Lucene search
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2086-1.NASLHistoryJan 22, 2014 - 12:00 a.m.
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-2086-1)
2014-01-2200:00:00
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2086-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72089);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-5891", "CVE-2013-5908", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0437");
script_bugtraq_id(64891);
script_xref(name:"USN", value:"2086-1");
script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-2086-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04
LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h
tml.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/2086-1/"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected mysql-server-5.1 and / or mysql-server-5.5
packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/15");
script_set_attribute(attribute:"patch_publication_date", value:"2014/01/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|12\.04|12\.10|13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 12.10 / 13.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-server-5.1", pkgver:"5.1.73-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"mysql-server-5.5", pkgver:"5.5.35-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"mysql-server-5.5", pkgver:"5.5.35-0ubuntu0.12.10.1")) flag++;
if (ubuntu_check(osver:"13.10", pkgname:"mysql-server-5.5", pkgver:"5.5.35-0ubuntu0.13.10.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.1 / mysql-server-5.5");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | mysql-server-5.1 | p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.1 |
| canonical | ubuntu_linux | mysql-server-5.5 | p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5 |
| canonical | ubuntu_linux | 10.04 | cpe:/o:canonical:ubuntu_linux:10.04:-:lts |
| canonical | ubuntu_linux | 12.04 | cpe:/o:canonical:ubuntu_linux:12.04:-:lts |
| canonical | ubuntu_linux | 12.10 | cpe:/o:canonical:ubuntu_linux:12.10 |
| canonical | ubuntu_linux | 13.10 | cpe:/o:canonical:ubuntu_linux:13.10 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437
usn.ubuntu.com/2086-1/
Related
ubuntu
ubuntu
MySQL vulnerabilities
2014-01-21 00:00:00
debian
debian
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:55
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2845-1] mysql-5.1 security update
2014-01-17 15:49:25
openvas
openvas
Ubuntu: Security Advisory (USN-2086-1)
2014-01-27 00:00:00
Debian Security Advisory DSA 2848-1 (mysql-5.5 - several vulnerabilities)
2014-01-23 00:00:00
Ubuntu Update for mysql-5.5 USN-2086-1
2014-01-27 00:00:00
nessus
nessus
Debian DSA-2848-1 : mysql-5.5 - several vulnerabilities
2014-01-24 00:00:00
Debian DSA-2845-1 : mysql-5.1 - several vulnerabilities
2014-01-20 00:00:00
Mandriva Linux Security Advisory : mariadb (MDVSA-2014:028)
2014-02-14 00:00:00
f5
f5
K16389 : Multiple MySQL vulnerabilities
2015-07-22 00:00:00
SOL16389 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
SOL16385 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
oraclelinux
oraclelinux
mysql security and bug fix update
2014-02-12 00:00:00
mysql55-mysql security update
2014-02-18 00:00:00
centos
centos
mysql security update
2014-02-12 19:48:34
mysql55 security update
2014-02-19 17:28:37
mariadb55 security update
2014-02-26 15:32:19
redhat
redhat
(RHSA-2014:0164) Moderate: mysql security and bug fix update
2014-02-12 00:00:00
(RHSA-2014:0189) Moderate: mariadb55-mariadb security update
2014-02-19 00:00:00
(RHSA-2014:0186) Moderate: mysql55-mysql security update
2014-02-18 00:00:00
amazon
amazon
Medium: mysql51
2014-03-06 14:56:00
fedora
fedora
[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19
2014-04-29 05:23:30
[SECURITY] Fedora 19 Update: mariadb-5.5.39-1.fc19
2014-09-10 13:31:10
[SECURITY] Fedora 20 Update: mariadb-5.5.39-1.fc20
2014-09-10 13:30:09
mariadbunix
mariadbunix
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
cve
cve
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
Related for UBUNTU_USN-2086-1.NASL