Lucene search
Copyright (C) 2015 Greenbone AGOPENVAS:1361412562310703377HistoryOct 23, 2015 - 12:00 a.m.
Debian: Security Advisory (DSA-3377-1)
2015-10-2300:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
13
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.703377");
script_cve_id("CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4913");
script_tag(name:"creation_date", value:"2015-10-23 22:00:00 +0000 (Fri, 23 Oct 2015)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian: Security Advisory (DSA-3377-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(7|8)");
script_xref(name:"Advisory-ID", value:"DSA-3377-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2015/DSA-3377-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-3377");
script_xref(name:"URL", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html");
script_xref(name:"URL", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html");
script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'mysql-5.5' package(s) announced via the DSA-3377-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
[link moved to references]
[link moved to references]
[link moved to references]
For the oldstable distribution (wheezy), these problems have been fixed in version 5.5.46-0+deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 5.5.46-0+deb8u1.
We recommend that you upgrade your mysql-5.5 packages.");
script_tag(name:"affected", value:"'mysql-5.5' package(s) on Debian 7, Debian 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"libmysqlclient-dev", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmysqlclient18", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmysqld-dev", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmysqld-pic", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-client", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-client-5.5", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-common", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-server", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-server-core-5.5", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-source-5.5", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-testsuite-5.5", ver:"5.5.46-0+deb7u1", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB8") {
if(!isnull(res = isdpkgvuln(pkg:"libmysqlclient-dev", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmysqlclient18", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmysqld-dev", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmysqld-pic", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-client", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-client-5.5", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-common", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-server", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-server-core-5.5", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-source-5.5", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-testsuite", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mysql-testsuite-5.5", ver:"5.5.46-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Debian DSA-3377-1 : mysql-5.5 - security update
2015-10-26 00:00:00
Debian DSA-3385-1 : mariadb-10.0 - security update
2015-11-02 00:00:00
openSUSE Security Update : mariadb (openSUSE-2015-884)
2015-12-17 00:00:00
openvas
openvas
Debian Security Advisory DSA 3377-1 (mysql-5.5 - security update)
2015-10-24 00:00:00
Mageia: Security Advisory (MGASA-2015-0445)
2015-11-17 00:00:00
Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)
2015-10-31 00:00:00
debian
debian
[SECURITY] [DSA 3377-1] mysql-5.5 security update
2015-10-24 08:06:52
[SECURITY] [DSA 3377-1] mysql-5.5 security update
2015-10-24 08:07:10
[SECURITY] [DSA 3385-1] mariadb-10.0 security update
2015-10-31 08:23:38
archlinux
archlinux
mariadb: denial of service
2015-10-30 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2015-11-17 00:36:58
suse
suse
Security update to MariaDB 10.0.22 (important)
2015-12-10 12:13:12
Security update to MariaDB 5.5.46 (important)
2015-12-10 13:10:14
Security update to MySQL 5.6.27 (important)
2015-12-10 12:12:21
freebsd
freebsd
MySQL - Multiple vulnerabilities
2015-11-10 00:00:00
f5
f5
SOL59010802 - Multiple MySQL vulnerabilities
2015-12-15 00:00:00
K59010802 : Multiple MySQL vulnerabilities
2015-12-15 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-03-31 00:00:00
osv
osv
mysql-5.5 packages as an option announcement
2015-12-16 00:00:00
redhat
redhat
(RHSA-2016:22610) Moderate: mariadb security and bug fix update
2016-02-03 05:00:00
(RHSA-2016:0534) Moderate: mariadb security and bug fix update
2016-03-31 14:15:24
(RHSA-2016:1481) Moderate: mariadb55-mariadb security update
2016-07-25 07:45:27
ubuntu
ubuntu
MySQL vulnerabilities
2015-10-26 00:00:00
centos
centos
mariadb security update
2016-03-31 20:53:35
mysql55 security update
2015-08-17 15:20:46
symantec
symantec
SA106 : MySQL Vulnerabilities October 2015
2015-12-17 08:00:00
ibm
ibm
cvelist
cvelist
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-21 21:59:00
ubuntucve
ubuntucve
cve
cve
mariadbunix
mariadbunix
fedora
fedora
[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22
2016-03-05 22:51:47
[SECURITY] Fedora 23 Update: mariadb-10.0.23-1.fc23
2016-02-21 16:34:44
[SECURITY] Fedora 23 Update: community-mysql-5.6.29-1.fc23
2016-03-09 20:22:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:17
Denial Of Service (DoS)
2019-05-02 05:34:17
Privilege Escalation
2019-05-02 05:29:17
zdt
zdt
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
exploitpack
exploitpack
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
checkpoint_advisories
checkpoint_advisories
MySQL Failed Memory Allocation Denial of Service (CVE-2015-4870)
2016-06-08 00:00:00
packetstorm
packetstorm
MySQL Procedure Analyse Denial Of Service
2016-05-28 00:00:00
amazon
amazon
Important: mysql56
2016-04-06 14:40:00
exploitdb
exploitdb
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-11-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
6.8 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.3%
Related for OPENVAS:1361412562310703377