Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:13614125623114201923301
HistoryApr 19, 2021 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2019:2330-1)

2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
1

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2019.2330.1");
  script_cve_id("CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628");
  script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
  script_version("2024-02-02T14:37:50+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-04-25 18:57:02 +0000 (Thu, 25 Apr 2019)");

  script_name("SUSE: Security Advisory (SUSE-SU-2019:2330-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP4)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2019:2330-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2019/suse-su-20192330-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'mariadb, mariadb-connector-c' package(s) announced via the SUSE-SU-2019:2330-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for mariadb and mariadb-connector-c fixes the following issues:

mariadb:
Update to version 10.2.25 (bsc#1136035)

CVE-2019-2628: Fixed a remote denial of service by an privileged
 attacker (bsc#1136035).

CVE-2019-2627: Fixed another remote denial of service by an privileged
 attacker (bsc#1136035).

CVE-2019-2614: Fixed a potential remote denial of service by an
 privileged attacker (bsc#1136035).

Fixed reading options for multiple instances if my${INSTANCE}.cnf is
 used (bsc#1132666).

Adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it
 checks both ping response and the pid in a process list as it can take
 some time till the process is terminated. Otherwise it can lead to
 'found left-over process' situation when regular mariadb is started
 (bsc#1143215).

mariadb-connector-c:
Update to version 3.1.2 (bsc#1136035)

Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for
 x86_64 (bsc#1126088)");

  script_tag(name:"affected", value:"'mariadb, mariadb-connector-c' package(s) on SUSE Linux Enterprise Desktop 12-SP4, SUSE Linux Enterprise Server 12-SP4, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"libmariadb3", rpm:"libmariadb3~3.1.2~2.6.6", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libmariadb3-debuginfo", rpm:"libmariadb3-debuginfo~3.1.2~2.6.6", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libmariadb_plugins", rpm:"libmariadb_plugins~3.1.2~2.6.6", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libmariadb_plugins-debuginfo", rpm:"libmariadb_plugins-debuginfo~3.1.2~2.6.6", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb", rpm:"mariadb~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-client", rpm:"mariadb-client~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-client-debuginfo", rpm:"mariadb-client-debuginfo~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-connector-c-debugsource", rpm:"mariadb-connector-c-debugsource~3.1.2~2.6.6", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-debuginfo", rpm:"mariadb-debuginfo~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-debugsource", rpm:"mariadb-debugsource~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-errormessages", rpm:"mariadb-errormessages~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-tools", rpm:"mariadb-tools~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mariadb-tools-debuginfo", rpm:"mariadb-tools-debuginfo~10.2.25~3.19.2", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 49
suse 2
altlinux 2
openvas 18
mageia 1
ubuntu 4
fedora 4
f5 2
ubuntucve 3
alpinelinux 3
prion 3
redhatcve 3
osv 7
debiancve 3
mariadbunix 3
veracode 3
cve 3
oraclelinux 3
almalinux 2
rocky 2
redhat 7
ibm 2
amazon 1
centos 1
photon 5
oracle 1
nessus
nessus
MariaDB 10.3.0 < 10.3.15 Multiple Vulnerabilities
2019-09-26 00:00:00
MariaDB Server 10.3.x < 10.3.15 Multiple DoS
2019-05-21 00:00:00
SUSE SLED12 / SLES12 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2330-1)
2019-09-09 00:00:00
suse
suse
Security update for mariadb, mariadb-connector-c (important)
2019-08-15 00:00:00
Security update for mariadb, mariadb-connector-c (important)
2019-08-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.3.15-alt1
2019-05-15 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.43-alt1
2020-01-24 00:00:00
openvas
openvas
openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1915-1)
2019-08-16 00:00:00
openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1913-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2020-1)
2021-06-09 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerability
2019-05-19 14:27:30
ubuntu
ubuntu
MariaDB vulnerabilities
2019-05-23 00:00:00
MariaDB vulnerabilities
2019-06-05 00:00:00
MariaDB vulnerabilities
2019-08-13 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: mariadb-10.3.17-1.fc30
2019-08-15 18:10:30
[SECURITY] Fedora 29 Update: mariadb-10.3.17-1.fc29
2019-08-15 18:52:10
[SECURITY] Fedora 30 Update: community-mysql-8.0.17-2.fc30
2019-09-04 03:13:43
f5
f5
K32798641 : MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632
2019-04-25 00:00:00
K52514501 : MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617
2019-04-25 00:00:00
ubuntucve
ubuntucve
CVE-2019-2627
2019-04-23 00:00:00
CVE-2019-2628
2019-04-23 00:00:00
CVE-2019-2614
2019-04-23 00:00:00
alpinelinux
alpinelinux
CVE-2019-2627
2019-04-23 19:32:00
CVE-2019-2614
2019-04-23 19:32:00
CVE-2019-2628
2019-04-23 19:32:00
prion
prion
Code injection
2019-04-23 19:32:00
Code injection
2019-04-23 19:32:00
Design/Logic Flaw
2019-04-23 19:32:00
redhatcve
redhatcve
CVE-2019-2614
2020-01-12 15:33:23
CVE-2019-2628
2019-04-25 09:49:58
CVE-2019-2627
2019-04-25 09:53:31
osv
osv
CVE-2019-2628
2019-04-23 19:32:52
CVE-2019-2627
2019-04-23 19:32:52
CVE-2019-2614
2019-04-23 19:32:51
debiancve
debiancve
CVE-2019-2628
2019-04-23 19:32:00
CVE-2019-2627
2019-04-23 19:32:00
CVE-2019-2614
2019-04-23 19:32:00
mariadbunix
mariadbunix
CVE-2019-2627
2019-04-23 19:32:00
CVE-2019-2628
2019-04-23 19:32:00
CVE-2019-2614
2019-04-23 19:32:51
veracode
veracode
Authorization Bypass
2019-08-08 00:07:35
Denial Of Service (Dos)
2019-08-15 00:08:35
Denial Of Service (DoS)
2019-08-08 00:07:35
cve
cve
CVE-2019-2628
2019-04-23 19:32:00
CVE-2019-2627
2019-04-23 19:32:00
CVE-2019-2614
2019-04-23 19:32:00
oraclelinux
oraclelinux
mariadb:10.3 security and bug fix update
2019-11-14 00:00:00
mariadb security and bug fix update
2019-08-13 00:00:00
mysql:8.0 security update
2019-08-19 00:00:00
almalinux
almalinux
Moderate: mariadb:10.3 security and bug fix update
2019-11-05 00:00:00
Important: mysql:8.0 security update
2019-08-15 17:31:05
rocky
rocky
mariadb:10.3 security and bug fix update
2019-11-05 20:53:43
mysql:8.0 security update
2019-08-15 17:31:05
redhat
redhat
(RHSA-2019:3708) Moderate: mariadb:10.3 security and bug fix update
2019-11-05 20:53:43
(RHSA-2020:4174) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
2020-10-05 14:48:15
(RHSA-2019:2327) Moderate: mariadb security and bug fix update
2019-08-06 08:25:40
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities
2019-11-12 16:26:24
Security Bulletin: IBM API Connect is potentially impacted by vulnerabilities in MySQL
2020-03-03 02:26:47
amazon
amazon
Medium: mariadb
2019-09-13 23:24:00
centos
centos
mariadb security update
2019-08-30 03:38:17
photon
photon
Critical Photon OS Security Update - PHSA-2019-0160
2019-05-24 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0234
2019-05-17 00:00:00
Critical Photon OS Security Update - PHSA-2019-0234
2019-05-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for OPENVAS:13614125623114201923301
nessus49suse2altlinux2openvas18mageia1ubuntu4fedora4f52ubuntucve3alpinelinux3prion3redhatcve3osv7debiancve3mariadbunix3veracode3cve3oraclelinux3almalinux2rocky2redhat7ibm2amazon1centos1photon5oracle1