Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-169.NASL
HistoryFeb 09, 2016 - 12:00 a.m.

openSUSE Security Update : MySQL (openSUSE-2016-169)

2016-02-0900:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
15
JSON

This update to MySQL 5.6.28 fixes the following issues (bsc#962779) :

  • CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

  • CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.

  • CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.

  • CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options.

  • CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.

  • CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

  • CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.

  • CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

  • CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.

  • CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF.

  • CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges.

  • CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

  • CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-169.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(88633);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611");

  script_name(english:"openSUSE Security Update : MySQL (openSUSE-2016-169)");
  script_summary(english:"Check for the openSUSE-2016-169 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update to MySQL 5.6.28 fixes the following issues (bsc#962779) :

  - CVE-2015-7744: Lack of verification against faults
    associated with the Chinese Remainder Theorem (CRT)
    process when allowing ephemeral key exchange without low
    memory optimizations on a server, which makes it easier
    for remote attackers to obtain private RSA keys by
    capturing TLS handshakes, aka a Lenstra attack.

  - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL
    5.5.31 and earlier and 5.6.11 and earlier allows remote
    authenticated users to affect availability via unknown
    vectors related to Optimizer. 

  - CVE-2016-0503: Unspecified vulnerability in Oracle MySQL
    5.6.27 and earlier and 5.7.9 allows remote authenticated
    users to affect availability via vectors related to DML,
    a different vulnerability than CVE-2016-0504. 

  - CVE-2016-0504: Unspecified vulnerability in Oracle MySQL
    5.6.27 and earlier and 5.7.9 allows remote authenticated
    users to affect availability via vectors related to DML,
    a different vulnerability than CVE-2016-0503. 

  - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect availability via
    unknown vectors related to Options. 

  - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    local users to affect confidentiality, integrity, and
    availability via unknown vectors related to Client. 

  - CVE-2016-0594: Unspecified vulnerability in Oracle MySQL
    5.6.21 and earlier allows remote authenticated users to
    affect availability via vectors related to DML. 

  - CVE-2016-0595: Unspecified vulnerability in Oracle MySQL
    5.6.27 and earlier allows remote authenticated users to
    affect availability via vectors related to DML. 

  - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier and 5.6.27 and earlier allows remote
    authenticated users to affect availability via vectors
    related to DML. 

  - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect availability via
    unknown vectors related to Optimizer. 

  - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect availability via
    vectors related to DML. 

  - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect availability via
    unknown vectors related to InnoDB. 

  - CVE-2016-0605: Unspecified vulnerability in Oracle MySQL
    5.6.26 and earlier allows remote authenticated users to
    affect availability via unknown vectors. 

  - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect integrity via
    unknown vectors related to encryption. 

  - CVE-2016-0607: Unspecified vulnerability in Oracle MySQL
    5.6.27 and earlier and 5.7.9 allows remote authenticated
    users to affect availability via unknown vectors related
    to replication. 

  - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect availability via
    vectors related to UDF. 

  - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL
    5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows
    remote authenticated users to affect availability via
    unknown vectors related to privileges. 

  - CVE-2016-0610: Unspecified vulnerability in Oracle MySQL
    5.6.27 and earlier allows remote authenticated users to
    affect availability via unknown vectors related to
    InnoDB. 

  - CVE-2016-0611: Unspecified vulnerability in Oracle MySQL
    5.6.27 and earlier and 5.7.9 allows remote authenticated
    users to affect availability via unknown vectors related
    to Optimizer.

  - bsc#959724: Possible buffer overflow from incorrect use
    of strcpy() and sprintf()"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959724"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962779"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MySQL packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"libmysql56client18-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysql56client18-debuginfo-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysql56client_r18-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-bench-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-bench-debuginfo-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-client-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-client-debuginfo-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-debuginfo-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-debugsource-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-errormessages-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-test-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-test-debuginfo-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-tools-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mysql-community-server-tools-debuginfo-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmysql56client18-32bit-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmysql56client18-debuginfo-32bit-5.6.28-7.16.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmysql56client_r18-32bit-5.6.28-7.16.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysql56client18-32bit / libmysql56client18 / etc");
}
VendorProductVersionCPE
novellopensuselibmysql56client18p-cpe:/a:novell:opensuse:libmysql56client18
novellopensuselibmysql56client18-32bitp-cpe:/a:novell:opensuse:libmysql56client18-32bit
novellopensuselibmysql56client18-debuginfop-cpe:/a:novell:opensuse:libmysql56client18-debuginfo
novellopensuselibmysql56client18-debuginfo-32bitp-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit
novellopensuselibmysql56client_r18p-cpe:/a:novell:opensuse:libmysql56client_r18
novellopensuselibmysql56client_r18-32bitp-cpe:/a:novell:opensuse:libmysql56client_r18-32bit
novellopensusemysql-community-serverp-cpe:/a:novell:opensuse:mysql-community-server
novellopensusemysql-community-server-benchp-cpe:/a:novell:opensuse:mysql-community-server-bench
novellopensusemysql-community-server-bench-debuginfop-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo
novellopensusemysql-community-server-clientp-cpe:/a:novell:opensuse:mysql-community-server-client
Rows per page:
1-10 of 191

References

Related

suse 6
openvas 41
ibm 1
nessus 40
ubuntu 1
f5 2
debian 5
kaspersky 1
fedora 4
amazon 2
ubuntucve 19
cve 19
prion 19
oraclelinux 1
redhat 6
centos 1
freebsd 1
debiancve 1
mariadbunix 12
veracode 16
openwrt 1
suse
suse
Security update for MySQL (important)
2016-02-08 14:11:50
Security update for MySQL (important)
2016-02-07 20:14:28
Security update for mariadb (important)
2016-06-23 13:09:33
openvas
openvas
openSUSE: Security Advisory for MySQL (openSUSE-SU-2016:0377-1)
2016-02-09 00:00:00
openSUSE: Security Advisory for MySQL (openSUSE-SU-2016:0367-1)
2016-02-08 00:00:00
Ubuntu: Security Advisory (USN-2881-1)
2016-01-27 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by OpenSource Oracle MySQL Vulnerability (multiple CVEs)
2018-06-16 21:40:13
nessus
nessus
MySQL 5.6.x < 5.6.28 Multiple Vulnerabilities
2015-12-16 00:00:00
openSUSE Security Update : MySQL (openSUSE-2016-165)
2016-02-08 00:00:00
Oracle MySQL 5.6.x < 5.6.28 Multiple Vulnerabilities
2016-04-15 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2016-01-26 00:00:00
f5
f5
K77508618 : Multiple Oracle MySQL vulnerabilities
2017-05-06 00:00:00
K85298305 : Multiple MySQL vulnerabilities
2017-05-08 00:00:00
debian
debian
[SECURITY] [DLA 409-1] mysql-5.5 security update
2016-02-01 08:32:18
[SECURITY] [DSA 3459-1] mysql-5.5 security update
2016-01-28 19:04:02
[SECURITY] [DSA 3459-1] mysql-5.5 security update
2016-01-28 19:04:24
kaspersky
kaspersky
KLA10749 Multiple vulnerabilities in MariaDB
2016-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22
2016-03-05 22:51:47
[SECURITY] Fedora 23 Update: mariadb-10.0.23-1.fc23
2016-02-21 16:34:44
[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22
2016-03-09 20:17:15
amazon
amazon
Important: mysql56
2016-04-06 14:40:00
Important: mysql55
2016-08-17 13:30:00
ubuntucve
ubuntucve
CVE-2016-0504
2016-01-20 00:00:00
CVE-2016-0503
2016-01-20 00:00:00
CVE-2015-7744
2016-01-22 00:00:00
cve
cve
CVE-2016-0504
2016-01-21 03:00:00
CVE-2016-0503
2016-01-21 03:00:00
CVE-2015-7744
2016-01-22 15:59:00
prion
prion
Design/Logic Flaw
2016-01-21 03:00:00
Design/Logic Flaw
2016-01-21 03:00:00
Design/Logic Flaw
2016-01-22 15:59:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-03-31 00:00:00
redhat
redhat
(RHSA-2016:22610) Moderate: mariadb security and bug fix update
2016-02-03 05:00:00
(RHSA-2016:0705) Critical: rh-mysql56-mysql security update
2016-05-02 12:15:44
(RHSA-2016:0534) Moderate: mariadb security and bug fix update
2016-03-31 14:15:24
centos
centos
mariadb security update
2016-03-31 20:53:35
freebsd
freebsd
wolfssl -- leakage of private key information
2015-09-17 00:00:00
debiancve
debiancve
CVE-2015-7744
2016-01-22 15:59:00
mariadbunix
mariadbunix
CVE-2015-7744
2016-01-22 15:59:00
CVE-2016-0546
2016-01-21 03:01:00
CVE-2016-0610
2016-01-21 03:02:00
veracode
veracode
Memory Corruption
2019-05-02 05:29:18
Denial Of Service (DoS)
2019-05-02 05:29:19
Denial Of Service (DoS)
2019-05-02 05:29:18
openwrt
openwrt
wolfssl: Security update (2 CVEs)
2016-03-02 11:23:10
JSON
Related for OPENSUSE-2016-169.NASL
suse6openvas41ibm1nessus40ubuntu1f52debian5kaspersky1fedora4amazon2ubuntucve19cve19prion19oraclelinux1redhat6centos1freebsd1debiancve1mariadbunix12veracode16openwrt1