ID OPENVAS:703311 Type openvas Reporter Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net Modified 2017-07-07T00:00:00
Description
Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.20. Please see the MariaDB 10.0 Release Notes for further
details:
# OpenVAS Vulnerability Test
# $Id: deb_3311.nasl 6609 2017-07-07 12:05:59Z cfischer $
# Auto-generated from advisory DSA 3311-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
{
script_id(703311);
script_version("$Revision: 6609 $");
script_cve_id("CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0499", "CVE-2015-0501",
"CVE-2015-0505", "CVE-2015-2568", "CVE-2015-2571", "CVE-2015-2573",
"CVE-2015-2582", "CVE-2015-2643", "CVE-2015-2648", "CVE-2015-3152",
"CVE-2015-4752", "CVE-2015-4757");
script_name("Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)");
script_tag(name: "last_modification", value: "$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $");
script_tag(name: "creation_date", value: "2015-07-20 00:00:00 +0200 (Mon, 20 Jul 2015)");
script_tag(name:"cvss_base", value:"5.7");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:M/C:N/I:N/A:C");
script_tag(name: "solution_type", value: "VendorFix");
script_tag(name: "qod_type", value: "package");
script_xref(name: "URL", value: "http://www.debian.org/security/2015/dsa-3311.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name: "affected", value: "mariadb-10.0 on Debian Linux");
script_tag(name: "solution", value: "For the stable distribution (jessie), these problems have been fixed in
version 10.0.20-0+deb8u1.
For the unstable distribution (sid), these problems have been fixed in
version 10.0.20-1 or earlier versions.
We recommend that you upgrade your mariadb-10.0 packages.");
script_tag(name: "summary", value: "Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.20. Please see the MariaDB 10.0 Release Notes for further
details:
https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/");
script_tag(name: "vuldetect", value: "This check tests the installed software version using the apt package manager.");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libmariadbd-dev", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-client", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-client-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-client-core-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-common", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-connect-engine-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-oqgraph-engine-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-server", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-server-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-server-core-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-test", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"mariadb-test-10.0", ver:"10.0.20-0+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"href": "http://plugins.openvas.org/nasl.php?oid=703311", "history": [{"lastseen": "2017-07-02T21:12:08", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=703311", "history": [], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:703311", "title": "Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/", "published": "2015-07-20T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "sourceData", "hash": "77a48c9f67ca9c8f9d66ec95dd1c943a"}, {"key": "published", "hash": "6d23b621df4efb8c816f0c73fd6cfb79"}, {"key": "title", "hash": "2a4af4604170c79f12a2083979df23d1"}, {"key": "reporter", "hash": "0942b635b7ce599a9363bcf17fd9730d"}, {"key": "cvelist", "hash": "4d47147062eee06416c7e6574b9a1bdb"}, {"key": "cvss", "hash": "e1f2f2ce28ebe7943a06a880e9c2ee93"}, {"key": "href", "hash": "9f43cfa32578e7d2e14bb0d81cbaa39e"}, {"key": "pluginID", "hash": "6068cc06fdaeed79c269ca4eaf9c8e25"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "description", "hash": "770bc06d10326cad7f2c384de07028a4"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "modified", "hash": "a4345f22fe35bbad77a2dd37a0801df6"}, {"key": "references", "hash": "c9e2c7880804c6fb19753bb597a3778b"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}], "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3311.nasl 6254 2017-05-31 09:04:18Z teissa $\n# Auto-generated from advisory DSA 3311-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703311);\n script_version(\"$Revision: 6254 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\",\n \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_name(\"Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-05-31 11:04:18 +0200 (Wed, 31 May 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-20 00:00:00 +0200 (Mon, 20 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3311.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}, "pluginID": "703311", "hash": "f2f610599d3d5724afb50d787ca1d46f34dbe0e2950d0e9b33419f0c4c9a7124", "modified": "2017-05-31T00:00:00", "edition": 1, "cvelist": ["CVE-2015-2643", "CVE-2015-2568", "CVE-2015-2648", "CVE-2015-0501", "CVE-2015-2571", "CVE-2015-3152", "CVE-2015-4757", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2582", "CVE-2015-0505", "CVE-2015-2573", "CVE-2015-4752"], "lastseen": "2017-07-02T21:12:08", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "objectVersion": "1.3", "references": ["http://www.debian.org/security/2015/dsa-3311.html"]}}], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:703311", "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-07-20T00:00:00", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/", "title": "Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3311.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3311-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703311);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\",\n \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_name(\"Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-20 00:00:00 +0200 (Mon, 20 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3311.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}, "pluginID": "703311", "hash": "6f18226010ca235b00678a8bcf11e3eef0ee7d5736b3f8500ac404bf723fef19", "references": ["http://www.debian.org/security/2015/dsa-3311.html"], "edition": 2, "cvelist": ["CVE-2015-2643", "CVE-2015-2568", "CVE-2015-2648", "CVE-2015-0501", "CVE-2015-2571", "CVE-2015-3152", "CVE-2015-4757", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2582", "CVE-2015-0505", "CVE-2015-2573", "CVE-2015-4752"], "lastseen": "2017-07-24T12:53:19", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32349"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3311-1:6679E", "DEBIAN:DSA-3229-1:98A45", "DEBIAN:DSA-3308-1:1CBE4"]}, {"type": "redhat", "idList": ["RHSA-2015:1665", "RHSA-2015:1647", "RHSA-2015:1629", "RHSA-2015:1628", "RHSA-2015:1646", "RHSA-2015:1630"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1665", "ELSA-2015-1628"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703229", "OPENVAS:703229", "OPENVAS:1361412562310882257", "OPENVAS:1361412562310842173", "OPENVAS:1361412562310871435", "OPENVAS:1361412562310123020", "OPENVAS:1361412562310703311", "OPENVAS:1361412562310850932", "OPENVAS:1361412562310808134", "OPENVAS:1361412562310882250"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2575-1.NASL", "SLACKWARE_SSA_2015-132-02.NASL", "DEBIAN_DSA-3229.NASL", "SL_20150824_MARIADB_ON_SL7_X.NASL", "CENTOS_RHSA-2015-1665.NASL", "SLACKWARE_SSA_2015-132-01.NASL", "DEBIAN_DSA-3311.NASL", "ORACLELINUX_ELSA-2015-1665.NASL", "REDHAT-RHSA-2015-1665.NASL", "SUSE_SU-2015-1273-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-2575-1", "USN-2674-1"]}, {"type": "slackware", "idList": ["SSA-2015-132-02", "SSA-2015-132-01"]}, {"type": "centos", "idList": ["CESA-2015:1665", "CESA-2015:1628"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1273-1", "OPENSUSE-SU-2015:1216-1", "SUSE-SU-2015:0946-1"]}, {"type": "cve", "idList": ["CVE-2015-4757", "CVE-2015-2648", "CVE-2015-2573", "CVE-2015-2643", "CVE-2015-4752", "CVE-2015-3152", "CVE-2015-2571", "CVE-2015-0499", "CVE-2015-2582", "CVE-2015-0441"]}, {"type": "f5", "idList": ["F5:K16845", "SOL16845", "SOL17115", "F5:K17115"]}, {"type": "archlinux", "idList": ["ASA-201505-3"]}, {"type": "gentoo", "idList": ["GLSA-201507-19", "GLSA-201610-06"]}, {"type": "kaspersky", "idList": ["KLA10553", "KLA10638"]}], "modified": "2017-07-24T12:53:19"}, "vulnersScore": 5.0}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "4d47147062eee06416c7e6574b9a1bdb"}, {"key": "cvss", "hash": "e1f2f2ce28ebe7943a06a880e9c2ee93"}, {"key": "description", "hash": "770bc06d10326cad7f2c384de07028a4"}, {"key": "href", "hash": "9f43cfa32578e7d2e14bb0d81cbaa39e"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "6068cc06fdaeed79c269ca4eaf9c8e25"}, {"key": "published", "hash": "6d23b621df4efb8c816f0c73fd6cfb79"}, {"key": "references", "hash": "c9e2c7880804c6fb19753bb597a3778b"}, {"key": "reporter", "hash": "0942b635b7ce599a9363bcf17fd9730d"}, {"key": "sourceData", "hash": "ae313b73460a00c67104d19e8207dfde"}, {"key": "title", "hash": "2a4af4604170c79f12a2083979df23d1"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-07T00:00:00"}
{"securityvulns": [{"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3311-1 security@debian.org\r\nhttps://www.debian.org/security/ Salvatore Bonaccorso\r\nJuly 20, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mariadb-10.0\r\nCVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501\r\n CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573\r\n CVE-2015-3152\r\n\r\nSeveral issues have been discovered in the MariaDB database server. The\r\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\r\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\r\ndetails:\r\n\r\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\r\n https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\r\n https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\r\n https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 10.0.20-0+deb8u1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 10.0.20-1 or earlier versions.\r\n\r\nWe recommend that you upgrade your mariadb-10.0 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVrIYBAAoJEAVMuPMTQ89EdIAQAJdlVgw+55A0llZY8DhqZg6D\r\nR8gNis9vRgbGDRx10fO18q4gprPfK64bh5GoEf7CCI+WOW0E+JyxgJzdPISOKjGz\r\nGTcgBZ2dzjv283vkHD5uWFJcdwIpLO0R3pyjqKZWCURm8UpjrF4e9gUG64ZuC1eV\r\nGvTkdFwgtj15STidIpDXx9lrHAdTsdnhUb4H2OVfvGlkgqxMipOsVldOYemJsUKE\r\n1AqObB+Rqtkk++tf3xU5TnR6wWLMBKGjFsofVBcbhwGy58IH8o2m9sG0/0IBVmUP\r\naoXzTEZVU2ou32hIhcoVoGMn4FfKxOfE9aU2YTLkAhzkv0AZKFNQnB0owXxOZLBe\r\nHV8LhDFPQTSzHqYspkOj1vD9DAifMayrPayBnbkkAcCh2cMp7Eciso6tKhiZyQFU\r\n4Gts0Kh8n3Qh1yOrKhkP9yR0Kp2jJSIJ7TRm1YK0+Z4hFsms4hS6luI1nwwtKVrg\r\nrqTsYRvUucVFSi7yrvwnzuh6R875qvgNGhpN4pskJ1T+yafu1QRtloWEoD/ilG97\r\nAYvKmi4JID4tswnxzRMAzIQ69114rBEpfh5mPe92ScfLlmdDch+HotQjv7yPZBAv\r\niY5EUKBLATmPNf0gzbeZQxu4EhjqWEWI/v9E77xRfYPUPugx/Zs+TZJ3t1knaGCK\r\njAGWX7MbCQGk0QrAWeo0\r\n=f+xe\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-07-20T00:00:00", "published": "2015-07-20T00:00:00", "id": "SECURITYVULNS:DOC:32349", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32349", "title": "[SECURITY] [DSA 3311-1] mariadb-10.0 security update", "type": "securityvulns", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:02", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3311-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 20, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501\n CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573\n CVE-2015-3152\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-20T05:25:59", "published": "2015-07-20T05:25:59", "id": "DEBIAN:DSA-3311-1:6679E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00207.html", "title": "[SECURITY] [DSA 3311-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:50:27", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3229-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nApril 19, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 \n CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573\nDebian Bug : 782645\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-04-19T06:03:14", "published": "2015-04-19T06:03:14", "id": "DEBIAN:DSA-3229-1:98A45", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00117.html", "title": "[SECURITY] [DSA 3229-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:49:56", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3308-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 \n CVE-2015-4737 CVE-2015-4752\nDebian Bug : 792445\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.5.44-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.44-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-18T09:32:10", "published": "2015-07-18T09:32:10", "id": "DEBIAN:DSA-3308-1:1CBE4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00204.html", "title": "[SECURITY] [DSA 3308-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:54", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-04-12T03:33:26", "published": "2015-08-24T04:00:00", "id": "RHSA-2015:1665", "href": "https://access.redhat.com/errata/RHSA-2015:1665", "type": "redhat", "title": "(RHSA-2015:1665) Moderate: mariadb security update", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T21:42:58", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:25", "published": "2015-08-20T04:00:00", "id": "RHSA-2015:1647", "href": "https://access.redhat.com/errata/RHSA-2015:1647", "type": "redhat", "title": "(RHSA-2015:1647) Moderate: mariadb55-mariadb security update", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T21:42:15", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2015-0433,\nCVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568,\nCVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4752, CVE-2015-4757, CVE-2015-2620, CVE-2015-4737)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:23", "published": "2015-08-17T04:00:00", "id": "RHSA-2015:1629", "href": "https://access.redhat.com/errata/RHSA-2015:1629", "type": "redhat", "title": "(RHSA-2015:1629) Moderate: mysql55-mysql security update", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:15", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2017-09-08T12:13:43", "published": "2015-08-17T04:00:00", "id": "RHSA-2015:1628", "href": "https://access.redhat.com/errata/RHSA-2015:1628", "type": "redhat", "title": "(RHSA-2015:1628) Moderate: mysql55-mysql security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:42:10", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-2582,\nCVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641,\nCVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769,\nCVE-2015-4771, CVE-2015-4772)\n\nThese updated packages upgrade MariaDB to version MariaDB 10.0.20. Refer to\nthe MariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:23", "published": "2015-08-20T04:00:00", "id": "RHSA-2015:1646", "href": "https://access.redhat.com/errata/RHSA-2015:1646", "type": "redhat", "title": "(RHSA-2015:1646) Important: rh-mariadb100-mariadb security update", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:41:58", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server. \nInformation about these flaws can be found on the Oracle Critical Patch \nUpdate Advisory page, listed in the References section. (CVE-2015-2617,\nCVE-2015-2582, CVE-2015-2611, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-2661, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757,\nCVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772,\nCVE-2015-2620, CVE-2015-4737)\n\nThese updated packages upgrade MySQL to version 5.6.26. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:20", "published": "2015-08-17T04:00:00", "id": "RHSA-2015:1630", "href": "https://access.redhat.com/errata/RHSA-2015:1630", "type": "redhat", "title": "(RHSA-2015:1630) Important: rh-mysql56-mysql security update", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:20", "bulletinFamily": "unix", "description": "[1:5.5.44-1]\n- Rebase to 5.5.44\n Resolves: #1247021", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "ELSA-2015-1665", "href": "http://linux.oracle.com/errata/ELSA-2015-1665.html", "title": "mariadb security update", "type": "oraclelinux", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:33", "bulletinFamily": "unix", "description": "[5.5.45-1]\n- Rebase to 5.5.45\n Includes fixes for: CVE-2014-6568 CVE-2015-0374\n CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432\n CVE-2015-0501 CVE-2015-2568 CVE-2015-0499 CVE-2015-2571 CVE-2015-0433\n CVE-2015-0441 CVE-2015-0505 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620\n CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757\n Resolves: #1247020", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "ELSA-2015-1628", "href": "http://linux.oracle.com/errata/ELSA-2015-1628.html", "title": "mysql55-mysql security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:49:31", "bulletinFamily": "scanner", "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and\nOracle", "modified": "2018-04-06T00:00:00", "published": "2015-04-19T00:00:00", "id": "OPENVAS:1361412562310703229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703229", "title": "Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3229.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3229-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703229\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_name(\"Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-19 00:00:00 +0200 (Sun, 19 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3229.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and\nOracle's Critical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:42", "bulletinFamily": "scanner", "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and\nOracle", "modified": "2017-07-07T00:00:00", "published": "2015-04-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703229", "id": "OPENVAS:703229", "title": "Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3229.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3229-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703229);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_name(\"Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-19 00:00:00 +0200 (Sun, 19 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3229.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and\nOracle's Critical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:58", "bulletinFamily": "scanner", "description": "Check the version of mariadb", "modified": "2017-07-10T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310882257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882257", "title": "CentOS Update for mariadb CESA-2015:1665 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mariadb CESA-2015:1665 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882257\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\",\n \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:18:59 +0200 (Wed, 26 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mariadb CESA-2015:1665 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of mariadb\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require\na client to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the '--ssl' option. A man-in-the-middle attacker\ncould use this flaw to strip the SSL/TLS protection from a connection\nbetween a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mariadb on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1665\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-August/021345.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:01:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310842173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842173", "title": "Ubuntu Update for mysql-5.5 USN-2575-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.5 USN-2575-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842173\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:23:53 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.5 USN-2575-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered\nin MySQL and this update includes a new upstream MySQL version to fix these issues.\nMySQL has been updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2575-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2575-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:21", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1665", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123020", "title": "Oracle Linux Local Check: ELSA-2015-1665", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1665.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123020\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1665\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1665 - mariadb security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1665\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1665.html\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-3152\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:11:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-08-25T00:00:00", "id": "OPENVAS:1361412562310871435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871435", "title": "RedHat Update for mariadb RHSA-2015:1665-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2015:1665-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871435\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\",\n \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-25 07:59:09 +0200 (Tue, 25 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for mariadb RHSA-2015:1665-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require\na client to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the '--ssl' option. A man-in-the-middle attacker\ncould use this flaw to strip the SSL/TLS protection from a connection\nbetween a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1665-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00040.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:29", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/", "modified": "2018-04-06T00:00:00", "published": "2015-07-20T00:00:00", "id": "OPENVAS:1361412562310703311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703311", "title": "Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3311.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3311-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703311\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\",\n \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_name(\"Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-20 00:00:00 +0200 (Mon, 20 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3311.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850932", "title": "SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1273_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850932\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:39:25 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-3152\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update fixes the following security issues:\n\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\");\n script_tag(name:\"affected\", value:\"mariadb on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1273_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-09T12:14:45", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2019-01-08T00:00:00", "published": "2016-06-03T00:00:00", "id": "OPENVAS:1361412562310808134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808134", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln22_jun16_lin.nasl 12983 2019-01-08 15:30:19Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808134\");\n script_version(\"$Revision: 12983 $\");\n script_cve_id(\"CVE-2015-2648\", \"CVE-2015-4752\", \"CVE-2015-2643\", \"CVE-2015-2582\");\n script_bugtraq_id(75822, 75849, 75830, 75751);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-08 16:30:19 +0100 (Tue, 08 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:46 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to DML, Server : I_S, Server : Optimizer,\n and GIS.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to cause denial-of-service attack.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.43 and earlier, and\n 5.6.24 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_all_app_ports_from_list(cpe_list:cpe_list)) exit( 0 );\nCPE = infos['cpe'];\nsqlPort = infos['port'];\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(mysqlVer =~ \"^5\\.[56]\\.\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.24\")||\n version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.43\"))\n {\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version:\"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:12", "bulletinFamily": "scanner", "description": "Check the version of mysql55-mysql", "modified": "2017-07-10T00:00:00", "published": "2015-08-18T00:00:00", "id": "OPENVAS:1361412562310882250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882250", "title": "CentOS Update for mysql55-mysql CESA-2015:1628 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mysql55-mysql CESA-2015:1628 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882250\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\",\n \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\", \"CVE-2015-0433\",\n \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\",\n \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\",\n \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-4737\",\n \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-18 06:49:53 +0200 (Tue, 18 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mysql55-mysql CESA-2015:1628 centos5 \");\n script_tag(name: \"summary\", value: \"Check the version of mysql55-mysql\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mysql55-mysql on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1628\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-August/021331.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.45~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.45~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.45~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.45~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.45~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.45~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:24:03", "bulletinFamily": "scanner", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.h tml.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2575-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82993", "published": "2015-04-22T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2575-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2575-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82993);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"USN\", value:\"2575-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2575-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues. MySQL has\nbeen updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2575-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-server-5.5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.43-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.43-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.43-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "New mysql packages are available for Slackware 14.0 to fix security issues.", "modified": "2015-07-19T00:00:00", "id": "SLACKWARE_SSA_2015-132-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83372", "published": "2015-05-13T00:00:00", "title": "Slackware 14.0 : mysql (SSA:2015-132-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-132-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83372);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/07/19 04:39:47 $\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"SSA\", value:\"2015-132-02\");\n\n script_name(english:\"Slackware 14.0 : mysql (SSA:2015-132-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 14.0 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?587c1012\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"mysql\", pkgver:\"5.5.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"mysql\", pkgver:\"5.5.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:01", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\n - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -42.html\n - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -43.html\n\n - http://www.oracle.com/technetwork/topics/security/cpuapr 2015-2365600.html", "modified": "2018-11-13T00:00:00", "id": "DEBIAN_DSA-3229.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82865", "published": "2015-04-20T00:00:00", "title": "Debian DSA-3229-1 : mysql-5.5 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3229. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82865);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"DSA\", value:\"3229\");\n\n script_name(english:\"Debian DSA-3229-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -42.html\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -43.html\n\n -\n http://www.oracle.com/technetwork/topics/security/cpuapr\n 2015-2365600.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56618dc1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3229\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already\navailable through jessie-security.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:59", "bulletinFamily": "scanner", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-1665.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85635", "published": "2015-08-26T00:00:00", "title": "CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1665 and \n# CentOS Errata and Security Advisory 2015:1665 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85635);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-4864\");\n script_xref(name:\"RHSA\", value:\"2015:1665\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not\nrequire a client to use SSL/TLS when establishing a secure connection\nto a MySQL server using the '--ssl' option. A man-in-the-middle\nattacker could use this flaw to strip the SSL/TLS protection from a\nconnection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571,\nCVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573,\nCVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021345.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?905b3913\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.44-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:58", "bulletinFamily": "scanner", "description": "It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)\n\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-12-28T00:00:00", "id": "SL_20150824_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85622", "published": "2015-08-25T00:00:00", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64 (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85622);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64 (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the MySQL client library permitted but did not\nrequire a client to use SSL/TLS when establishing a secure connection\nto a MySQL server using the '--ssl' option. A man-in-the-middle\nattacker could use this flaw to strip the SSL/TLS protection from a\nconnection between a client and a server. (CVE-2015-3152)\n\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571,\nCVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573,\nCVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will\nbe restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=22767\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2651149f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.44-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "New mariadb packages are available for Slackware 14.1 and -current to fix security issues.", "modified": "2015-07-19T00:00:00", "id": "SLACKWARE_SSA_2015-132-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83371", "published": "2015-05-13T00:00:00", "title": "Slackware 14.1 / current : mariadb (SSA:2015-132-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-132-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83371);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/07/19 04:39:47 $\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"SSA\", value:\"2015-132-01\");\n\n script_name(english:\"Slackware 14.1 / current : mariadb (SSA:2015-132-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dea9c396\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.18\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.18\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:58", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1665 :\n\nUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2015-1665.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85612", "published": "2015-08-25T00:00:00", "title": "Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1665 and \n# Oracle Linux Security Advisory ELSA-2015-1665 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85612);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:58\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-4864\");\n script_xref(name:\"RHSA\", value:\"2015:1665\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1665 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not\nrequire a client to use SSL/TLS when establishing a secure connection\nto a MySQL server using the '--ssl' option. A man-in-the-middle\nattacker could use this flaw to strip the SSL/TLS protection from a\nconnection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571,\nCVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573,\nCVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005358.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.44-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:38", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details :\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10017-release- notes/\n - https://mariadb.com/kb/en/mariadb/mariadb-10018-release- notes/\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10019-release- notes/\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10020-release- notes/", "modified": "2018-11-19T00:00:00", "id": "DEBIAN_DSA-3311.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84839", "published": "2015-07-20T00:00:00", "title": "Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3311. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84839);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"DSA\", value:\"3311\");\n\n script_name(english:\"Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.20. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10018-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10019-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10020-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10017-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10018-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10019-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10020-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 10.0.20-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:58", "bulletinFamily": "scanner", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2015-1665.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85616", "published": "2015-08-25T00:00:00", "title": "RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1665. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85616);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-4864\");\n script_xref(name:\"RHSA\", value:\"2015:1665\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not\nrequire a client to use SSL/TLS when establishing a secure connection\nto a MySQL server using the '--ssl' option. A man-in-the-middle\nattacker could use this flaw to strip the SSL/TLS protection from a\nconnection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571,\nCVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573,\nCVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef68d9ef\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73eb3b44\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5544-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4864\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1665\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.44-1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.44-1.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:40", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n\n - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n\n - CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n\n - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n\n - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015)\n\n - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015)\n\n - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015)\n\n - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015)\n\n - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)\n\n - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015)\n\n - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)\n\n - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-29T00:00:00", "id": "SUSE_SU-2015-1273-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84913", "published": "2015-07-22T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1273-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84913);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-3152\");\n script_bugtraq_id(71206, 74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115, 74398, 75174, 75175);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - Logjam attack: mysql uses 512 bit dh groups in SSL\n [bnc#934789]\n\n - CVE-2015-3152: mysql --ssl does not enforce SSL\n [bnc#924663]\n\n - CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n - CVE-2015-2325: heap buffer overflow in compile_branch()\n [bnc#924960]\n\n - CVE-2015-2326: heap buffer overflow in pcre_compile2()\n [bnc#924961]\n\n - CVE-2015-0501: unspecified vulnerability related to\n Server:Compiling (CPU April 2015)\n\n - CVE-2015-2571: unspecified vulnerability related to\n Server:Optimizer (CPU April 2015)\n\n - CVE-2015-0505: unspecified vulnerability related to\n Server:DDL (CPU April 2015)\n\n - CVE-2015-0499: unspecified vulnerability related to\n Server:Federated (CPU April 2015)\n\n - CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n\n - CVE-2015-2573: unspecified vulnerability related to\n Server:DDL (CPU April 2015)\n\n - CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n\n - CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0499/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0501/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2325/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2326/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2568/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2571/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3152/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151273-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb0c49d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-332=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-332=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-332=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.20-18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:33", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html> <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html> <http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html>", "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "USN-2575-1", "href": "https://usn.ubuntu.com/2575-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:43", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html> <http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html> <http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html>", "modified": "2015-07-21T00:00:00", "published": "2015-07-21T00:00:00", "id": "USN-2674-1", "href": "https://usn.ubuntu.com/2674-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:13", "bulletinFamily": "unix", "description": "New mysql packages are available for Slackware 14.0 to fix security issues.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/mysql-5.5.43-i486-1_slack14.0.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mysql-5.5.43-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mysql-5.5.43-x86_64-1_slack14.0.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n758c941ee676f5a5ad0fb89c7f158ff7 mysql-5.5.43-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n8ac068f9d30a39bf245061fa15d98d82 mysql-5.5.43-x86_64-1_slack14.0.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-5.5.43-i486-1_slack14.0.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2015-05-12T00:24:16", "published": "2015-05-12T00:24:16", "id": "SSA-2015-132-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829", "title": "mysql", "type": "slackware", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T02:36:49", "bulletinFamily": "unix", "description": "New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mariadb-5.5.43-i486-1_slack14.1.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.18-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.18-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\n17905b4257617eb8b1dc8dd128959b02 mariadb-5.5.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89560390c29526d793ccbbf18807c09f mariadb-5.5.43-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n6ff4004dedd522fcd7de14a7b4d8f3be ap/mariadb-10.0.18-i586-1.txz\n\nSlackware x86_64 -current package:\n91b13958f3ab6bc8fe2b89d2b06d98dd ap/mariadb-10.0.18-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-5.5.43-i486-1_slack14.1.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2015-05-12T00:24:00", "published": "2015-05-12T00:24:00", "id": "SSA-2015-132-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697", "title": "mariadb", "type": "slackware", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:50", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1665\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021345.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1665.html", "modified": "2015-08-25T16:08:22", "published": "2015-08-25T16:08:22", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021345.html", "id": "CESA-2015:1665", "title": "mariadb security update", "type": "centos", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:10", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1628\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021331.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1628.html", "modified": "2015-08-17T15:20:46", "published": "2015-08-17T15:20:46", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021331.html", "id": "CESA-2015:1628", "title": "mysql55 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "description": "This update fixes the following security issues:\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\n", "modified": "2015-07-21T16:08:23", "published": "2015-07-21T16:08:23", "id": "SUSE-SU-2015:1273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html", "type": "suse", "title": "Security update for mariadb (important)", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "modified": "2015-07-09T17:08:05", "published": "2015-07-09T17:08:05", "id": "OPENSUSE-SU-2015:1216-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "title": "Security update for MariaDB (important)", "type": "suse", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:42", "bulletinFamily": "unix", "description": "MySQL was updated to version 5.5.43 to fix several security and non\n security issues:\n\n * CVEs fixed: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571,\n CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205,\n CVE-2015-0206, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433,\n CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498,\n CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503,\n CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508,\n CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568,\n CVE-2015-2571, CVE-2015-2573, CVE-2015-2576.\n * Fix integer overflow in regcomp (Henry Spencer's regex library) for\n excessively long pattern strings. (bnc#922043, CVE-2015-2305)\n\n For a comprehensive list of changes, refer to\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html</a>> .\n\n Security Issues:\n\n * CVE-2014-3569\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569</a>>\n * CVE-2014-3570\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570</a>>\n * CVE-2014-3571\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571</a>>\n * CVE-2014-3572\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572</a>>\n * CVE-2014-8275\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275</a>>\n * CVE-2015-0204\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204</a>>\n * CVE-2015-0205\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205</a>>\n * CVE-2015-0206\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206</a>>\n * CVE-2015-0405\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405</a>>\n * CVE-2015-0423\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423</a>>\n * CVE-2015-0433\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433</a>>\n * CVE-2015-0438\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438</a>>\n * CVE-2015-0439\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439</a>>\n * CVE-2015-0441\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441</a>>\n * CVE-2015-0498\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498</a>>\n * CVE-2015-0499\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499</a>>\n * CVE-2015-0500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500</a>>\n * CVE-2015-0501\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501</a>>\n * CVE-2015-0503\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503</a>>\n * CVE-2015-0505\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505</a>>\n * CVE-2015-0506\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506</a>>\n * CVE-2015-0507\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507</a>>\n * CVE-2015-0508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508</a>>\n * CVE-2015-0511\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511</a>>\n * CVE-2015-2566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566</a>>\n * CVE-2015-2567\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567</a>>\n * CVE-2015-2568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568</a>>\n * CVE-2015-2571\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571</a>>\n * CVE-2015-2573\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573</a>>\n * CVE-2015-2576\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2576\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2576</a>>\n * CVE-2015-2305\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305</a>>\n\n", "modified": "2015-05-26T15:04:53", "published": "2015-05-26T15:04:53", "id": "SUSE-SU-2015:0946-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", "type": "suse", "title": "Security update for MySQL (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-02-13T12:00:21", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "modified": "2019-02-12T11:27:04", "published": "2015-07-16T07:00:51", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4757", "id": "CVE-2015-4757", "title": "CVE-2015-4757", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-13T12:00:20", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "modified": "2019-02-05T13:12:15", "published": "2015-07-16T07:00:08", "id": "CVE-2015-2648", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2648", "title": "CVE-2015-2648", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-06T11:52:42", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "modified": "2019-02-05T12:49:36", "published": "2015-04-16T13:00:05", "id": "CVE-2015-2573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2573", "title": "CVE-2015-2573", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-13T12:00:21", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", "modified": "2019-02-12T11:28:51", "published": "2015-07-16T07:00:46", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4752", "id": "CVE-2015-4752", "title": "CVE-2015-4752", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-13T12:00:20", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "modified": "2019-02-05T13:09:20", "published": "2015-07-16T07:00:03", "id": "CVE-2015-2643", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2643", "title": "CVE-2015-2643", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-10T11:05:50", "bulletinFamily": "NVD", "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", "modified": "2018-10-09T15:56:42", "published": "2016-05-16T06:59:01", "id": "CVE-2015-3152", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3152", "title": "CVE-2015-3152", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-06T11:52:42", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "modified": "2019-02-05T12:46:51", "published": "2015-04-16T13:00:04", "id": "CVE-2015-2571", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2571", "title": "CVE-2015-2571", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-06T11:52:42", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", "modified": "2019-02-05T12:57:12", "published": "2015-07-16T06:59:09", "id": "CVE-2015-2582", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2582", "title": "CVE-2015-2582", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-06T11:52:41", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", "modified": "2019-02-01T12:50:45", "published": "2015-04-16T12:59:48", "id": "CVE-2015-0499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0499", "title": "CVE-2015-0499", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-06T11:52:41", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", "modified": "2019-02-01T12:51:30", "published": "2015-04-16T12:59:06", "id": "CVE-2015-0441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0441", "title": "CVE-2015-0441", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2019-02-20T21:07:50", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 523282 (BIG-IP) and ID 526147 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<https://f5.com/support/tools/ihealth>) may list Heuristic H16845 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP AAM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP AFM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP Analytics | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP APM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 \n10.1.0 - 10.2.4 | 14.0.0 | Low | MySQL Client \nBIG-IP ASM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP Edge Gateway | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP GTM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP Link Controller | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP PEM | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | MySQL Client \nBIG-IP WebAccelerator | 13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n11.2.1 - 11.6.3 | 14.0.0 | Low | MySQL Client \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL Client \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | MySQL Client \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n \n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, F5 recommends that you ensure networks between the BIG-IP system and remote servers are protected and trusted.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2018-08-15T02:03:00", "published": "2015-07-02T20:46:00", "id": "F5:K16845", "href": "https://support.f5.com/csp/article/K16845", "title": "MySQL vulnerability CVE-2015-3152", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:19", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, F5 recommends that you ensure networks between the BIG-IP system and remote servers are protected and trusted.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-06-28T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16845.html", "id": "SOL16845", "title": "SOL16845 - MySQL vulnerability CVE-2015-3152", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-11-09T00:09:38", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS \n\n", "modified": "2016-06-28T00:00:00", "published": "2015-08-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html", "id": "SOL17115", "title": "SOL17115 - Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:37", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 530297 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.0 | None | Low | MySQL \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.0 | None | Low | MySQL \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.0 | None | Low | MySQL \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP DNS | 12.0.0 | None | Low | MySQL \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.0 | None | Low | MySQL \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | MySQL \nFirePass | None | 7.0.0 \n6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ ADC | 4.5.0 | None | Low | MySQL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>) \n\n", "modified": "2017-04-06T16:51:00", "published": "2015-08-14T19:38:00", "href": "https://support.f5.com/csp/article/K17115", "id": "F5:K17115", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "description": "- CVE-2014-8964 (denial of service)\n\nA heap-based buffer overflow was found in the way PCRE handled certain\nmalformed regular expressions. This issue could cause a crash while\nparsing malicious regular expressions related to an assertion that\nallows zero repeats.\n\n- CVE-2015-0499 (denial of service)\n\nUnspecified vulnerability allows remote authenticated users to affect\navailability via unknown vectors related to Server : Federated.\n\n- CVE-2015-0501 (denial of service)\n\nUnspecified vulnerability allows remote authenticated users to affect\navailability via unknown vectors related to Server : Compiling.\n\n- CVE-2015-0505 (denial of service)\n\nUnspecified vulnerability allows remote authenticated users to affect\navailability via unknown vectors related to Server : DDL.\n\n- CVE-2015-2571 (denial of service)\n\nUnspecified vulnerability allows remote authenticated users to affect\navailability via unknown vectors related to Server : Optimizer.", "modified": "2015-05-08T00:00:00", "published": "2015-05-08T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html", "id": "ASA-201505-3", "title": "mariadb: denial of service", "type": "archlinux", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a fast, multi-threaded, multi-user SQL database server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL 5.5.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.5.43\"\n \n\nAll MySQL 5.6.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.6.24\"", "modified": "2015-07-10T00:00:00", "published": "2015-07-10T00:00:00", "id": "GLSA-201507-19", "href": "https://security.gentoo.org/glsa/201507-19", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-10-13T16:42:04", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could exploit vulnerabilities, through multiple vectors, that affect the confidentiality, integrity, and availability of MySQL and MariaDB. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.6.31\"\n \n\nAll MariaDB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mariadb-10.0.27\"", "modified": "2016-10-11T00:00:00", "published": "2016-10-11T00:00:00", "id": "GLSA-201610-06", "href": "https://security.gentoo.org/glsa/201610-06", "type": "gentoo", "title": "MySQL and MariaDB: Multiple vulnerabilities", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:02:49", "bulletinFamily": "info", "description": "### *Detect date*:\n04/16/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle MySQL. By exploiting these vulnerabilities malicious users can affect availability. These vulnerabilities can be exploited remotely via an unknown vectors related to InnoDB, Federated, DDL, Partition, SP, XA, Encryption and other unknown vectors.\n\n### *Affected products*:\nOracle MySQL Server 5.6 versions earlier than 5.6.24 \nOracle MySQL Server versions earlier than 5.5.43\n\n### *Solution*:\nUpdate to the latest version \n[Get MySQL](<http://www.mysql.com/downloads/>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Oracle MySQL](<https://threats.kaspersky.com/en/product/Oracle-MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2014-3569](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569>) \n[CVE-2015-0508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508>) \n[CVE-2015-0498](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498>) \n[CVE-2015-0499](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499>) \n[CVE-2015-0433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433>) \n[CVE-2015-0438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438>) \n[CVE-2015-0439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439>) \n[CVE-2015-0506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506>) \n[CVE-2015-0507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507>) \n[CVE-2015-0505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505>) \n[CVE-2015-0503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503>) \n[CVE-2015-0500](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500>) \n[CVE-2015-0501](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501>) \n[CVE-2015-0405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405>) \n[CVE-2015-0423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423>) \n[CVE-2015-0441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441>) \n[CVE-2015-2573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573>) \n[CVE-2015-2571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571>) \n[CVE-2015-2568](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568>) \n[CVE-2015-2567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567>) \n[CVE-2015-2566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566>) \n[CVE-2015-0511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511>)", "modified": "2019-02-15T00:00:00", "published": "2015-04-16T00:00:00", "id": "KLA10553", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10553", "title": "\r KLA10553Denial of service vulnerabilities in Oracle MySQL ", "type": "kaspersky", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-19T17:02:58", "bulletinFamily": "info", "description": "### *Detect date*:\n07/17/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nUnspecified vulnerabilities were found in MySQL Server. Malicious users can exploit these vulnerabilities to affect confidentiality,integrity and availability via unknown vectors related to Partition, DML, GIS and RBR.\n\n### *Affected products*:\nOracle MySQL Server versions 5.5.43 and earlier \nOracle MySQL Server versions 5.6.24 and earlier\n\n### *Solution*:\nUpdate to latest version \n[Get MySQL](<http://www.mysql.com/downloads/>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory](<http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MySQL](<https://threats.kaspersky.com/en/product/MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2015-4767](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4767>) \n[CVE-2015-4761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4761>) \n[CVE-2015-4757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4757>) \n[CVE-2015-4756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4756>) \n[CVE-2015-4752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4752>) \n[CVE-2015-2582](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2582>) \n[CVE-2015-2620](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2620>) \n[CVE-2015-2611](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2611>) \n[CVE-2015-2617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2617>) \n[CVE-2015-2648](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2648>) \n[CVE-2015-4772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4772>) \n[CVE-2015-4771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4771>) \n[CVE-2015-2643](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2643>) \n[CVE-2015-4769](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4769>) \n[CVE-2015-2639](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2639>) \n[CVE-2015-4737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4737>) \n[CVE-2015-2641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2641>)", "modified": "2019-02-15T00:00:00", "published": "2015-07-17T00:00:00", "id": "KLA10638", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10638", "title": "\r KLA10638Multiple vulnerabilities in Oracle MySQL ", "type": "kaspersky", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
