ID ELSA-2014-1859 Type oraclelinux Reporter Oracle Modified 2014-11-17T00:00:00
Description
[5.5.40-2]
filter perl(GD) from Requires (perl-gd is not available for RHEL5)
Resolves: #1160514
[5.5.40-1]
- Rebase to 5.5.40
Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464
CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520
CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564
Resolves: #1160514
{"nessus": [{"lastseen": "2019-01-16T20:20:25", "bulletinFamily": "scanner", "description": "This is an update that fixes all issues described at\nhttps://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-\nchangelog and also couple of security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-24T00:00:00", "published": "2014-12-15T00:00:00", "id": "FEDORA_2014-16003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79905", "title": "Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16003.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79905);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\", \"CVE-2014-6564\");\n script_bugtraq_id(70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"FEDORA\", value:\"2014-16003\");\n\n script_name(english:\"Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update that fixes all issues described at\nhttps://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-\nchangelog and also couple of security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153497\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145916.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e9ea712\"\n );\n # https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?576d571a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mariadb-5.5.40-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:14", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:1859 :\n\nUpdated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.", "modified": "2018-12-20T00:00:00", "published": "2014-11-21T00:00:00", "id": "ORACLELINUX_ELSA-2014-1859.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79369", "title": "Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1859 and \n# Oracle Linux Security Advisory ELSA-2014-1859 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79369);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/20 11:08:44\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(68564, 68573, 68579, 68593, 68611, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1859\");\n\n script_name(english:\"Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1859 :\n\nUpdated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004647.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql55-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-devel-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "Updated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.", "modified": "2018-12-20T00:00:00", "published": "2014-11-18T00:00:00", "id": "CENTOS_RHSA-2014-1859.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79299", "title": "CentOS 5 : mysql55-mysql (CESA-2014:1859)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1859 and \n# CentOS Errata and Security Advisory 2014:1859 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79299);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/20 11:08:44\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(68564, 68573, 68579, 68593, 68611, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1859\");\n\n script_name(english:\"CentOS 5 : mysql55-mysql (CESA-2014:1859)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02c32a3b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql55-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql55-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql55-mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql55-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql55-mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql55-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql55-mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql55-mysql-devel-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "This update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page. (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.", "modified": "2018-12-28T00:00:00", "published": "2014-11-18T00:00:00", "id": "SL_20141117_MYSQL55_MYSQL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79305", "title": "Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79305);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n\n script_name(english:\"Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page. (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=3069\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db5c8018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-debuginfo-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-devel-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "Updated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.", "modified": "2018-11-10T00:00:00", "published": "2014-11-18T00:00:00", "id": "REDHAT-RHSA-2014-1859.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79302", "title": "RHEL 5 : mysql55-mysql (RHSA-2014:1859)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1859. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79302);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(68564, 68573, 68579, 68593, 68611, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1859\");\n\n script_name(english:\"RHEL 5 : mysql55-mysql (RHSA-2014:1859)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3421cbe7\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e658eb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6463\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1859\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mysql55-mysql-debuginfo-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mysql55-mysql-devel-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.", "modified": "2018-12-20T00:00:00", "published": "2014-11-18T00:00:00", "id": "CENTOS_RHSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79300", "title": "CentOS 7 : mariadb (CESA-2014:1861)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1861 and \n# CentOS Errata and Security Advisory 2014:1861 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79300);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/20 11:08:44\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(56766, 68564, 68573, 68579, 68593, 68611, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2014:1861)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69792140\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will\nbe restarted automatically.", "modified": "2018-12-28T00:00:00", "published": "2014-11-18T00:00:00", "id": "SL_20141117_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79304", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79304);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will\nbe restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=3203\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?928039cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:14", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.", "modified": "2018-12-20T00:00:00", "published": "2014-11-21T00:00:00", "id": "ORACLELINUX_ELSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79370", "title": "Oracle Linux 7 : mariadb (ELSA-2014-1861)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1861 and \n# Oracle Linux Security Advisory ELSA-2014-1861 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79370);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/20 11:08:44\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2014-1861)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004646.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.", "modified": "2018-12-20T00:00:00", "published": "2014-11-18T00:00:00", "id": "REDHAT-RHSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79303", "title": "RHEL 7 : mariadb (RHSA-2014:1861)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1861. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79303);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2014:1861)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3421cbe7\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e658eb0\"\n );\n # https://mariadb.com/kb/en/mariadb/development/release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6463\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1861\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:00", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in \nmariadb :\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier\nand 5.6.20 and earlier allows remote authenticated users to affect\navailability via vectors related to SERVER:INNODB DML FOREIGN KEYS\n(CVE-2014-6464).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler\nand 5.6.20 and earlier allows remote authenticated users to affect\navailability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,\nand 5.6.20 and earlier, allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nSERVER:DML (CVE-2014-6507).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier\nand 5.6.20 and earlier allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nSERVER:DML (CVE-2014-6555).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,\nand 5.6.20 and earlier, allows remote attackers to affect\nconfidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n(CVE-2014-6559).\n\nThe updated packages have been upgraded to the 5.5.40 version which is\nnot vulnerable to these issues.\n\nAdditionally MariaDB 5.5.40 removed the bundled copy of jemalloc from\nthe source tarball and only builds with jemalloc if a system copy of\nthe jemalloc library is detecting during the build. This update\nprovides the jemalloc library packages to resolve this issue.", "modified": "2018-11-15T00:00:00", "published": "2014-10-29T00:00:00", "id": "MANDRIVA_MDVSA-2014-210.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78718", "title": "Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:210. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78718);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6507\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(70446, 70451, 70487, 70530, 70550);\n script_xref(name:\"MDVSA\", value:\"2014:210\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nmariadb :\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier\nand 5.6.20 and earlier allows remote authenticated users to affect\navailability via vectors related to SERVER:INNODB DML FOREIGN KEYS\n(CVE-2014-6464).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler\nand 5.6.20 and earlier allows remote authenticated users to affect\navailability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,\nand 5.6.20 and earlier, allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nSERVER:DML (CVE-2014-6507).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier\nand 5.6.20 and earlier allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nSERVER:DML (CVE-2014-6555).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,\nand 5.6.20 and earlier, allows remote attackers to affect\nconfidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n(CVE-2014-6559).\n\nThe updated packages have been upgraded to the 5.5.40 version which is\nnot vulnerable to these issues.\n\nAdditionally MariaDB 5.5.40 removed the bundled copy of jemalloc from\nthe source tarball and only builds with jemalloc if a system copy of\nthe jemalloc library is detecting during the build. This update\nprovides the jemalloc library packages to resolve this issue.\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ada40cc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mageia.org/show_bug.cgi?id=14389\"\n );\n # https://mariadb.com/kb/en/library/mariadb-5540-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7977fe89\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jemalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jemalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-feedback\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-MariaDB\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64jemalloc-devel-3.6.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64jemalloc1-3.6.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb-devel-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb-embedded-devel-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb-embedded18-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb18-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-client-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-common-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-common-core-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-core-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-extra-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-feedback-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-obsolete-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mysql-MariaDB-5.5.40-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1861\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1861.html", "modified": "2014-11-17T17:32:07", "published": "2014-11-17T17:32:07", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html", "id": "CESA-2014:1861", "title": "mariadb security update", "type": "centos", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:28", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1859\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1859.html", "modified": "2014-11-17T17:35:05", "published": "2014-11-17T17:35:05", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "id": "CESA-2014:1859", "title": "mysql55 security update", "type": "centos", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-19T09:56:42", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2017-09-08T12:14:29", "published": "2014-11-17T05:00:00", "id": "RHSA-2014:1859", "href": "https://access.redhat.com/errata/RHSA-2014:1859", "type": "redhat", "title": "(RHSA-2014:1859) Important: mysql55-mysql security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-19T09:57:09", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:22", "published": "2014-11-17T05:00:00", "id": "RHSA-2014:1862", "href": "https://access.redhat.com/errata/RHSA-2014:1862", "type": "redhat", "title": "(RHSA-2014:1862) Important: mariadb55-mariadb security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-19T09:55:44", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:21", "published": "2014-11-17T05:00:00", "id": "RHSA-2014:1860", "href": "https://access.redhat.com/errata/RHSA-2014:1860", "type": "redhat", "title": "(RHSA-2014:1860) Important: mysql55-mysql security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-19T09:56:54", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-04-12T03:33:33", "published": "2014-11-17T05:00:00", "id": "RHSA-2014:1861", "href": "https://access.redhat.com/errata/RHSA-2014:1861", "type": "redhat", "title": "(RHSA-2014:1861) Important: mariadb security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-19T09:55:36", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "modified": "2018-06-07T02:47:55", "published": "2014-12-02T21:39:58", "id": "RHSA-2014:1937", "href": "https://access.redhat.com/errata/RHSA-2014:1937", "type": "redhat", "title": "(RHSA-2014:1937) Important: mariadb-galera security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-19T09:56:02", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "modified": "2018-03-19T16:26:43", "published": "2014-12-02T21:44:45", "id": "RHSA-2014:1940", "href": "https://access.redhat.com/errata/RHSA-2014:1940", "type": "redhat", "title": "(RHSA-2014:1940) Important: mariadb-galera security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-12-21T20:03:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-12-21T00:00:00", "published": "2014-11-18T00:00:00", "id": "OPENVAS:1361412562310871292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871292", "title": "RedHat Update for mariadb RHSA-2014:1861-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2014:1861-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871292\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:35:36 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"RedHat Update for mariadb RHSA-2014:1861-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1861-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00031.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-21T20:03:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-12-21T00:00:00", "published": "2014-11-18T00:00:00", "id": "OPENVAS:1361412562310871293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871293", "title": "RedHat Update for mysql55-mysql RHSA-2014:1859-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql55-mysql RHSA-2014:1859-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871293\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:36:32 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"RedHat Update for mysql55-mysql RHSA-2014:1859-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql55-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mysql55-mysql on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1859-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00029.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-debuginfo\", rpm:\"mysql55-mysql-debuginfo~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-21T20:04:32", "bulletinFamily": "scanner", "description": "Check the version of mariadb", "modified": "2018-12-21T00:00:00", "published": "2014-11-18T00:00:00", "id": "OPENVAS:1361412562310882083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882083", "title": "CentOS Update for mariadb CESA-2014:1861 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mariadb CESA-2014:1861 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882083\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:38:11 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"CentOS Update for mariadb CESA-2014:1861 centos7 \");\n\n script_tag(name: \"summary\", value: \"Check the version of mariadb\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of\ndetect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MariaDB is a multi-user, multi-threaded SQL\ndatabase server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mariadb on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1861\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-21T20:03:18", "bulletinFamily": "scanner", "description": "Check the version of mysql55-mysql", "modified": "2018-12-21T00:00:00", "published": "2014-11-18T00:00:00", "id": "OPENVAS:1361412562310882084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882084", "title": "CentOS Update for mysql55-mysql CESA-2014:1859 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mysql55-mysql CESA-2014:1859 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882084\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:39:13 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"CentOS Update for mysql55-mysql CESA-2014:1859 centos5 \");\n\n script_tag(name: \"summary\", value: \"Check the version of mysql55-mysql\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of\ndetect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MySQL is a multi-user, multi-threaded SQL\ndatabase server. It consists of the MySQL server daemon (mysqld) and many client\nprograms and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mysql55-mysql on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1859\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-21T20:02:37", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1859", "modified": "2018-12-21T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123248", "title": "Oracle Linux Local Check: ELSA-2014-1859", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1859.nasl 12858 2018-12-21 08:05:36Z ckuersteiner $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123248\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1859\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1859 - mysql55-mysql security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1859\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1859.html\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6559\", \"CVE-2014-6551\", \"CVE-2014-4287\", \"CVE-2014-6469\", \"CVE-2014-6507\", \"CVE-2014-6555\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-21T20:00:35", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1861", "modified": "2018-12-21T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123249", "title": "Oracle Linux Local Check: ELSA-2014-1861", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1861.nasl 12858 2018-12-21 08:05:36Z ckuersteiner $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123249\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1861\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1861 - mariadb security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1861\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1861.html\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:37:52", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2016-06-03T00:00:00", "id": "OPENVAS:1361412562310808138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808138", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-26 Jun16 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln26_jun16_lin.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-26 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808138\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2014-6551\", \"CVE-2014-6530\", \"CVE-2014-6505\", \"CVE-2014-6495\",\n \"CVE-2014-6484\", \"CVE-2014-6478\", \"CVE-2014-6463\", \"CVE-2014-4287\",\n \"CVE-2014-4274\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:18 +0530 (Fri, 03 Jun 2016)\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-26 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to CLIENT:MYSQLADMIN, CLIENT:MYSQLDUMP,\n SERVER:MEMORY STORAGE ENGINE, SERVER:SSL:yaSSL, SERVER:DML, SERVER:SSL:yaSSL,\n SERVER:REPLICATION ROW FORMAT BINARY LOG DML, SERVER:CHARACTER SETS,\n and SERVER:MyISAM.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, gain escalated privileges,\n manipulate certain data, cause a DoS (Denial of Service), and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"MySQL Server version 5.5.38 and earlier\n and 5.6.19 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/60599\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.38\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.19\"))\n {\n security_message(sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-02T10:49:05", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2017-07-18T00:00:00", "published": "2014-10-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703054", "id": "OPENVAS:703054", "title": "Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3054.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 3054-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703054);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6478\", \"CVE-2014-6484\", \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6495\", \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_name(\"Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-20 00:00:00 +0200 (Mon, 20 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3054.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.htmlhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-12-21T20:03:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-12-21T00:00:00", "published": "2014-10-16T00:00:00", "id": "OPENVAS:1361412562310842009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842009", "title": "Ubuntu Update for mysql-5.5 USN-2384-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2384_1.nasl 12858 2018-12-21 08:05:36Z ckuersteiner $\n#\n# Ubuntu Update for mysql-5.5 USN-2384-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842009\");\n script_version(\"$Revision: 12858 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-16 06:00:46 +0200 (Thu, 16 Oct 2014)\");\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6478\", \"CVE-2014-6484\",\n \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6495\", \"CVE-2014-6496\",\n \"CVE-2014-6500\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\",\n \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for mysql-5.5 USN-2384-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\nMySQL and this update includes a new upstream MySQL version to fix these issues.\nMySQL has been updated to 5.5.40.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2384-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2384-1/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-21T20:03:34", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2018-12-21T00:00:00", "published": "2014-10-20T00:00:00", "id": "OPENVAS:1361412562310703054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703054", "title": "Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3054.nasl 12858 2018-12-21 08:05:36Z ckuersteiner $\n# Auto-generated from advisory DSA 3054-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703054\");\n script_version(\"$Revision: 12858 $\");\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6478\", \"CVE-2014-6484\", \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6495\", \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_name(\"Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-12-21 09:05:36 +0100 (Fri, 21 Dec 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-20 00:00:00 +0200 (Mon, 20 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3054.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.htmlhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-12-19T13:47:45", "bulletinFamily": "unix", "description": "[1:5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160548\n[1:5.5.37-1]\n- Rebase to 5.5.37\n https://kb.askmonty.org/en/mariadb-5537-changelog/\n Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431\n CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419\n Resolves: #1101062", "modified": "2014-11-17T00:00:00", "published": "2014-11-17T00:00:00", "id": "ELSA-2014-1861", "href": "http://linux.oracle.com/errata/ELSA-2014-1861.html", "title": "mariadb security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-12-19T13:55:52", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3054-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nOctober 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463\n CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484\n CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496\n CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559\nDebian Bug : 765663\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-10-20T16:19:38", "published": "2014-10-20T16:19:38", "id": "DEBIAN:DSA-3054-1:E8FB1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00241.html", "title": "[SECURITY] [DSA 3054-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:50:14", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2985-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJuly 22, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260\nDebian Bug : 754941\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.38-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-07-22T18:59:06", "published": "2014-07-22T18:59:06", "id": "DEBIAN:DSA-2985-1:15C60", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00167.html", "title": "[SECURITY] [DSA 2985-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:47", "bulletinFamily": "unix", "description": "Package : mysql-5.1\nVersion : 5.1.73-1+deb6u1\nCVE ID : CVE-2013-2162 CVE-2014-0001 CVE-2014-4274\n\nThis update fixes one important vulnerability (CVE-2014-4274) and batches\ntogether two other minor fixes (CVE-2013-2162, CVE-2014-0001).\n\nCVE-2014-4274\n\n Insecure handling of a temporary file that could lead to abritrary\n execution of code through the creation of a mysql configuration file\n pointing to an attacker-controlled plugin_dir.\n\nCVE-2013-2162\n\n Insecure creation of the debian.cnf credential file. Credentials could\n be stolen by a local user monitoring that file while the package gets\n installed.\n\nCVE-2014-0001\n\n Buffer overrun in the MySQL client when the server sends a version\n string that is too big for the allocated buffer.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "modified": "2014-10-22T06:46:51", "published": "2014-10-22T06:46:51", "id": "DEBIAN:DLA-75-1:76BDC", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00008.html", "title": "[SECURITY] [DLA 75-1] mysql-5.1 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-12-19T13:19:06", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html> <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html> <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>", "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "USN-2384-1", "href": "https://usn.ubuntu.com/2384-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:19", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html> <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html>", "modified": "2014-07-17T00:00:00", "published": "2014-07-17T00:00:00", "id": "USN-2291-1", "href": "https://usn.ubuntu.com/2291-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2016-11-09T00:09:39", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-06-28T00:00:00", "published": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15725.html", "id": "SOL15725", "type": "f5", "title": "SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:09", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.1.1 - 6.4.0 \n5.0.0 - 5.3.1| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K15461>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-04-06T16:51:00", "published": "2014-10-23T23:30:00", "href": "https://support.f5.com/csp/article/K15725", "id": "F5:K15725", "title": "Multiple 5.5.x and 5.6.x MySQL vulnerabilities", "type": "f5", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", "modified": "2018-12-18T11:05:31", "published": "2014-10-15T18:55:08", "id": "CVE-2014-6551", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6551", "title": "CVE-2014-6551", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", "modified": "2018-12-18T09:45:09", "published": "2014-10-15T11:55:08", "id": "CVE-2014-6469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6469", "title": "CVE-2014-6469", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", "modified": "2018-12-18T10:27:16", "published": "2014-10-15T11:55:08", "id": "CVE-2014-6484", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6484", "title": "CVE-2014-6484", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:17", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", "modified": "2017-01-02T21:59:10", "published": "2014-10-15T18:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6520", "id": "CVE-2014-6520", "title": "CVE-2014-6520", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:18", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", "modified": "2017-01-02T21:59:10", "published": "2014-10-15T18:55:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6564", "id": "CVE-2014-6564", "title": "CVE-2014-6564", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", "modified": "2018-12-18T11:05:19", "published": "2014-10-15T18:55:07", "id": "CVE-2014-6530", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6530", "title": "CVE-2014-6530", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", "modified": "2018-12-18T11:05:46", "published": "2014-10-15T18:55:08", "id": "CVE-2014-6555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6555", "title": "CVE-2014-6555", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", "modified": "2018-12-18T11:05:08", "published": "2014-10-15T18:55:06", "id": "CVE-2014-6507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6507", "title": "CVE-2014-6507", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", "modified": "2018-12-18T11:05:56", "published": "2014-10-15T18:55:08", "id": "CVE-2014-6559", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6559", "title": "CVE-2014-6559", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-19T12:01:19", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", "modified": "2018-12-18T09:44:09", "published": "2014-10-15T11:55:08", "id": "CVE-2014-6463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6463", "title": "CVE-2014-6463", "type": "cve", "cvss": {"score": 3.3, "vector": "AV:NETWORK/AC:LOW/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. \n\n### Description\n\nMultiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.5.40\"\n \n\nAll MariaDB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mariadb-5.5.40-r1\"", "modified": "2014-11-05T00:00:00", "published": "2014-11-05T00:00:00", "id": "GLSA-201411-02", "href": "https://security.gentoo.org/glsa/201411-02", "type": "gentoo", "title": "MySQL, MariaDB: Multiple vulnerabilities", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:33:58", "bulletinFamily": "info", "description": "### *Detect date*:\n07/17/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nUnspecified vulnerabilities were found in MySQL Server. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely at vectors related to SRCHAR, SRINFOSC and ENFED.\n\n### *Affected products*:\nOracle MySQL Server versions 5.5.37 and earlier \nOracle MySQL Server 5.6 versions 5.6.17 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MySQL](<https://threats.kaspersky.com/en/product/MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2014-4258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258>) \n[CVE-2014-4260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260>) \n[CVE-2014-4243](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243>)", "modified": "2019-02-13T00:00:00", "published": "2014-07-17T00:00:00", "id": "KLA10265", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10265", "title": "\r KLA10265Multiple vulnerabilities in MySQL ", "type": "kaspersky", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-12-19T13:16:54", "bulletinFamily": "unix", "description": "New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mariadb-5.5.40-i486-1_slack14.1.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-5.5.40-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-5.5.40-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nda0aff5bebbbdc0621359c0fea027ae6 mariadb-5.5.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ndbb7d695a22ae538b5ad9c024823b190 mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf9ca4cf6015ddbb73dfba16c535caffc ap/mariadb-5.5.40-i486-1.txz\n\nSlackware x86_64 -current package:\n6924f64b6c147556a58a2c6f1929ab5e ap/mariadb-5.5.40-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-5.5.40-i486-1_slack14.1.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2014-11-03T17:25:07", "published": "2014-11-03T17:25:07", "id": "SSA-2014-307-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.386696", "title": "mariadb", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:33:54", "bulletinFamily": "unix", "description": "The MySQL datebase server was updated to 5.5.42, fixing various bugs and\n security issues.\n\n More information can be found on:\n\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>>\n\n Also various issues with the mysql start script were fixed.\n (bsc#868673,bsc#878779)\n\n Security Issues:\n\n * CVE-2015-0411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411</a>>\n * CVE-2015-0382\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382</a>>\n * CVE-2015-0381\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381</a>>\n * CVE-2015-0391\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391</a>>\n * CVE-2015-0432\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432</a>>\n * CVE-2015-0409\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409</a>>\n * CVE-2014-6568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568</a>>\n * CVE-2015-0385\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385</a>>\n * CVE-2015-0374\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374</a>>\n * CVE-2012-5615\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615</a>>\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-4274\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274</a>>\n * CVE-2014-4287\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287</a>>\n * CVE-2014-6463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463</a>>\n * CVE-2014-6464\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464</a>>\n * CVE-2014-6469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469</a>>\n * CVE-2014-6474\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474</a>>\n * CVE-2014-6478\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478</a>>\n * CVE-2014-6484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484</a>>\n * CVE-2014-6489\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489</a>>\n * CVE-2014-6491\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491</a>>\n * CVE-2014-6494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494</a>>\n * CVE-2014-6495\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495</a>>\n * CVE-2014-6496\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496</a>>\n * CVE-2014-6500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500</a>>\n * CVE-2014-6505\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505</a>>\n * CVE-2014-6507\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507</a>>\n * CVE-2014-6520\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520</a>>\n * CVE-2014-6530\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530</a>>\n * CVE-2014-6551\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551</a>>\n * CVE-2014-6555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555</a>>\n * CVE-2014-6559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559</a>>\n * CVE-2014-6564\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564</a>>\n\n", "modified": "2015-03-28T01:04:56", "published": "2015-03-28T01:04:56", "id": "SUSE-SU-2015:0620-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00033.html", "type": "suse", "title": "Security update for MySQL (important)", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:04", "bulletinFamily": "unix", "description": "mariadb was updated to version 10.0.16 to fix 40 security issues.\n\n These security issues were fixed:\n - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors related\n to Server : Security : Encryption (bnc#915911).\n - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0381 (bnc#915911).\n - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0382 (bnc#915911).\n - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier allowed remote authenticated users to affect availability\n via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911).\n - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote authenticated users\n to affect availability via vectors related to Server : InnoDB : DML\n (bnc#915911).\n - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote authenticated users to\n affect confidentiality via unknown vectors related to Server : Security\n : Privileges : Foreign Key (bnc#915911).\n - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to SERVER:DML (bnc#915912).\n - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500\n (bnc#915912).\n - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491\n (bnc#915912).\n - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and eariler and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912).\n - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect confidentiality, integrity, and availability via vectors related\n to SERVER:DML (bnc#915912).\n - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n (bnc#915912).\n - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6496 (bnc#915912).\n - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6494 (bnc#915912).\n - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:INNODB DML FOREIGN\n KEYS (bnc#915912).\n - CVE-2010-5298: Race condition in the ssl3_read_bytes function in\n s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is\n enabled, allowed remote attackers to inject data across sessions or\n cause a denial of service (use-after-free and parsing error) via an SSL\n connection in a multithreaded environment (bnc#873351).\n - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allowed remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (bnc#880891).\n - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not\n properly manage a buffer pointer during certain recursive calls, which\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors that trigger an alert\n condition (bnc#876282).\n - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\n allowed remote attackers to cause a denial of service (recursion and\n client crash) via a DTLS hello message in an invalid DTLS handshake\n (bnc#915913).\n - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h did not properly restrict processing of ChangeCipherSpec\n messages, which allowed man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a\n crafted TLS handshake, aka the "CCS Injection" vulnerability\n (bnc#915913).\n - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h,\n when an anonymous ECDH cipher suite is used, allowed remote attackers to\n cause a denial of service (NULL pointer dereference and client crash) by\n triggering a NULL certificate value (bnc#915913).\n - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:MEMCACHED (bnc#915913).\n - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect integrity and\n availability via vectors related to SERVER:SP (bnc#915913).\n - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).\n - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and\n MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions,\n generates different error messages with different time delays depending\n on whether a user name exists, which allowed remote attackers to\n enumerate valid usernames (bnc#915913).\n - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:MyISAM (bnc#896400).\n - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:CHARACTER SETS\n (bnc#915913).\n - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:REPLICATION ROW FORMAT\n BINARY LOG DML (bnc#915913).\n - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:DML (bnc#915913).\n - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n availability via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:MEMORY STORAGE\n ENGINE (bnc#915913).\n - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:DDL (bnc#915913).\n - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to CLIENT:MYSQLDUMP (bnc#915913).\n - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913).\n - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to DDL (bnc#915913).\n - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote\n authenticated users to affect confidentiality, integrity, and\n availability via vectors related to SRINFOSC (bnc#915914).\n - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed\n remote authenticated users to affect integrity and availability via\n vectors related to SRCHAR (bnc#915914).\n - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to ENARC (bnc#915914).\n - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to SROPTZR (bnc#915914).\n\n These non-security issues were fixed:\n - Get query produced incorrect results in MariaDB 10.0.11 vs MySQL 5.5 -\n SLES12 (bnc#906194).\n - After update to version 10.0.14 mariadb did not start - Job for\n mysql.service failed (bnc#911442).\n - Fix crash when disk full situation is reached on alter table\n (bnc#904627).\n - Allow md5 in FIPS mode (bnc#911556).\n - Fixed a situation when bit and hex string literals unintentionally\n changed column names (bnc#919229).\n\n Release notes: <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10016-release-notes/\">https://kb.askmonty.org/en/mariadb-10016-release-notes/</a>\n\n", "modified": "2015-04-21T19:05:04", "published": "2015-04-21T19:05:04", "id": "SUSE-SU-2015:0743-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:16", "bulletinFamily": "unix", "description": "This MySQL update provides the following:\n\n * upgrade to version 5.5.39, [bnc#887580]\n * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260,\n CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233,\n CVE-2014-4240, CVE-2014-4214, CVE-2014-4243\n\n See also:\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a>\n <<a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a>>\n\n Security Issues:\n\n * CVE-2014-2484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484</a>>\n * CVE-2014-4258\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258</a>>\n * CVE-2014-4260\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260</a>>\n * CVE-2014-2494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494</a>>\n * CVE-2014-4238\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238</a>>\n * CVE-2014-4207\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207</a>>\n * CVE-2014-4233\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233</a>>\n * CVE-2014-4240\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240</a>>\n * CVE-2014-4214\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214</a>>\n * CVE-2014-4243\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243</a>>\n\n", "modified": "2014-08-28T19:04:39", "published": "2014-08-28T19:04:39", "id": "SUSE-SU-2014:1072-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "title": "Security update for MySQL (important)", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
