The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1628 advisory.
mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015) (CVE-2014-6568)
mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015) (CVE-2015-0374)
mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) (CVE-2015-0381, CVE-2015-0382)
mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015) (CVE-2015-0391)
mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015) (CVE-2015-0411)
mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015) (CVE-2015-0432)
mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) (CVE-2015-0433)
mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) (CVE-2015-0441)
mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) (CVE-2015-0499)
mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) (CVE-2015-0501)
mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) (CVE-2015-0505, CVE-2015-2573)
mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) (CVE-2015-2568)
mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) (CVE-2015-2571)
mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) (CVE-2015-2582)
mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) (CVE-2015-2620)
mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) (CVE-2015-2643, CVE-2015-4757)
mysql: unspecified vulnerability related to Server:DML (CPU July 2015) (CVE-2015-2648)
mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) (CVE-2015-4737)
mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) (CVE-2015-4752)
mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) (CVE-2015-4816)
mysql: unspecified vulnerability related to Client programs (CPU October 2015) (CVE-2015-4819)
mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) (CVE-2015-4864)
mysql: unspecified vulnerability related to Server:DML (CPU October 2015) (CVE-2015-4879)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2015:1628. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(85443);
script_version("2.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/24");
script_cve_id(
"CVE-2014-6568",
"CVE-2015-0374",
"CVE-2015-0381",
"CVE-2015-0382",
"CVE-2015-0391",
"CVE-2015-0411",
"CVE-2015-0432",
"CVE-2015-0433",
"CVE-2015-0441",
"CVE-2015-0499",
"CVE-2015-0501",
"CVE-2015-0505",
"CVE-2015-2568",
"CVE-2015-2571",
"CVE-2015-2573",
"CVE-2015-2582",
"CVE-2015-2620",
"CVE-2015-2643",
"CVE-2015-2648",
"CVE-2015-4737",
"CVE-2015-4752",
"CVE-2015-4757",
"CVE-2015-4816",
"CVE-2015-4819",
"CVE-2015-4864",
"CVE-2015-4879"
);
script_xref(name:"RHSA", value:"2015:1628");
script_name(english:"RHEL 5 : mysql55-mysql (RHSA-2015:1628)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for mysql55-mysql.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2015:1628 advisory.
- mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015) (CVE-2014-6568)
- mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015)
(CVE-2015-0374)
- mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) (CVE-2015-0381,
CVE-2015-0382)
- mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015) (CVE-2015-0391)
- mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015) (CVE-2015-0411)
- mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015) (CVE-2015-0432)
- mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) (CVE-2015-0433)
- mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) (CVE-2015-0441)
- mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) (CVE-2015-0499)
- mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) (CVE-2015-0501)
- mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) (CVE-2015-0505, CVE-2015-2573)
- mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) (CVE-2015-2568)
- mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) (CVE-2015-2571)
- mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) (CVE-2015-2582)
- mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) (CVE-2015-2620)
- mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) (CVE-2015-2643,
CVE-2015-4757)
- mysql: unspecified vulnerability related to Server:DML (CPU July 2015) (CVE-2015-2648)
- mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) (CVE-2015-4737)
- mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) (CVE-2015-4752)
- mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) (CVE-2015-4816)
- mysql: unspecified vulnerability related to Client programs (CPU October 2015) (CVE-2015-4819)
- mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) (CVE-2015-4864)
- mysql: unspecified vulnerability related to Server:DML (CPU October 2015) (CVE-2015-4879)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?019fc4c0");
# http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb13119f");
# https://access.redhat.com/security/data/csaf/v2/advisories/2015/rhsa-2015_1628.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a2c7a70c");
# http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c4f2e20f");
script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:1628");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184552");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184553");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184555");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184560");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184561");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212758");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212768");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212772");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212776");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212780");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1212783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244768");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244778");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244779");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1244781");
script_set_attribute(attribute:"solution", value:
"Update the RHEL mysql55-mysql package based on the guidance in RHSA-2015:1628.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0411");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-2582");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/client/5/5Client/i386/debug',
'content/dist/rhel/client/5/5Client/i386/os',
'content/dist/rhel/client/5/5Client/i386/source/SRPMS',
'content/dist/rhel/client/5/5Client/x86_64/debug',
'content/dist/rhel/client/5/5Client/x86_64/os',
'content/dist/rhel/client/5/5Client/x86_64/source/SRPMS',
'content/dist/rhel/power/5/5Server/ppc/debug',
'content/dist/rhel/power/5/5Server/ppc/os',
'content/dist/rhel/power/5/5Server/ppc/source/SRPMS',
'content/dist/rhel/server/5/5Server/i386/debug',
'content/dist/rhel/server/5/5Server/i386/os',
'content/dist/rhel/server/5/5Server/i386/source/SRPMS',
'content/dist/rhel/server/5/5Server/x86_64/debug',
'content/dist/rhel/server/5/5Server/x86_64/os',
'content/dist/rhel/server/5/5Server/x86_64/source/SRPMS',
'content/dist/rhel/system-z/5/5Server/s390x/debug',
'content/dist/rhel/system-z/5/5Server/s390x/os',
'content/dist/rhel/system-z/5/5Server/s390x/source/SRPMS',
'content/dist/rhel/workstation/5/5Client/i386/debug',
'content/dist/rhel/workstation/5/5Client/i386/desktop/debug',
'content/dist/rhel/workstation/5/5Client/i386/desktop/os',
'content/dist/rhel/workstation/5/5Client/i386/desktop/source/SRPMS',
'content/dist/rhel/workstation/5/5Client/i386/os',
'content/dist/rhel/workstation/5/5Client/i386/source/SRPMS',
'content/dist/rhel/workstation/5/5Client/x86_64/debug',
'content/dist/rhel/workstation/5/5Client/x86_64/desktop/debug',
'content/dist/rhel/workstation/5/5Client/x86_64/desktop/os',
'content/dist/rhel/workstation/5/5Client/x86_64/desktop/source/SRPMS',
'content/dist/rhel/workstation/5/5Client/x86_64/os',
'content/dist/rhel/workstation/5/5Client/x86_64/source/SRPMS',
'content/fastrack/rhel/client/5/i386/debug',
'content/fastrack/rhel/client/5/i386/os',
'content/fastrack/rhel/client/5/i386/source/SRPMS',
'content/fastrack/rhel/client/5/x86_64/debug',
'content/fastrack/rhel/client/5/x86_64/os',
'content/fastrack/rhel/client/5/x86_64/source/SRPMS',
'content/fastrack/rhel/power/5/ppc/debug',
'content/fastrack/rhel/power/5/ppc/os',
'content/fastrack/rhel/power/5/ppc/source/SRPMS',
'content/fastrack/rhel/server/5/i386/debug',
'content/fastrack/rhel/server/5/i386/os',
'content/fastrack/rhel/server/5/i386/source/SRPMS',
'content/fastrack/rhel/server/5/x86_64/debug',
'content/fastrack/rhel/server/5/x86_64/os',
'content/fastrack/rhel/server/5/x86_64/source/SRPMS',
'content/fastrack/rhel/system-z/5/s390x/debug',
'content/fastrack/rhel/system-z/5/s390x/os',
'content/fastrack/rhel/system-z/5/s390x/source/SRPMS',
'content/fastrack/rhel/workstation/5/i386/debug',
'content/fastrack/rhel/workstation/5/i386/desktop/debug',
'content/fastrack/rhel/workstation/5/i386/desktop/os',
'content/fastrack/rhel/workstation/5/i386/desktop/source/SRPMS',
'content/fastrack/rhel/workstation/5/i386/os',
'content/fastrack/rhel/workstation/5/i386/source/SRPMS',
'content/fastrack/rhel/workstation/5/x86_64/debug',
'content/fastrack/rhel/workstation/5/x86_64/desktop/debug',
'content/fastrack/rhel/workstation/5/x86_64/desktop/os',
'content/fastrack/rhel/workstation/5/x86_64/desktop/source/SRPMS',
'content/fastrack/rhel/workstation/5/x86_64/os',
'content/fastrack/rhel/workstation/5/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'mysql55-mysql-5.5.45-1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-5.5.45-1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-5.5.45-1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-5.5.45-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-bench-5.5.45-1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-bench-5.5.45-1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-bench-5.5.45-1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-bench-5.5.45-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-devel-5.5.45-1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-devel-5.5.45-1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-devel-5.5.45-1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-devel-5.5.45-1.el5', 'cpu':'s390', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-devel-5.5.45-1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-devel-5.5.45-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-libs-5.5.45-1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-libs-5.5.45-1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-libs-5.5.45-1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-libs-5.5.45-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-server-5.5.45-1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-server-5.5.45-1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-server-5.5.45-1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-server-5.5.45-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-test-5.5.45-1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-test-5.5.45-1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-test-5.5.45-1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql55-mysql-test-5.5.45-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-devel / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | mysql55-mysql | p-cpe:/a:redhat:enterprise_linux:mysql55-mysql |
redhat | enterprise_linux | mysql55-mysql-bench | p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-bench |
redhat | enterprise_linux | mysql55-mysql-devel | p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-devel |
redhat | enterprise_linux | mysql55-mysql-libs | p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-libs |
redhat | enterprise_linux | mysql55-mysql-server | p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-server |
redhat | enterprise_linux | mysql55-mysql-test | p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-test |
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4879
www.nessus.org/u?019fc4c0
www.nessus.org/u?a2c7a70c
www.nessus.org/u?c4f2e20f
www.nessus.org/u?eb13119f
access.redhat.com/errata/RHSA-2015:1628
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1184552
bugzilla.redhat.com/show_bug.cgi?id=1184553
bugzilla.redhat.com/show_bug.cgi?id=1184554
bugzilla.redhat.com/show_bug.cgi?id=1184555
bugzilla.redhat.com/show_bug.cgi?id=1184557
bugzilla.redhat.com/show_bug.cgi?id=1184560
bugzilla.redhat.com/show_bug.cgi?id=1184561
bugzilla.redhat.com/show_bug.cgi?id=1212758
bugzilla.redhat.com/show_bug.cgi?id=1212763
bugzilla.redhat.com/show_bug.cgi?id=1212768
bugzilla.redhat.com/show_bug.cgi?id=1212772
bugzilla.redhat.com/show_bug.cgi?id=1212776
bugzilla.redhat.com/show_bug.cgi?id=1212777
bugzilla.redhat.com/show_bug.cgi?id=1212780
bugzilla.redhat.com/show_bug.cgi?id=1212783
bugzilla.redhat.com/show_bug.cgi?id=1244768
bugzilla.redhat.com/show_bug.cgi?id=1244771
bugzilla.redhat.com/show_bug.cgi?id=1244774
bugzilla.redhat.com/show_bug.cgi?id=1244775
bugzilla.redhat.com/show_bug.cgi?id=1244778
bugzilla.redhat.com/show_bug.cgi?id=1244779
bugzilla.redhat.com/show_bug.cgi?id=1244781
dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html