{"id": "OPENVAS:1361412562310852654", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1915-1)", "description": "The remote host is missing an update for the ", "published": "2019-08-16T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852654", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["2019:1915-1", "https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"], "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "lastseen": "2020-01-31T16:53:04", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-2628", "CVE-2019-2627", "CVE-2019-2614"]}, {"type": "f5", "idList": ["F5:K32798641", "F5:K52514501"]}, {"type": "nessus", "idList": ["MARIADB_10_3_15.NASL", "UBUNTU_USN-3957-3.NASL", "MARIADB_10_4_5.NASL", "OPENSUSE-2019-1915.NASL", "SUSE_SU-2019-2330-1.NASL", "MARIADB_10_2_24.NASL", "SUSE_SU-2019-2020-1.NASL", "UBUNTU_USN-3957-2.NASL", "MARIADB_10_1_39.NASL", "OPENSUSE-2019-1913.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1915-1", "OPENSUSE-SU-2019:1913-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844137", "OPENVAS:1361412562310844042", "OPENVAS:1361412562310852878", "OPENVAS:1361412562310876690", "OPENVAS:1361412562311220192543", "OPENVAS:1361412562310876685", "OPENVAS:1361412562310142398", "OPENVAS:1361412562310142399", "OPENVAS:1361412562310142403", "OPENVAS:1361412562310142402"]}, {"type": "ubuntu", "idList": ["USN-4070-3", "USN-3957-2", "USN-3957-3", "USN-3957-1"]}, {"type": "fedora", "idList": ["FEDORA:10CA0613BB06", "FEDORA:DD3AE60954BE", "FEDORA:A29B160972B0", "FEDORA:623C360E8D66"]}, {"type": "redhat", "idList": ["RHSA-2019:2484", "RHSA-2019:2511", "RHSA-2020:4174", "RHSA-2020:5246", "RHSA-2019:2327", "RHSA-2019:3708", "RHSA-2020:5663"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2327", "ELSA-2019-2511"]}, {"type": "amazon", "idList": ["ALAS2-2019-1292"]}, {"type": "centos", "idList": ["CESA-2019:2327"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2019"]}], "modified": "2020-01-31T16:53:04", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2020-01-31T16:53:04", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "1361412562310852654", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852654\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-16 02:01:06 +0000 (Fri, 16 Aug 2019)\");\n script_name(\"openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1915-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1915-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb, mariadb-connector-c'\n package(s) announced via the openSUSE-SU-2019:1915-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1915=1\");\n\n script_tag(name:\"affected\", value:\"'mariadb, ' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel\", rpm:\"libmariadb-devel~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel-debuginfo\", rpm:\"libmariadb-devel-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3\", rpm:\"libmariadb3~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-debuginfo\", rpm:\"libmariadb3-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins\", rpm:\"libmariadb_plugins~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins-debuginfo\", rpm:\"libmariadb_plugins-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate\", rpm:\"libmariadbprivate~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate-debuginfo\", rpm:\"libmariadbprivate-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19\", rpm:\"libmysqld19~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19-debuginfo\", rpm:\"libmysqld19-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-connector-c-debugsource\", rpm:\"mariadb-connector-c-debugsource~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-galera\", rpm:\"mariadb-galera~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit\", rpm:\"libmariadb3-32bit~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit-debuginfo\", rpm:\"libmariadb3-32bit-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 14, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2614", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2614"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.25", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:oracle:mysql:5.6.43", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2019-2614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2614", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.7.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.43:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 13, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2627", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2627"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.25", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:oracle:mysql:5.6.43", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2019-2627", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2627", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.7.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.43:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 12, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2628", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2628"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.25", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "CVE-2019-2628", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2628", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.7.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:58", "bulletinFamily": "software", "cvelist": ["CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2628", "CVE-2019-2627"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-25T06:47:00", "published": "2019-04-25T06:46:00", "id": "F5:K32798641", "href": "https://support.f5.com/csp/article/K32798641", "title": "MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:52", "bulletinFamily": "software", "cvelist": ["CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2614", "CVE-2019-2596", "CVE-2019-2607"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-25T06:39:00", "published": "2019-04-25T06:39:00", "id": "F5:K52514501", "href": "https://support.f5.com/csp/article/K52514501", "title": "MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-02-01T04:03:57", "description": "The version of MariaDB installed on the remote host is prior to 10.3.15. It is, therefore, affected by the following\nvulnerabilities as referenced in the mdb-10315-rn advisory:\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent could allow\n a high privileged attacker to hang or, via a frequently \n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent could\n allow a high privileged attacker to hang or, via a\n frequently repeatable crash, to cause a complete denial\n of service. (CVE-2019-2614)\n\n - An unspecified vulnerability in the 'InnoDB'\n subcomponent could allow a high privileged attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-26T00:00:00", "title": "MariaDB 10.3.0 < 10.3.15 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_3_15.NASL", "href": "https://www.tenable.com/plugins/nessus/129358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129358);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_bugtraq_id(107924, 107927);\n\n script_name(english:\"MariaDB 10.3.0 < 10.3.15 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MariaDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.3.15. It is, therefore, affected by the following\nvulnerabilities as referenced in the mdb-10315-rn advisory:\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent could allow\n a high privileged attacker to hang or, via a frequently \n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent could\n allow a high privileged attacker to hang or, via a\n frequently repeatable crash, to cause a complete denial\n of service. (CVE-2019-2614)\n\n - An unspecified vulnerability in the 'InnoDB'\n subcomponent could allow a high privileged attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mdb-10315-rn\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.3.15 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2628\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.3.0-MariaDB', fixed:make_list('10.3.15-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:44:37", "description": "This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by\n an privileged attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of\n service by an privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if\n my$(INSTANCE).cnf is used (bsc#1132666)\n\nmariadb-connector-c :\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to\n /usr/lib64/pkgconfig for x86_64 (bsc#1126088) \n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 16, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-20T00:00:00", "title": "openSUSE Security Update : mariadb / mariadb-connector-c (openSUSE-2019-1915)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2019-08-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld19-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:libmariadbprivate", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:libmariadb3-32bit", "p-cpe:/a:novell:opensuse:libmariadb-devel", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqld19", "p-cpe:/a:novell:opensuse:mariadb-galera", "p-cpe:/a:novell:opensuse:libmariadbprivate-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-connector-c-debugsource", "p-cpe:/a:novell:opensuse:libmariadb3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmariadb3-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:libmariadb_plugins-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmariadb3", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmariadb-devel-debuginfo", "p-cpe:/a:novell:opensuse:libmariadb_plugins"], "id": "OPENSUSE-2019-1915.NASL", "href": "https://www.tenable.com/plugins/nessus/128007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1915.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128007);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n\n script_name(english:\"openSUSE Security Update : mariadb / mariadb-connector-c (openSUSE-2019-1915)\");\n script_summary(english:\"Check for the openSUSE-2019-1915 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by\n an privileged attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of\n service by an privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if\n my$(INSTANCE).cnf is used (bsc#1132666)\n\nmariadb-connector-c :\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to\n /usr/lib64/pkgconfig for x86_64 (bsc#1126088) \n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136035\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb / mariadb-connector-c packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb_plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb_plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadbprivate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadbprivate-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-connector-c-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadb-devel-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadb-devel-debuginfo-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadb3-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadb3-debuginfo-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadb_plugins-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadb_plugins-debuginfo-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadbprivate-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmariadbprivate-debuginfo-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld-devel-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld19-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmysqld19-debuginfo-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-bench-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-bench-debuginfo-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-client-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-client-debuginfo-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-connector-c-debugsource-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-debuginfo-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-debugsource-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-errormessages-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-galera-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-test-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-test-debuginfo-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-tools-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"mariadb-tools-debuginfo-10.2.25-lp150.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-3.1.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-debuginfo-3.1.2-lp150.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmariadb-devel / libmariadb-devel-debuginfo / libmariadb3 / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T04:39:56", "description": "This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by\n an privileged attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of\n service by an privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if\n my$(INSTANCE).cnf is used (bsc#1132666)\n\nmariadb-connector-c :\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to\n /usr/lib64/pkgconfig for x86_64 (bsc#1126088) \n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 19, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-20T00:00:00", "title": "openSUSE Security Update : mariadb / mariadb-connector-c (openSUSE-2019-1913)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:libmysqld19-debuginfo", "p-cpe:/a:novell:opensuse:libmariadbprivate", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:libmariadb3-32bit", "p-cpe:/a:novell:opensuse:libmariadb-devel", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqld19", "p-cpe:/a:novell:opensuse:mariadb-galera", "p-cpe:/a:novell:opensuse:libmariadbprivate-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-connector-c-debugsource", "p-cpe:/a:novell:opensuse:libmariadb3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmariadb3-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:libmariadb_plugins-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmariadb3", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmariadb-devel-debuginfo", "p-cpe:/a:novell:opensuse:libmariadb_plugins"], "id": "OPENSUSE-2019-1913.NASL", "href": "https://www.tenable.com/plugins/nessus/128005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1913.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128005);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n\n script_name(english:\"openSUSE Security Update : mariadb / mariadb-connector-c (openSUSE-2019-1913)\");\n script_summary(english:\"Check for the openSUSE-2019-1913 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by\n an privileged attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of\n service by an privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if\n my$(INSTANCE).cnf is used (bsc#1132666)\n\nmariadb-connector-c :\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to\n /usr/lib64/pkgconfig for x86_64 (bsc#1126088) \n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136035\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb / mariadb-connector-c packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb_plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadb_plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadbprivate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadbprivate-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-connector-c-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadb-devel-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadb-devel-debuginfo-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadb3-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadb3-debuginfo-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadb_plugins-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadb_plugins-debuginfo-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadbprivate-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmariadbprivate-debuginfo-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmysqld-devel-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmysqld19-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libmysqld19-debuginfo-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-bench-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-bench-debuginfo-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-client-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-client-debuginfo-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-connector-c-debugsource-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-debuginfo-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-debugsource-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-errormessages-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-galera-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-test-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-test-debuginfo-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-tools-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"mariadb-tools-debuginfo-10.2.25-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-3.1.2-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-debuginfo-3.1.2-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmariadb-devel / libmariadb-devel-debuginfo / libmariadb3 / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T04:03:58", "description": "The version of MariaDB installed on the remote host is prior to 10.4.5. It is, therefore, affected by the following\nvulnerabilities as referenced in the mdb-1045-rn advisory.\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent allows a\n high privileged attacker to hang or, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent allows a\n high privileged attacker to hang or, via a frequently\n repeatable crash, to cause a complete denial of service.\n (CVE-2019-2614)\n\n - An unspecified vulnerability in the 'InnoDB'\n subcomponent allows a high privileged attacker to cause \n the server to hang or to, via a frequently repeatable\n crash, cause a complete denial of service.\n (CVE-2019-2628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-19T00:00:00", "title": "MariaDB 10.4.0 < 10.4.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_4_5.NASL", "href": "https://www.tenable.com/plugins/nessus/129052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129052);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_bugtraq_id(107924, 107927);\n\n script_name(english:\"MariaDB 10.4.0 < 10.4.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MariaDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.4.5. It is, therefore, affected by the following\nvulnerabilities as referenced in the mdb-1045-rn advisory.\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent allows a\n high privileged attacker to hang or, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent allows a\n high privileged attacker to hang or, via a frequently\n repeatable crash, to cause a complete denial of service.\n (CVE-2019-2614)\n\n - An unspecified vulnerability in the 'InnoDB'\n subcomponent allows a high privileged attacker to cause \n the server to hang or to, via a frequently repeatable\n crash, cause a complete denial of service.\n (CVE-2019-2628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mdb-1045-rn\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.4.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2628\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.4.0-MariaDB', fixed:make_list('10.4.5-MariaDB'), severity:SECURITY_WARNING, paranoid: false);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-14T06:20:00", "description": "This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\nUpdate to version 10.2.25 (bsc#1136035)\n\nCVE-2019-2628: Fixed a remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2627: Fixed another remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2614: Fixed a potential remote denial of service by an\nprivileged attacker (bsc#1136035).\n\nFixed reading options for multiple instances if my${INSTANCE}.cnf is\nused (bsc#1132666)\n\nmariadb-connector-c: Update to version 3.1.2 (bsc#1136035)\n\nMoved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig\nfor x86_64 (bsc#1126088)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-12T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2020-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2019-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadb3", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmariadb-devel-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libmariadb-devel", "p-cpe:/a:novell:suse_linux:mariadb-connector-c-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-test", "p-cpe:/a:novell:suse_linux:libmariadb_plugins-debuginfo", "p-cpe:/a:novell:suse_linux:libmariadb_plugins", "p-cpe:/a:novell:suse_linux:libmysqld19", "p-cpe:/a:novell:suse_linux:libmariadb3-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-bench", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqld19-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-test-debuginfo", "p-cpe:/a:novell:suse_linux:libmariadbprivate", "p-cpe:/a:novell:suse_linux:libmariadb3-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-bench-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-galera", "p-cpe:/a:novell:suse_linux:libmariadbprivate-debuginfo"], "id": "SUSE_SU-2019-2020-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2020-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127756);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2020-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\nUpdate to version 10.2.25 (bsc#1136035)\n\nCVE-2019-2628: Fixed a remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2627: Fixed another remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2614: Fixed a potential remote denial of service by an\nprivileged attacker (bsc#1136035).\n\nFixed reading options for multiple instances if my${INSTANCE}.cnf is\nused (bsc#1132666)\n\nmariadb-connector-c: Update to version 3.1.2 (bsc#1136035)\n\nMoved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig\nfor x86_64 (bsc#1126088)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2614/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2627/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2628/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192020-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffc30457\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2020=1\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-2020=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2020=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2020=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2020=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2020=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb_plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb_plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbprivate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadbprivate-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-connector-c-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadb-devel-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadb-devel-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadb3-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadb3-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadb_plugins-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadb_plugins-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadbprivate-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmariadbprivate-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmysqld-devel-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmysqld19-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libmysqld19-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-bench-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-bench-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-client-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-connector-c-debugsource-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-debugsource-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-galera-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-test-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-test-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-tools-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadb-devel-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadb-devel-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadb3-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadb3-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadb_plugins-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadb_plugins-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadbprivate-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmariadbprivate-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmysqld-devel-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmysqld19-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libmysqld19-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-bench-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-bench-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-client-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-connector-c-debugsource-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-debugsource-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-galera-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-test-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-test-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-tools-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libmariadb3-32bit-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libmariadb3-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libmariadb3-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libmariadbprivate-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libmariadbprivate-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-bench-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-bench-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-connector-c-debugsource-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-debugsource-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-galera-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-test-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"mariadb-test-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libmariadb3-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libmariadb3-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libmariadbprivate-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libmariadbprivate-debuginfo-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-bench-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-bench-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-connector-c-debugsource-3.1.2-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-debuginfo-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-debugsource-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-galera-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-test-10.2.25-3.17.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"mariadb-test-debuginfo-10.2.25-3.17.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-connector-c\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T06:54:13", "description": "This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\nUpdate to version 10.2.25 (bsc#1136035)\n\nCVE-2019-2628: Fixed a remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2627: Fixed another remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2614: Fixed a potential remote denial of service by an\nprivileged attacker (bsc#1136035).\n\nFixed reading options for multiple instances if my${INSTANCE}.cnf is\nused (bsc#1132666).\n\nAdjust mysql-systemd-helper ('shutdown protected MySQL' section) so it\nchecks both ping response and the pid in a process list as it can take\nsome time till the process is terminated. Otherwise it can lead to\n'found left-over process' situation when regular mariadb is started\n(bsc#1143215).\n\nmariadb-connector-c: Update to version 3.1.2 (bsc#1136035)\n\nMoved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig\nfor x86_64 (bsc#1126088)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-09T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2330-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmariadb3", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-connector-c-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:libmariadb_plugins-debuginfo", "p-cpe:/a:novell:suse_linux:libmariadb_plugins", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmariadb3-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2019-2330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128613", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2330-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128613);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2330-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mariadb and mariadb-connector-c fixes the following\nissues :\n\nmariadb :\n\nUpdate to version 10.2.25 (bsc#1136035)\n\nCVE-2019-2628: Fixed a remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2627: Fixed another remote denial of service by an privileged\nattacker (bsc#1136035).\n\nCVE-2019-2614: Fixed a potential remote denial of service by an\nprivileged attacker (bsc#1136035).\n\nFixed reading options for multiple instances if my${INSTANCE}.cnf is\nused (bsc#1132666).\n\nAdjust mysql-systemd-helper ('shutdown protected MySQL' section) so it\nchecks both ping response and the pid in a process list as it can take\nsome time till the process is terminated. Otherwise it can lead to\n'found left-over process' situation when regular mariadb is started\n(bsc#1143215).\n\nmariadb-connector-c: Update to version 3.1.2 (bsc#1136035)\n\nMoved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig\nfor x86_64 (bsc#1126088)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2614/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2627/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2628/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192330-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79eb0342\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-9-2019-2330=1\n\nSUSE OpenStack Cloud 9:zypper in -t patch\nSUSE-OpenStack-Cloud-9-2019-2330=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2330=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2330=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb_plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmariadb_plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-connector-c-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libmariadb3-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libmariadb3-debuginfo-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libmariadb_plugins-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libmariadb_plugins-debuginfo-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-client-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-client-debuginfo-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-connector-c-debugsource-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-debuginfo-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-debugsource-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-tools-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"mariadb-tools-debuginfo-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libmariadb3-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libmariadb3-debuginfo-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libmariadb_plugins-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libmariadb_plugins-debuginfo-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"mariadb-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"mariadb-client-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"mariadb-connector-c-debugsource-3.1.2-2.6.6\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.2.25-3.19.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.2.25-3.19.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-connector-c\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T04:03:56", "description": "The version of MariaDB installed on the remote host is prior to 10.2.24. It is, therefore, affected by the following\nvulnerabilities as referenced in the mdb-10224-rn advisory:\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent could allow\n a high privileged attacker to hang or, via a frequently \n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent could\n allow a high privileged attacker to hang or, via a\n frequently repeatable crash, to cause a complete denial\n of service. (CVE-2019-2614)\n\n - An unspecified vulnerability in the 'InnoDB'\n subcomponent could allow a high privileged attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-10-02T00:00:00", "title": "MariaDB 10.2.0 < 10.2.24 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_2_24.NASL", "href": "https://www.tenable.com/plugins/nessus/129501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129501);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_bugtraq_id(107924, 107927);\n\n script_name(english:\"MariaDB 10.2.0 < 10.2.24 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MariaDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.2.24. It is, therefore, affected by the following\nvulnerabilities as referenced in the mdb-10224-rn advisory:\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent could allow\n a high privileged attacker to hang or, via a frequently \n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent could\n allow a high privileged attacker to hang or, via a\n frequently repeatable crash, to cause a complete denial\n of service. (CVE-2019-2614)\n\n - An unspecified vulnerability in the 'InnoDB'\n subcomponent could allow a high privileged attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mdb-10224-rn\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.2.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2628\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.2.0-MariaDB', fixed:make_list('10.2.24-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T07:29:28", "description": "USN-3957-1 fixed multiple vulnerabilities in MySQL. This update\nprovides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627\nin MariaDB 10.1.\n\nUbuntu 18.04 LTS has been updated to MariaDB 10.1.40.\n\nIn addition to security fixes, the updated package contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://mariadb.com/kb/en/library/mariadb-10140-changelog/\nhttps://mariadb.com/kb/en/library/mariadb-10140-release-notes/\n\nOriginal advisory details :\n\nMultiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu\n19.04 have been updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain\nbug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.\nhtml\n\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-507281\n3.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-07T00:00:00", "title": "Ubuntu 18.04 LTS : mariadb-10.1 vulnerabilities (USN-3957-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:mariadb-server"], "id": "UBUNTU_USN-3957-3.NASL", "href": "https://www.tenable.com/plugins/nessus/125765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3957-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125765);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\");\n script_xref(name:\"USN\", value:\"3957-3\");\n\n script_name(english:\"Ubuntu 18.04 LTS : mariadb-10.1 vulnerabilities (USN-3957-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3957-1 fixed multiple vulnerabilities in MySQL. This update\nprovides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627\nin MariaDB 10.1.\n\nUbuntu 18.04 LTS has been updated to MariaDB 10.1.40.\n\nIn addition to security fixes, the updated package contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://mariadb.com/kb/en/library/mariadb-10140-changelog/\nhttps://mariadb.com/kb/en/library/mariadb-10140-release-notes/\n\nOriginal advisory details :\n\nMultiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu\n19.04 have been updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain\nbug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.\nhtml\n\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-507281\n3.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3957-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"mariadb-server\", pkgver:\"1:10.1.40-0ubuntu0.18.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb-server\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T07:29:27", "description": "USN-3957-1 fixed multiple vulnerabilities in MySQL. This update\naddresses some of them in MariaDB 5.5.\n\nUbuntu 14.04 LTS has been updated to MariaDB 5.5.64.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://mariadb.com/kb/en/library/mariadb-5564-changelog/\nhttps://mariadb.com/kb/en/library/mariadb-5564-release-notes/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-24T00:00:00", "title": "Ubuntu 14.04 LTS : MariaDB vulnerabilities (USN-3957-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mariadb-server", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3957-2.NASL", "href": "https://www.tenable.com/plugins/nessus/125386", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3957-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125386);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\");\n script_xref(name:\"USN\", value:\"3957-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : MariaDB vulnerabilities (USN-3957-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3957-1 fixed multiple vulnerabilities in MySQL. This update\naddresses some of them in MariaDB 5.5.\n\nUbuntu 14.04 LTS has been updated to MariaDB 5.5.64.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://mariadb.com/kb/en/library/mariadb-5564-changelog/\nhttps://mariadb.com/kb/en/library/mariadb-5564-release-notes/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3957-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mariadb-server\", pkgver:\"5.5.64-1ubuntu0.14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb-server\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T04:03:55", "description": "The version of MariaDB installed on the remote host is prior to 10.1.39. It is, therefore, affected by the following\ntwo vulnerabilities as referenced in the mdb-10139-rn advisory:\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent could allow\n a high privileged attacker to hang or, via a frequently \n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent could\n allow a high privileged attacker to hang or, via a\n frequently repeatable crash, to cause a complete denial\n of service. (CVE-2019-2614)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 18, "cvss3": {"score": 4.9, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-26T00:00:00", "title": "MariaDB 10.1.0 < 10.1.39 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_1_39.NASL", "href": "https://www.tenable.com/plugins/nessus/129353", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129353);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\");\n script_bugtraq_id(107927);\n\n script_name(english:\"MariaDB 10.1.0 < 10.1.39 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MariaDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.1.39. It is, therefore, affected by the following\ntwo vulnerabilities as referenced in the mdb-10139-rn advisory:\n\n - An unspecified vulnerability in the\n 'Server: Security: Privileges' subcomponent could allow\n a high privileged attacker to hang or, via a frequently \n repeatable crash, cause a complete denial of service.\n (CVE-2019-2627)\n\n - An unspecified vulnerability in the\n 'Server: Security: Replication' subcomponent could\n allow a high privileged attacker to hang or, via a\n frequently repeatable crash, to cause a complete denial\n of service. (CVE-2019-2614)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mdb-10139-rn\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.1.39 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2627\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.1.0-MariaDB', fixed:make_list('10.1.39-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-31T16:30:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852878", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1913-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852878\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:40:41 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1913-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1913-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb, mariadb-connector-c'\n package(s) announced via the openSUSE-SU-2019:1913-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1913=1\");\n\n script_tag(name:\"affected\", value:\"'mariadb, ' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel\", rpm:\"libmariadb-devel~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel-debuginfo\", rpm:\"libmariadb-devel-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3\", rpm:\"libmariadb3~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-debuginfo\", rpm:\"libmariadb3-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins\", rpm:\"libmariadb_plugins~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins-debuginfo\", rpm:\"libmariadb_plugins-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate\", rpm:\"libmariadbprivate~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate-debuginfo\", rpm:\"libmariadbprivate-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19\", rpm:\"libmysqld19~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19-debuginfo\", rpm:\"libmysqld19-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-connector-c-debugsource\", rpm:\"mariadb-connector-c-debugsource~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-galera\", rpm:\"mariadb-galera~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit\", rpm:\"libmariadb3-32bit~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit-debuginfo\", rpm:\"libmariadb3-32bit-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-06-07T12:42:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2019-06-06T00:00:00", "published": "2019-06-06T00:00:00", "id": "OPENVAS:1361412562310844042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844042", "type": "openvas", "title": "Ubuntu Update for mariadb-10.1 USN-3957-3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844042\");\n script_version(\"2019-06-06T13:02:35+0000\");\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-06 13:02:35 +0000 (Thu, 06 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-06 02:00:47 +0000 (Thu, 06 Jun 2019)\");\n script_name(\"Ubuntu Update for mariadb-10.1 USN-3957-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3957-3\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-June/004945.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb-10.1'\n package(s) announced via the USN-3957-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3957-1 fixed multiple vulnerabilities in MySQL. This update\nprovides the\ncorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB\n10.1.\n\nUbuntu 18.04 LTS has been updated to MariaDB 10.1.40.\n\nIn addition to security fixes, the updated package contain bug fixes,\nnew\nfeatures, and possibly incompatible changes.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update\nincludes\na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04\nhave\nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew\nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information:\");\n\n script_tag(name:\"affected\", value:\"'mariadb-10.1' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"1:10.1.40-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-21T14:49:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2537", "CVE-2019-2510", "CVE-2019-2628", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2019-08-20T00:00:00", "published": "2019-08-16T00:00:00", "id": "OPENVAS:1361412562310876690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876690", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2019-60befaed69", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876690\");\n script_version(\"2019-08-20T10:47:01+0000\");\n script_cve_id(\"CVE-2019-2510\", \"CVE-2019-2537\", \"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-20 10:47:01 +0000 (Tue, 20 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-16 02:24:33 +0000 (Fri, 16 Aug 2019)\");\n script_name(\"Fedora Update for mariadb FEDORA-2019-60befaed69\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-60befaed69\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNJK7AE5I5R4PFE34GSKG6Q2JJDHDWO7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the FEDORA-2019-60befaed69 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded\nSQL database server. It is a client/server implementation consisting of\na server daemon (mysqld) and many different client programs and libraries.\nThe base package contains the standard MariaDB/MySQL client programs and\ngeneric MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.3.17~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2683", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-1559"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142403", "type": "openvas", "title": "Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142403\");\n script_version(\"2019-05-13T13:15:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 13:15:15 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 11:10:56 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2019-1559\", \"CVE-2019-2683\", \"CVE-2019-2627\", \"CVE-2019-2614\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.6.44, 5.7.26, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"5.6.44\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.6.44\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.25\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.26\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2683", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-1559"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142402", "type": "openvas", "title": "Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142402\");\n script_version(\"2019-05-13T13:15:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 13:15:15 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 11:03:51 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2019-1559\", \"CVE-2019-2683\", \"CVE-2019-2627\", \"CVE-2019-2614\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.6.44, 5.7.26, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"5.6.44\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.6.44\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.25\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.26\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-15T14:39:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2614", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2628", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2019-08-14T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310844137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844137", "type": "openvas", "title": "Ubuntu Update for mariadb-10.3 USN-4070-3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844137\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2019-2737\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2758\", \"CVE-2019-2805\", \"CVE-2019-2628\", \"CVE-2019-2627\", \"CVE-2019-2614\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 02:02:56 +0000 (Wed, 14 Aug 2019)\");\n script_name(\"Ubuntu Update for mariadb-10.3 USN-4070-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU19\\.04\");\n\n script_xref(name:\"USN\", value:\"4070-3\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-August/005061.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb-10.3'\n package(s) announced via the USN-4070-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the\ncorresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740,\nCVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in\nMariaDB 10.3.\n\nUbuntu 19.04 has been updated to MariaDB 10.3.17.\n\nIn addition to security fixes, the updated package contain bug fixes, new\nfeatures, and possibly incompatible changes.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes\na new upstream MySQL version to fix these issues.\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to\nMySQL 5.7.27.\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\");\n\n script_tag(name:\"affected\", value:\"'mariadb-10.3' package(s) on Ubuntu 19.04.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libmariadb-dev\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libmariadb-dev-compat\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libmariadb3\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libmariadbclient-dev\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libmariadbd19\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-backup\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-10.3\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-core-10.3\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-connect\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-cracklib-password-check\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-client\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-gssapi-server\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-mroonga\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-oqgraph\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-rocksdb\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-spider\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-plugin-tokudb\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-10.3\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-core-10.3\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-test-data\", ver:\"1:10.3.17-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-08-21T14:52:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3174", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3173", "CVE-2018-3156", "CVE-2018-3251", "CVE-2019-2537", "CVE-2019-2510", "CVE-2018-3284", "CVE-2019-2628", "CVE-2018-3162", "CVE-2018-3143", "CVE-2019-2627", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3185", "CVE-2018-3200"], "description": "The remote host is missing an update for the ", "modified": "2019-08-20T00:00:00", "published": "2019-08-16T00:00:00", "id": "OPENVAS:1361412562310876685", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876685", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2019-f873e2799f", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876685\");\n script_version(\"2019-08-20T10:47:01+0000\");\n script_cve_id(\"CVE-2019-2510\", \"CVE-2019-2537\", \"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\", \"CVE-2018-3282\", \"CVE-2016-9843\", \"CVE-2018-3174\", \"CVE-2018-3143\", \"CVE-2018-3156\", \"CVE-2018-3251\", \"CVE-2018-3185\", \"CVE-2018-3277\", \"CVE-2018-3162\", \"CVE-2018-3173\", \"CVE-2018-3200\", \"CVE-2018-3284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-20 10:47:01 +0000 (Tue, 20 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-16 02:24:00 +0000 (Fri, 16 Aug 2019)\");\n script_name(\"Fedora Update for mariadb FEDORA-2019-f873e2799f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f873e2799f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTZMCNTCGLPIT5NBXAXIPFUHZRFXVC6H\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the FEDORA-2019-f873e2799f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded\nSQL database server. It is a client/server implementation consisting of\na server daemon (mysqld) and many different client programs and libraries.\nThe base package contains the standard MariaDB/MySQL client programs and\ngeneric MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.3.17~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-26T16:49:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2019-2805", "CVE-2019-2737", "CVE-2019-2739", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192543", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-2543)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2543\");\n script_version(\"2020-01-23T13:04:49+0000\");\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-3282\", \"CVE-2019-2503\", \"CVE-2019-2529\", \"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2737\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2805\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:04:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:04:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-2543)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2543\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2543\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2019-2543 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2627)\n\nVulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data.(CVE-2018-3081)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2503)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Serv ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2592", "CVE-2019-2566", "CVE-2019-2581", "CVE-2019-2632", "CVE-2019-2628"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142398", "type": "openvas", "title": "Oracle MySQL < 5.7.26, 8.0.x < 8.0.16 Security Update (2019-5072813) - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142398\");\n script_version(\"2019-05-13T13:15:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 13:15:15 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 09:12:21 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2019-2581\", \"CVE-2019-2628\", \"CVE-2019-2566\", \"CVE-2019-2592\", \"CVE-2019-2632\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL < 5.7.26, 8.0.x < 8.0.16 Security Update (2019-5072813) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.25 and prior, 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.26, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.26\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2592", "CVE-2019-2566", "CVE-2019-2581", "CVE-2019-2632", "CVE-2019-2628"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142399", "type": "openvas", "title": "Oracle MySQL < 5.7.26, 8.0.x < 8.0.16 Security Update (2019-5072813) - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142399\");\n script_version(\"2019-05-13T11:27:46+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 11:27:46 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 09:28:32 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2019-2581\", \"CVE-2019-2628\", \"CVE-2019-2566\", \"CVE-2019-2592\", \"CVE-2019-2632\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL < 5.7.26, 8.0.x < 8.0.16 Security Update (2019-5072813) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.25 and prior, 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.26, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.26\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2019-08-15T16:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-08-15T15:13:15", "published": "2019-08-15T15:13:15", "id": "OPENSUSE-SU-2019:1913-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html", "title": "Security update for mariadb, mariadb-connector-c (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T16:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-08-15T15:11:27", "published": "2019-08-15T15:11:27", "id": "OPENSUSE-SU-2019:1915-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html", "title": "Security update for mariadb, mariadb-connector-c (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "description": "USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the \ncorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1.\n\nUbuntu 18.04 LTS has been updated to MariaDB 10.1.40.\n\nIn addition to security fixes, the updated package contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://mariadb.com/kb/en/library/mariadb-10140-changelog/> \n<https://mariadb.com/kb/en/library/mariadb-10140-release-notes/>\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have \nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html> \n<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html>", "edition": 2, "modified": "2019-06-05T00:00:00", "published": "2019-06-05T00:00:00", "id": "USN-3957-3", "href": "https://ubuntu.com/security/notices/USN-3957-3", "title": "MariaDB vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:40:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "description": "USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the \ncorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 5.5.\n\nUbuntu 14.04 LTS has been updated to MariaDB 5.5.64.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://mariadb.com/kb/en/library/mariadb-5564-changelog/> \n<https://mariadb.com/kb/en/library/mariadb-5564-release-notes/>\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have \nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html> \n<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html>", "edition": 4, "modified": "2019-05-23T00:00:00", "published": "2019-05-23T00:00:00", "id": "USN-3957-2", "href": "https://ubuntu.com/security/notices/USN-3957-2", "title": "MariaDB vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:41:36", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2592", "CVE-2019-2683", "CVE-2019-2614", "CVE-2019-2566", "CVE-2019-2581", "CVE-2019-2632", "CVE-2019-2628", "CVE-2019-2627"], "description": "Multiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have \nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html> \n<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html>", "edition": 3, "modified": "2019-04-29T00:00:00", "published": "2019-04-29T00:00:00", "id": "USN-3957-1", "href": "https://ubuntu.com/security/notices/USN-3957-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-09T00:34:36", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2740", "CVE-2019-2614", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2628", "CVE-2019-2627"], "description": "USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the \ncorresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, \nCVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in \nMariaDB 10.3.\n\nUbuntu 19.04 has been updated to MariaDB 10.3.17.\n\nIn addition to security fixes, the updated package contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://mariadb.com/kb/en/library/mariadb-10317-changelog/> \n<https://mariadb.com/kb/en/library/mariadb-10317-release-notes/>\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to \nMySQL 5.7.27.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html> \n<https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html>", "edition": 2, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "USN-4070-3", "href": "https://ubuntu.com/security/notices/USN-4070-3", "title": "MariaDB vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2510", "CVE-2019-2537", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628"], "description": "MariaDB is a community developed branch of MySQL - a multi-user, multi-thre aded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2019-08-15T18:10:30", "published": "2019-08-15T18:10:30", "id": "FEDORA:623C360E8D66", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: mariadb-10.3.17-1.fc30", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9843", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3162", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3185", "CVE-2018-3200", "CVE-2018-3251", "CVE-2018-3277", "CVE-2018-3282", "CVE-2018-3284", "CVE-2019-2510", "CVE-2019-2537", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628"], "description": "MariaDB is a community developed branch of MySQL - a multi-user, multi-thre aded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2019-08-15T18:52:10", "published": "2019-08-15T18:52:10", "id": "FEDORA:10CA0613BB06", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mariadb-10.3.17-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-09-04T03:13:43", "published": "2019-09-04T03:13:43", "id": "FEDORA:A29B160972B0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: community-mysql-8.0.17-2.fc30", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3133", "CVE-2018-3137", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3182", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3195", "CVE-2018-3200", "CVE-2018-3203", "CVE-2018-3212", "CVE-2018-3247", "CVE-2018-3251", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-09-04T04:07:19", "published": "2019-09-04T04:07:19", "id": "FEDORA:DD3AE60954BE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: community-mysql-8.0.17-2.fc29", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2021-02-12T16:27:46", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2510", "CVE-2019-2537", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2020-2922", "CVE-2021-2007"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358)\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)\n\n* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)\n\n* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2021-02-12T19:58:35", "published": "2019-11-06T01:53:43", "id": "RHSA-2019:3708", "href": "https://access.redhat.com/errata/RHSA-2019:3708", "type": "redhat", "title": "(RHSA-2019:3708) Moderate: mariadb:10.3 security and bug fix update", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-10-05T15:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2938", "CVE-2019-2974", "CVE-2020-13249", "CVE-2020-2574", "CVE-2020-2752", "CVE-2020-2760", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2922"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb (10.2.33), rh-mariadb102-galera (25.3.29). (BZ#1880319, BZ#1880328)\n\nSecurity Fix(es):\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)\n\n* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)\n\n* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)\n\n* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)\n\n* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-05T19:01:41", "published": "2020-10-05T18:48:15", "id": "RHSA-2020:4174", "href": "https://access.redhat.com/errata/RHSA-2020:4174", "type": "redhat", "title": "(RHSA-2020:4174) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:28:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3058", "CVE-2018-3063", "CVE-2018-3066", "CVE-2018-3081", "CVE-2018-3282", "CVE-2019-2503", "CVE-2019-2529", "CVE-2019-2614", "CVE-2019-2627", "CVE-2020-14550", "CVE-2021-2011"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es):\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2021-02-12T16:45:45", "published": "2019-08-06T12:25:40", "id": "RHSA-2019:2327", "href": "https://access.redhat.com/errata/RHSA-2019:2327", "type": "redhat", "title": "(RHSA-2019:2327) Moderate: mariadb security and bug fix update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-15T00:28:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2938", "CVE-2019-2974", "CVE-2020-13249", "CVE-2020-14765", "CVE-2020-14776", "CVE-2020-14789", "CVE-2020-14812", "CVE-2020-15180", "CVE-2020-2574", "CVE-2020-2752", "CVE-2020-2760", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2922", "CVE-2021-2007", "CVE-2021-2022"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb103-mariadb (10.3.27), rh-mariadb103-galera (25.3.31). (BZ#1894122, BZ#1894124)\n\nSecurity Fix(es):\n\n* mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)\n\n* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)\n\n* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)\n\n* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)\n\n* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mysqld_safe --dry-run doesn't work as expected (BZ#1894105)\n\nEnhancement(s):\n\n* [RFE] create separate package providing ha_connect.so plugin for mariadb-server in SCL (BZ#1894114)", "modified": "2021-02-15T03:33:18", "published": "2020-11-30T17:02:34", "id": "RHSA-2020:5246", "href": "https://access.redhat.com/errata/RHSA-2020:5246", "type": "redhat", "title": "(RHSA-2020:5246) Important: rh-mariadb103-mariadb and rh-mariadb103-galera security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-15T00:27:56", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2510", "CVE-2019-2537", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2938", "CVE-2019-2974", "CVE-2020-13249", "CVE-2020-14765", "CVE-2020-14776", "CVE-2020-14789", "CVE-2020-14812", "CVE-2020-15180", "CVE-2020-2574", "CVE-2020-2752", "CVE-2020-2760", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2922", "CVE-2021-2007", "CVE-2021-2022"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089)\n\nSecurity Fix(es):\n\n* mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)\n\n* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)\n\n* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)\n\n* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)\n\n* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)\n\n* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899012)\n\n* Queries with entity_id IN ('1', '2', \u2026, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899020)\n\n* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899025)\n\n* There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899080)", "modified": "2021-02-15T03:36:57", "published": "2020-12-22T13:56:49", "id": "RHSA-2020:5663", "href": "https://access.redhat.com/errata/RHSA-2020:5663", "type": "redhat", "title": "(RHSA-2020:5663) Important: mariadb:10.3 security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T10:21:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T20:25:13", "published": "2019-08-15T21:31:05", "id": "RHSA-2019:2511", "href": "https://access.redhat.com/errata/RHSA-2019:2511", "type": "redhat", "title": "(RHSA-2019:2511) Important: mysql:8.0 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:31:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T20:25:11", "published": "2019-08-14T10:35:35", "id": "RHSA-2019:2484", "href": "https://access.redhat.com/errata/RHSA-2019:2484", "type": "redhat", "title": "(RHSA-2019:2484) Important: rh-mysql80-mysql security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-08-14T08:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "[1:5.5.64-1]\n- Rebase to 5.5.64\n- Resolves: #1490398\n- CVEs fixed: #1610986\n CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3081\n- CVEs fixed: #1664043\n CVE-2018-3282 CVE-2019-2503\n- CVEs fixed: #1701686\n CVE-2019-2529", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2327", "href": "http://linux.oracle.com/errata/ELSA-2019-2327.html", "title": "mariadb security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-12-30T19:25:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2743", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2741", "CVE-2019-2635", "CVE-2019-2791", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2746", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455"], "description": "mecab\n[0.996-1.9]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[0.996-1.8]\n- skip %verify of /etc/opt/rh/rh-mysql57/mecabrc\n Resolves: #1382315\n[0.996-1.7]\n- Prefix library major number with SCL name in soname\n[0.996-1.6]\n- Require runtime package from the scl\n[0.996-1.5]\n- Convert to SCL package\n[0.996-1.4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[0.996-1.3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[0.996-1.2]\n- Rebuilt for GCC 5 C++11 ABI change\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\nmecab-ipadic\n[2.7.0.20070801-16.0.1]\n- Rename the LICENSE.Fedora to LICENSE.oracle\n[2.7.0.20070801-16]\n- Rename the LICENSE.fedora to LICENSE.rhel\n[2.7.0.20070801-15]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[2.7.0.20070801-14.1]\n- Require runtime package from the scl\n[2.7.0.20070801-13.1]\n- Convert to SCL package\n[2.7.0.20070801-12.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[2.7.0.20070801-11.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[2.7.0.20070801-10.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[2.7.0.20070801-9.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[2.7.0.20070801-8.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild\n[2.7.0.20070801-7.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild\n[2.7.0.20070801-6.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[2.7.0.20070801-5.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild\n[2.7.0.20070801-4.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n* Wed Jan 13 2010 Mamoru Tasaka \n- Fix URL for Source2\n[2.7.0.20070801-3]\n- F-12: Mass rebuild\n[2.7.0.20070801-2]\n- F-11: Mass rebuild\n[2.7.0.20070801.dist.1]\n- License update\n[2.7.0.20070801]\n- New release 2.7.0-20070801\n[2.7.0.20070610]\n- New release 2.7.0-20070610\n[2.7.0.20060707-2]\n- Fix typo\n[2.7.0.20060707-1]\n- Initial packaging, based on mecab-jumandic spec file\nmysql\n[8.0.17-3]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-2]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-1]\n- Rebase to 8.0.17\n- Resolves: #1732042\n- CVEs fixed:\n CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741\n CVE-2019-2743 CVE-2019-2746 CVE-2019-2747 CVE-2019-2752 CVE-2019-2755\n CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780\n CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795\n CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801\n CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810\n CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819\n CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879", "edition": 2, "modified": "2019-08-19T00:00:00", "published": "2019-08-19T00:00:00", "id": "ELSA-2019-2511", "href": "http://linux.oracle.com/errata/ELSA-2019-2511.html", "title": "mysql:8.0 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). ([CVE-2019-2503 __](<https://access.redhat.com/security/cve/CVE-2019-2503>) )\n\n \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ([CVE-2018-3058 __](<https://access.redhat.com/security/cve/CVE-2018-3058>) )\n\n \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2018-3282 __](<https://access.redhat.com/security/cve/CVE-2018-3282>))\n\n \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2614 __](<https://access.redhat.com/security/cve/CVE-2019-2614>))\n\n \nVulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). ([CVE-2018-3081 __](<https://access.redhat.com/security/cve/CVE-2018-3081>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2018-3063 __](<https://access.redhat.com/security/cve/CVE-2018-3063>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2529 __](<https://access.redhat.com/security/cve/CVE-2019-2529>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2627 __](<https://access.redhat.com/security/cve/CVE-2019-2627>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). ([CVE-2018-3066 __](<https://access.redhat.com/security/cve/CVE-2018-3066>))\n\n \n**Affected Packages:** \n\n\nmariadb\n\n \n**Issue Correction:** \nRun _yum update mariadb_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n mariadb-5.5.64-1.amzn2.aarch64 \n mariadb-libs-5.5.64-1.amzn2.aarch64 \n mariadb-server-5.5.64-1.amzn2.aarch64 \n mariadb-devel-5.5.64-1.amzn2.aarch64 \n mariadb-embedded-5.5.64-1.amzn2.aarch64 \n mariadb-embedded-devel-5.5.64-1.amzn2.aarch64 \n mariadb-bench-5.5.64-1.amzn2.aarch64 \n mariadb-test-5.5.64-1.amzn2.aarch64 \n mariadb-debuginfo-5.5.64-1.amzn2.aarch64 \n \n i686: \n mariadb-5.5.64-1.amzn2.i686 \n mariadb-libs-5.5.64-1.amzn2.i686 \n mariadb-server-5.5.64-1.amzn2.i686 \n mariadb-devel-5.5.64-1.amzn2.i686 \n mariadb-embedded-5.5.64-1.amzn2.i686 \n mariadb-embedded-devel-5.5.64-1.amzn2.i686 \n mariadb-bench-5.5.64-1.amzn2.i686 \n mariadb-test-5.5.64-1.amzn2.i686 \n mariadb-debuginfo-5.5.64-1.amzn2.i686 \n \n src: \n mariadb-5.5.64-1.amzn2.src \n \n x86_64: \n mariadb-5.5.64-1.amzn2.x86_64 \n mariadb-libs-5.5.64-1.amzn2.x86_64 \n mariadb-server-5.5.64-1.amzn2.x86_64 \n mariadb-devel-5.5.64-1.amzn2.x86_64 \n mariadb-embedded-5.5.64-1.amzn2.x86_64 \n mariadb-embedded-devel-5.5.64-1.amzn2.x86_64 \n mariadb-bench-5.5.64-1.amzn2.x86_64 \n mariadb-test-5.5.64-1.amzn2.x86_64 \n mariadb-debuginfo-5.5.64-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-09-13T23:24:00", "published": "2019-09-13T23:24:00", "id": "ALAS2-2019-1292", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1292.html", "title": "Medium: mariadb", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "centos": [{"lastseen": "2021-02-12T15:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2529", "CVE-2021-2011", "CVE-2019-2614", "CVE-2018-3282", "CVE-2020-14550", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2327\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es):\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005989.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-08-30T03:38:17", "published": "2019-08-30T03:38:17", "id": "CESA-2019:2327", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005989.html", "title": "mariadb security update", "type": "centos", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2019-2663", "CVE-2019-2688", "CVE-2019-2679", "CVE-2018-19362", "CVE-2017-5533", "CVE-2018-11218", "CVE-2015-9251", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2677", "CVE-2019-2655", "CVE-2019-2678", "CVE-2019-2617", "CVE-2017-9798", "CVE-2019-2582", "CVE-2019-2618", "CVE-2019-2685", "CVE-2018-3693", "CVE-2018-0732", "CVE-2016-7103", "CVE-2019-2683", "CVE-2017-5753", "CVE-2019-2612", "CVE-2017-5754", "CVE-2018-1000180", "CVE-2019-2726", "CVE-2014-7923", "CVE-2018-1304", "CVE-2019-2616", "CVE-2017-8287", "CVE-2019-2704", "CVE-2019-2565", "CVE-2019-2587", "CVE-2019-2639", "CVE-2019-2703", "CVE-2018-1000004", "CVE-2019-2647", "CVE-2019-2574", "CVE-2019-2706", "CVE-2019-2598", "CVE-2019-2614", "CVE-2018-2880", "CVE-2018-7566", "CVE-2018-12384", "CVE-2015-5922", "CVE-2018-7489", "CVE-2018-19361", "CVE-2019-2689", "CVE-2019-2596", "CVE-2017-15265", "CVE-2018-0734", "CVE-2019-2700", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2651", "CVE-2017-7867", "CVE-2019-2611", "CVE-2018-5407", "CVE-2019-0190", "CVE-2018-0495", "CVE-2019-2595", "CVE-2019-2681", "CVE-2017-3735", "CVE-2019-2603", "CVE-2019-2660", "CVE-2019-2580", "CVE-2018-15756", "CVE-2018-14719", "CVE-2019-3823", "CVE-2017-0861", "CVE-2019-2697", "CVE-2019-2517", "CVE-2019-2662", "CVE-2016-3092", "CVE-2019-2709", "CVE-2018-11039", "CVE-2018-11761", "CVE-2018-12539", "CVE-2019-2579", "CVE-2018-11307", "CVE-2019-2566", "CVE-2019-2576", "CVE-2019-2551", "CVE-2014-7940", "CVE-2018-14720", "CVE-2018-16865", "CVE-2019-2571", "CVE-2019-2664", "CVE-2015-1832", "CVE-2016-0635", "CVE-2019-2558", "CVE-2019-2686", "CVE-2018-3120", "CVE-2018-14718", "CVE-2019-2602", "CVE-2019-2722", "CVE-2019-2573", "CVE-2016-7055", "CVE-2019-2605", "CVE-2018-16864", "CVE-2018-10901", "CVE-2014-9515", "CVE-2019-2633", "CVE-2015-3253", "CVE-2017-3731", "CVE-2014-9654", "CVE-2019-2583", "CVE-2019-2601", "CVE-2019-2673", "CVE-2019-2650", "CVE-2019-2687", "CVE-2018-12022", "CVE-2019-2682", "CVE-2018-20685", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2621", "CVE-2019-2640", "CVE-2019-2642", "CVE-2019-2567", "CVE-2018-1305", "CVE-2017-17484", "CVE-2019-2713", "CVE-2018-11219", "CVE-2019-2645", "CVE-2018-16890", "CVE-2018-12404", "CVE-2019-2623", "CVE-2019-2701", "CVE-2018-3646", "CVE-2018-11237", "CVE-2018-11775", "CVE-2019-2572", "CVE-2019-2720", "CVE-2018-0735", "CVE-2019-2692", "CVE-2019-2581", "CVE-2019-2589", "CVE-2018-6485", "CVE-2018-1257", "CVE-2019-2691", "CVE-2014-8147", "CVE-2019-2698", "CVE-2019-2712", "CVE-2017-8105", "CVE-2019-2646", "CVE-2018-14721", "CVE-2018-8088", "CVE-2019-3772", "CVE-2019-2694", "CVE-2018-3314", "CVE-2019-2619", "CVE-2014-0114", "CVE-2019-2630", "CVE-2017-3732", "CVE-2019-2613", "CVE-2019-2629", "CVE-2018-0739", "CVE-2019-2670", "CVE-2019-2636", "CVE-2019-2564", "CVE-2019-2693", "CVE-2019-2609", "CVE-2019-2577", "CVE-2018-8034", "CVE-2019-2631", "CVE-2019-2649", "CVE-2019-2578", "CVE-2019-2684", "CVE-2019-2699", "CVE-2019-2656", "CVE-2019-2653", "CVE-2019-2591", "CVE-2018-1000613", "CVE-2014-9911", "CVE-2019-2570", "CVE-2018-8013", "CVE-2016-7415", "CVE-2019-2648", "CVE-2019-2707", "CVE-2018-3620", "CVE-2019-2632", "CVE-2019-2628", "CVE-2018-0161", "CVE-2019-2641", "CVE-2018-11236", "CVE-2014-8146", "CVE-2017-7525", "CVE-2019-2723", "CVE-2019-2635", "CVE-2018-3123", "CVE-2019-2615", "CVE-2019-2638", "CVE-2019-2597", "CVE-2016-6293", "CVE-2018-3312", "CVE-2014-7926", "CVE-2019-2676", "CVE-2017-3733", "CVE-2017-5664", "CVE-2019-2696", "CVE-2018-19360", "CVE-2018-11763", "CVE-2018-0733", "CVE-2019-2654", "CVE-2019-2643", "CVE-2019-2644", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2627", "CVE-2019-2708", "CVE-2019-2665", "CVE-2019-2658", "CVE-2016-8735", "CVE-2019-2424", "CVE-2018-17189", "CVE-2019-2516", "CVE-2017-3738", "CVE-2019-2607", "CVE-2019-2671", "CVE-2019-2705", "CVE-2019-2721", "CVE-2019-2588", "CVE-2019-2675", "CVE-2019-1559", "CVE-2019-2604", "CVE-2017-7868", "CVE-2019-2594", "CVE-2019-2669", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2586", "CVE-2019-2661", "CVE-2019-2657", "CVE-2017-12617", "CVE-2019-3822", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2568", "CVE-2019-2690", "CVE-2019-2610", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2702", "CVE-2019-2622", "CVE-2019-2626", "CVE-2019-2637", "CVE-2019-2518", "CVE-2018-0737", "CVE-2017-14952", "CVE-2014-0107", "CVE-2019-2674", "CVE-2019-2575", "CVE-2019-2652", "CVE-2019-2584", "CVE-2016-2141", "CVE-2019-2557", "CVE-2019-2719", "CVE-2019-2680", "CVE-2018-11040", "CVE-2017-3730", "CVE-2019-2659", "CVE-2019-2585", "CVE-2019-2625", "CVE-2016-1000031", "CVE-2019-2590", "CVE-2018-12023", "CVE-2018-1656", "CVE-2019-2600", "CVE-2019-2608"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2494878.1>).\n", "modified": "2019-05-28T00:00:00", "published": "2019-04-16T00:00:00", "id": "ORACLE:CPUAPR2019-5072813", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-0107", "CVE-2014-0114", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-7940", "CVE-2014-8146", "CVE-2014-8147", "CVE-2014-9515", "CVE-2014-9654", "CVE-2014-9911", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-5922", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2141", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-6293", "CVE-2016-7055", "CVE-2016-7103", "CVE-2016-7415", "CVE-2016-8735", "CVE-2017-0861", "CVE-2017-12617", "CVE-2017-14952", "CVE-2017-15265", "CVE-2017-17484", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7525", "CVE-2017-7867", "CVE-2017-7868", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9798", "CVE-2018-0161", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000004", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11218", "CVE-2018-11219", "CVE-2018-11236", "CVE-2018-11237", "CVE-2018-11307", "CVE-2018-11761", "CVE-2018-11763", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12539", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-1656", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2880", "CVE-2018-3120", "CVE-2018-3123", "CVE-2018-3312", "CVE-2018-3314", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-3693", "CVE-2018-5407", "CVE-2018-6485", "CVE-2018-7489", "CVE-2018-7566", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8088", "CVE-2019-0190", "CVE-2019-1559", "CVE-2019-2424", "CVE-2019-2516", "CVE-2019-2517", "CVE-2019-2518", "CVE-2019-2551", "CVE-2019-2557", "CVE-2019-2558", "CVE-2019-2564", "CVE-2019-2565", "CVE-2019-2566", "CVE-2019-2567", "CVE-2019-2568", "CVE-2019-2570", "CVE-2019-2571", "CVE-2019-2572", "CVE-2019-2573", "CVE-2019-2574", "CVE-2019-2575", "CVE-2019-2576", "CVE-2019-2577", "CVE-2019-2578", "CVE-2019-2579", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2582", "CVE-2019-2583", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2586", "CVE-2019-2587", "CVE-2019-2588", "CVE-2019-2589", "CVE-2019-2590", "CVE-2019-2591", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2594", "CVE-2019-2595", "CVE-2019-2596", "CVE-2019-2597", "CVE-2019-2598", "CVE-2019-2600", "CVE-2019-2601", "CVE-2019-2602", "CVE-2019-2603", "CVE-2019-2604", "CVE-2019-2605", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2608", "CVE-2019-2609", "CVE-2019-2610", "CVE-2019-2611", "CVE-2019-2612", "CVE-2019-2613", "CVE-2019-2614", "CVE-2019-2615", "CVE-2019-2616", "CVE-2019-2617", "CVE-2019-2618", "CVE-2019-2619", "CVE-2019-2620", "CVE-2019-2621", "CVE-2019-2622", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2629", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2633", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2637", "CVE-2019-2638", "CVE-2019-2639", "CVE-2019-2640", "CVE-2019-2641", "CVE-2019-2642", "CVE-2019-2643", "CVE-2019-2644", "CVE-2019-2645", "CVE-2019-2646", "CVE-2019-2647", "CVE-2019-2648", "CVE-2019-2649", "CVE-2019-2650", "CVE-2019-2651", "CVE-2019-2652", "CVE-2019-2653", "CVE-2019-2654", "CVE-2019-2655", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2658", "CVE-2019-2659", "CVE-2019-2660", "CVE-2019-2661", "CVE-2019-2662", "CVE-2019-2663", "CVE-2019-2664", "CVE-2019-2665", "CVE-2019-2669", "CVE-2019-2670", "CVE-2019-2671", "CVE-2019-2673", "CVE-2019-2674", "CVE-2019-2675", "CVE-2019-2676", "CVE-2019-2677", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2681", "CVE-2019-2682", "CVE-2019-2683", "CVE-2019-2684", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2690", "CVE-2019-2691", "CVE-2019-2692", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2696", "CVE-2019-2697", "CVE-2019-2698", "CVE-2019-2699", "CVE-2019-2700", "CVE-2019-2701", "CVE-2019-2702", "CVE-2019-2703", "CVE-2019-2704", "CVE-2019-2705", "CVE-2019-2706", "CVE-2019-2707", "CVE-2019-2708", "CVE-2019-2709", "CVE-2019-2712", "CVE-2019-2713", "CVE-2019-2719", "CVE-2019-2720", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2726", "CVE-2019-3772", "CVE-2019-3822", "CVE-2019-3823"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2494878.1>).\n", "modified": "2019-05-28T00:00:00", "published": "2019-04-16T00:00:00", "id": "ORACLE:CPUAPR2019", "href": "", "type": "oracle", "title": " Oracle Critical Patch Update Advisory - April 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}