016-1602.html", "title": "mariadb security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-5437", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-5442", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-5436", "CVE-2016-5441", "CVE-2016-3521", "CVE-2016-5443", "CVE-2016-3518"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \nUbuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been \nupdated to MySQL 5.7.13.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html> \n<http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html>", "edition": 5, "modified": "2016-07-21T00:00:00", "published": "2016-07-21T00:00:00", "id": "USN-3040-1", "href": "https://ubuntu.com/security/notices/USN-3040-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:14", "bulletinFamily": "software", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3440", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-5437", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-5442", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-5436", "CVE-2016-5441", "CVE-2016-3521", "CVE-2016-5443", "CVE-2016-3518"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not Vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K14457: BIG-IP third party software matrix (11.x - 12.x)](<https://support.f5.com/csp/article/K14457>)\n", "modified": "2016-09-30T21:31:00", "published": "2016-09-30T21:31:00", "id": "F5:K42204713", "href": "https://support.f5.com/csp/article/K42204713", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-3440", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-5437", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-5442", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-5436", "CVE-2016-5441", "CVE-2016-3521", "CVE-2016-5443", "CVE-2016-3518"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL14457: BIG-IP third party software matrix (11.x - 12.x)\n", "modified": "2016-09-30T00:00:00", "published": "2016-09-30T00:00:00", "id": "SOL42204713", "href": "http://support.f5.com/kb/en-us/solutions/public/k/42/sol42204713.html", "type": "f5", "title": "SOL42204713 - Multiple MySQL vulnerabilities", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:44:21", "bulletinFamily": "info", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-2105", "CVE-2016-3440", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-5437", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-5442", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-5436", "CVE-2016-5441", "CVE-2016-3521", "CVE-2016-5443", "CVE-2016-3518"], "description": "### *Detect date*:\n07/19/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle MySQL server. By exploiting these vulnerabilities malicious users can cause denial of service affect integrity or obtain sensitive information. These vulnerabilities can be exploited locally or remotely.\n\n### *Affected products*:\nOracle MySQL server versions earlier than 5.5.50 \nOracle MySQL server 5.6 versions earlier than 5.6.31 \nOracle MySQL server 5.7 versions earlier than 5.7.13\n\n### *Solution*:\nUpdate to the latest version \n[MySQL downloads page](<http://www.mysql.com/downloads/>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle MySQL](<https://threats.kaspersky.com/en/product/Oracle-MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2016-5441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5441>)4.0Warning \n[CVE-2016-5442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5442>)4.0Warning \n[CVE-2016-5443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5443>)1.2Warning \n[CVE-2016-5444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5444>)4.3Warning \n[CVE-2016-3486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3486>)6.8High \n[CVE-2016-3501](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3501>)4.0Warning \n[CVE-2016-3518](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3518>)6.8High \n[CVE-2016-3521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3521>)6.8High \n[CVE-2016-3424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3424>)4.0Warning \n[CVE-2016-3588](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3588>)4.9Warning \n[CVE-2016-3440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3440>)4.0Warning \n[CVE-2016-5437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5437>)4.0Warning \n[CVE-2016-3452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3452>)4.3Warning \n[CVE-2016-3459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3459>)4.0Warning \n[CVE-2016-2105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105>)5.0Critical \n[CVE-2016-3471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3471>)7.1High \n[CVE-2016-3614](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3614>)3.5Warning \n[CVE-2016-3615](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3615>)4.3Warning \n[CVE-2016-5436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5436>)4.0Warning \n[CVE-2016-3477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3477>)4.1Warning \n[CVE-2016-5439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5439>)4.0Warning \n[CVE-2016-5440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5440>)4.0Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2016-07-19T00:00:00", "id": "KLA10847", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10847", "title": "\r KLA10847Multiple vulnerabilities in Oracle MySQL ", "type": "kaspersky", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3615", "CVE-2016-3477", "CVE-2016-5440", "CVE-2016-2105", "CVE-2016-3440", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-5444", "CVE-2016-3452", "CVE-2016-5437", "CVE-2016-3501", "CVE-2016-3614", "CVE-2016-5439", "CVE-2016-5442", "CVE-2016-3459", "CVE-2016-3486", "CVE-2016-5436", "CVE-2016-5441", "CVE-2016-3521", "CVE-2016-5443", "CVE-2016-3518"], "description": "\nOracle reports:\n\nThe quarterly Critical Patch Update contains 22 new security fixes for\n\t Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier\n\n", "edition": 4, "modified": "2016-08-08T00:00:00", "published": "2016-07-20T00:00:00", "id": "CA5CB202-4F51-11E6-B2EC-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html", "title": "MySQL -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:21:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600", "CVE-2016-5465", "CVE-2015-4000", "CVE-2016-3446", "CVE-2016-3508", "CVE-2016-3547", "CVE-2016-3529", "CVE-2016-5452", "CVE-2016-5445", "CVE-2016-1548", "CVE-2016-2518", "CVE-2016-3485", "CVE-2016-3444", "CVE-2015-1792", "CVE-2014-3566", "CVE-2016-3552", "CVE-2015-0235", "CVE-2016-3615", "CVE-2015-1793", "CVE-2016-3491", "CVE-2016-3553", "CVE-2016-3477", "CVE-2016-3613", "CVE-2016-5477", "CVE-2016-3488", "CVE-2015-3197", "CVE-2016-3592", "CVE-2016-3573", "CVE-2016-3494", "CVE-2016-5466", "CVE-2016-5019", "CVE-2015-3236", "CVE-2016-3544", "CVE-2014-3572", "CVE-2016-0705", "CVE-2016-3545", "CVE-2016-3611", "CVE-2015-7181", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-5455", "CVE-2016-3574", "CVE-2015-8138", "CVE-2016-3500", "CVE-2016-5472", "CVE-2016-4051", "CVE-2016-3445", "CVE-2016-5454", "CVE-2016-3554", "CVE-2016-5458", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-3570", "CVE-2016-3432", "CVE-2016-3515", "CVE-2016-2108", "CVE-2016-5447", "CVE-2016-3474", "CVE-2016-3528", "CVE-2016-5440", "CVE-2016-3580", "CVE-2014-3571", "CVE-2016-5450", "CVE-2016-3496", "CVE-2016-3555", "CVE-2016-3596", "CVE-2016-1938", "CVE-2016-5468", "CVE-2016-3481", "CVE-2016-3563", "CVE-2016-0799", "CVE-2016-3539", "CVE-2016-3507", "CVE-2016-3584", "CVE-2016-3519", "CVE-2016-5460", "CVE-2016-3472", "CVE-2016-3583", "CVE-2016-5471", "CVE-2016-3511", "CVE-2016-3479", "CVE-2016-3499", "CVE-2013-2064", "CVE-2014-0224", "CVE-2016-5467", "CVE-2016-0635", "CVE-2016-3498", "CVE-2016-2105", "CVE-2016-3560", "CVE-2016-3514", "CVE-2016-5453", "CVE-2016-3440", "CVE-2016-4052", "CVE-2015-3194", "CVE-2016-2107", "CVE-2016-3607", "CVE-2016-3556", "CVE-2016-3512", "CVE-2016-3532", "CVE-2015-7501", "CVE-2016-1550", "CVE-2016-3475", "CVE-2015-3253", "CVE-2016-0701", "CVE-2016-3476", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-1182", "CVE-2015-7704", "CVE-2016-3585", "CVE-2016-5444", "CVE-2016-3538", "CVE-2014-8275", "CVE-2016-3452", "CVE-2015-7979", "CVE-2016-3549", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2014-3570", "CVE-2016-5451", "CVE-2015-7575", "CVE-2016-3577", "CVE-2016-3591", "CVE-2016-3567", "CVE-2016-3467", "CVE-2016-3537", "CVE-2016-3593", "CVE-2016-3606", "CVE-2016-5456", "CVE-2016-3468", "CVE-2016-3540", "CVE-2016-2109", "CVE-2016-3559", "CVE-2016-5476", "CVE-2015-2721", "CVE-2016-3530", "CVE-2015-3193", "CVE-2014-9708", "CVE-2016-5473", "CVE-2016-3568", "CVE-2016-3453", "CVE-2016-5464", "CVE-2016-5462", "CVE-2016-3490", "CVE-2016-3572", "CVE-2016-3513", "CVE-2012-3137", "CVE-2015-0228", "CVE-2016-3509", "CVE-2015-3237", "CVE-2016-3565", "CVE-2016-5437", "CVE-2016-3534", "CVE-2016-3503", "CVE-2015-7183", "CVE-2016-3550", "CVE-2015-1788", "CVE-2016-3525", "CVE-2016-3587", "CVE-2016-3561", "CVE-2016-3504", "CVE-2016-3581", "CVE-2016-3501", "CVE-2016-5457", "CVE-2016-1547", "CVE-2015-3183", "CVE-2016-3614", "CVE-2012-3410", "CVE-2016-5461", "CVE-2016-5439", "CVE-2015-0204", "CVE-2016-5449", "CVE-2016-3578", "CVE-2016-3527", "CVE-2016-0800", "CVE-2016-3489", "CVE-2016-3483", "CVE-2016-3433", "CVE-2016-5459", "CVE-2016-1181", "CVE-2016-3450", "CVE-2016-3524", "CVE-2016-5442", "CVE-2016-3564", "CVE-2016-5470", "CVE-2013-2566", "CVE-2016-2176", "CVE-2015-1790", "CVE-2016-3542", "CVE-2016-1978", "CVE-2016-3575", "CVE-2016-3531", "CVE-2016-3502", "CVE-2016-3459", "CVE-2016-5446", "CVE-2016-3480", "CVE-2016-3533", "CVE-2016-5469", "CVE-2016-3526", "CVE-2016-5448", "CVE-2016-3486", "CVE-2016-3448", "CVE-2016-5474", "CVE-2016-5436", "CVE-2016-3523", "CVE-2016-5441", "CVE-2016-5475", "CVE-2016-3576", "CVE-2016-3595", "CVE-2016-3610", "CVE-2016-3458", "CVE-2016-3484", "CVE-2016-3586", "CVE-2016-3520", "CVE-2016-3451", "CVE-2016-3582", "CVE-2015-5300", "CVE-2016-3497", "CVE-2016-3589", "CVE-2016-3517", "CVE-2016-3608", "CVE-2016-3510", "CVE-2016-3493", "CVE-2016-3536", "CVE-2016-3548", "CVE-2016-3506", "CVE-2016-3571", "CVE-2016-3487", "CVE-2016-3546", "CVE-2016-5463", "CVE-2016-3541", "CVE-2016-3081", "CVE-2016-3521", "CVE-2015-0205", "CVE-2016-4053", "CVE-2016-3579", "CVE-2016-5443", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-2106", "CVE-2016-3594", "CVE-2016-3478", "CVE-2016-3522", "CVE-2016-3535", "CVE-2016-3543", "CVE-2016-3612", "CVE-2014-3569", "CVE-2016-3470", "CVE-2016-3518", "CVE-2016-3516", "CVE-2015-1791", "CVE-2016-3569", "CVE-2016-3482", "CVE-2016-3590", "CVE-2015-8104", "CVE-2016-3609", "CVE-2016-3566", "CVE-2016-3469"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2016-10-18T00:00:00", "published": "2016-07-19T00:00:00", "id": "ORACLE:CPUJUL2016-2881720", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:16:01", "bulletinFamily": "software", "cvelist": ["CVE-2012-3137", "CVE-2012-3410", "CVE-2013-2064", "CVE-2013-2566", "CVE-2014-0224", "CVE-2014-3566", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2014-9708", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0228", "CVE-2015-0235", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2721", "CVE-2015-2808", "CVE-2015-3183", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-3253", "CVE-2015-4000", "CVE-2015-5300", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7501", "CVE-2015-7575", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-8104", "CVE-2015-8138", "CVE-2016-0635", "CVE-2016-0701", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1938", "CVE-2016-1978", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2518", "CVE-2016-3081", "CVE-2016-3424", "CVE-2016-3432", "CVE-2016-3433", "CVE-2016-3440", "CVE-2016-3444", "CVE-2016-3445", "CVE-2016-3446", "CVE-2016-3448", "CVE-2016-3450", "CVE-2016-3451", "CVE-2016-3452", "CVE-2016-3453", "CVE-2016-3458", "CVE-2016-3459", "CVE-2016-3467", "CVE-2016-3468", "CVE-2016-3469", "CVE-2016-3470", "CVE-2016-3471", "CVE-2016-3472", "CVE-2016-3474", "CVE-2016-3475", "CVE-2016-3476", "CVE-2016-3477", "CVE-2016-3478", "CVE-2016-3479", "CVE-2016-3480", "CVE-2016-3481", "CVE-2016-3482", "CVE-2016-3483", "CVE-2016-3484", "CVE-2016-3485", "CVE-2016-3486", "CVE-2016-3487", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3490", "CVE-2016-3491", "CVE-2016-3493", "CVE-2016-3494", "CVE-2016-3496", "CVE-2016-3497", "CVE-2016-3498", "CVE-2016-3499", "CVE-2016-3500", "CVE-2016-3501", "CVE-2016-3502", "CVE-2016-3503", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3507", "CVE-2016-3508", "CVE-2016-3509", "CVE-2016-3510", "CVE-2016-3511", "CVE-2016-3512", "CVE-2016-3513", "CVE-2016-3514", "CVE-2016-3515", "CVE-2016-3516", "CVE-2016-3517", "CVE-2016-3518", "CVE-2016-3519", "CVE-2016-3520", "CVE-2016-3521", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3526", "CVE-2016-3527", "CVE-2016-3528", "CVE-2016-3529", "CVE-2016-3530", "CVE-2016-3531", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3537", "CVE-2016-3538", "CVE-2016-3539", "CVE-2016-3540", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3544", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3553", "CVE-2016-3554", "CVE-2016-3555", "CVE-2016-3556", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-3559", "CVE-2016-3560", "CVE-2016-3561", "CVE-2016-3563", "CVE-2016-3564", "CVE-2016-3565", "CVE-2016-3566", "CVE-2016-3567", "CVE-2016-3568", "CVE-2016-3569", "CVE-2016-3570", "CVE-2016-3571", "CVE-2016-3572", "CVE-2016-3573", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3584", "CVE-2016-3585", "CVE-2016-3586", "CVE-2016-3587", "CVE-2016-3588", "CVE-2016-3589", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3607", "CVE-2016-3608", "CVE-2016-3609", "CVE-2016-3610", "CVE-2016-3611", "CVE-2016-3612", "CVE-2016-3613", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-4051", "CVE-2016-4052", "CVE-2016-4053", "CVE-2016-5019", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-5445", "CVE-2016-5446", "CVE-2016-5447", "CVE-2016-5448", "CVE-2016-5449", "CVE-2016-5450", "CVE-2016-5451", "CVE-2016-5452", "CVE-2016-5453", "CVE-2016-5454", "CVE-2016-5455", "CVE-2016-5456", "CVE-2016-5457", "CVE-2016-5458", "CVE-2016-5459", "CVE-2016-5460", "CVE-2016-5461", "CVE-2016-5462", "CVE-2016-5463", "CVE-2016-5464", "CVE-2016-5465", "CVE-2016-5466", "CVE-2016-5467", "CVE-2016-5468", "CVE-2016-5469", "CVE-2016-5470", "CVE-2016-5471", "CVE-2016-5472", "CVE-2016-5473", "CVE-2016-5474", "CVE-2016-5475", "CVE-2016-5476", "CVE-2016-5477"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2016-10-18T00:00:00", "published": "2016-07-19T00:00:00", "id": "ORACLE:CPUJUL2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

Oracle MySQL 5.5.x &lt; 5.5.50 Multiple Vulnerabilities (July 2016 CPU)

Description

Oracle MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)