Ubuntu Update for mysql-5.5 USN-2170-1

Ubuntu Update for mysql-5.5 USN-2170-

Reporter	Title	Published	Views	Family All 368
Tenable Nessus	MySQL 5.5.x < 5.5.37 MySQL Multiple Vulnerabilities	25 Apr 201900:00	–	nessus
Tenable Nessus	MySQL 5.6.x < 5.6.17 Multiple Vulnerabilities	25 Apr 201900:00	–	nessus
Tenable Nessus	MariaDB Server 5.5.x < 5.5.35 Buffer Overflow Vulnerability	20 Feb 201400:00	–	nessus
Tenable Nessus	Oracle MySQL 5.5.x <= 5.5.35 / 5.6.x <= 5.6.15 Multiple Vulnerabilities	21 Apr 201400:00	–	nessus
Tenable Nessus	Oracle MySQL 5.5.x <= 5.5.36 / 5.6.x <= 5.6.16 Multiple Vulnerabilities	17 Apr 201400:00	–	nessus
Tenable Nessus	MariaDB Server 10.0.x < 10.0.21 Multiple Vulnerabilities	13 May 201600:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mysql51 (ALAS-2014-298)	12 Mar 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mysql55 (ALAS-2014-329)	12 Oct 201400:00	–	nessus
Tenable Nessus	CentOS 6 : mysql (CESA-2014:0164)	14 Feb 201400:00	–	nessus
Tenable Nessus	CentOS 6 : mysql55-mysql (CESA-2014:0173)	7 Mar 201400:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/usn/usn-2170-1/

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_2170_1.nasl 7957 2017-12-01 06:40:08Z santu $
#
# Ubuntu Update for mysql-5.5 USN-2170-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");

if(description)
{
  script_id(841785);
  script_version("$Revision: 7957 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2014-05-02 10:10:53 +0530 (Fri, 02 May 2014)");
  script_cve_id("CVE-2014-0001", "CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430",
                "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438",
                "CVE-2014-2440");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("Ubuntu Update for mysql-5.5 USN-2170-1");

  tag_insight = "Multiple security issues were discovered in MySQL and this
update includes a new upstream MySQL version to fix these issues. MySQL has
been updated to 5.5.37.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Additionally, Matthias Reichl discovered that the mysql-5.5 packages were
missing the patches applied previously in the mysql-5.1 packages to drop
the default test database and localhost permissions granting access to any
databases starting with 'test_'. This update reintroduces these patches for
Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10. Existing test databases
and permissions will not be modified on upgrade. To manually restrict
access for existing installations, please refer to the following:

http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html";

  tag_affected = "mysql-5.5 on Ubuntu 13.10 ,
  Ubuntu 12.10 ,
  Ubuntu 12.04 LTS";

  tag_solution = "Please Install the Updated Packages.";


  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name: "USN", value: "2170-1");
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-2170-1/");
  script_summary("Check for the Version of mysql-5.5");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU12.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.37-0ubuntu0.12.04.1", rls:"UBUNTU12.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU13.10")
{

  if ((res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.37-0ubuntu0.13.10.1", rls:"UBUNTU13.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU12.10")
{

  if ((res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.37-0ubuntu0.12.10.1", rls:"UBUNTU12.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

01 Dec 2017 00:00Current

6Medium risk

Vulners AI Score6

EPSS0.20688