ID RHSA-2015:0117 Type redhat Reporter RedHat Modified 2018-06-13T01:28:21
Description
MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.
This update fixes several vulnerabilities in the MariaDB database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2015-0381,
CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,
CVE-2015-0374)
These updated packages upgrade MariaDB to version 5.5.41. Refer to the
MariaDB Release Notes listed in the References section for a complete list
of changes.
All MariaDB users should upgrade to these updated packages, which correct
these issues. After installing this update, the MariaDB server daemon
(mysqld) will be restarted automatically.
{"debian": [{"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3135-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 23, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 \n CVE-2015-0411 CVE-2015-0432\nDebian Bug : 775881\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.41-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-01-23T16:17:10", "published": "2015-01-23T16:17:10", "id": "DEBIAN:DSA-3135-1:BD428", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00018.html", "title": "[SECURITY] [DSA 3135-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:00", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html> <http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html>", "modified": "2015-01-22T00:00:00", "published": "2015-01-22T00:00:00", "id": "USN-2480-1", "href": "https://usn.ubuntu.com/2480-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:23:21", "bulletinFamily": "scanner", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h tml.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2480-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80943", "published": "2015-01-23T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2480-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2480-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80943);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_bugtraq_id(72191, 72200, 72210, 72214, 72217, 72227);\n script_xref(name:\"USN\", value:\"2480-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2480-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues. MySQL has\nbeen updated to 5.5.41.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2480-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-server-5.5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.41-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.41-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.41-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:22", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\n - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -41.html\n - http://www.oracle.com/technetwork/topics/security/cpujan 2015-1972971.html", "modified": "2018-11-13T00:00:00", "id": "DEBIAN_DSA-3135.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80970", "published": "2015-01-26T00:00:00", "title": "Debian DSA-3135-1 : mysql-5.5 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3135. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80970);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_bugtraq_id(72191, 72200, 72210, 72214, 72217, 72227);\n script_xref(name:\"DSA\", value:\"3135\");\n\n script_name(english:\"Debian DSA-3135-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -41.html\n -\n http://www.oracle.com/technetwork/topics/security/cpujan\n 2015-1972971.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75c6cafb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.5.41-0+wheezy1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.41-0+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.41-0+wheezy1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:30", "bulletinFamily": "scanner", "description": "Update to MySQL 5.5.41, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html. This update also fixes security issues CVE-2015-0411, CVE-2015-0382, CVE-2015-0381, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2015-1162.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81349", "published": "2015-02-16T00:00:00", "title": "Fedora 20 : community-mysql-5.5.41-1.fc20 (2015-1162)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81349);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_xref(name:\"FEDORA\", value:\"2015-1162\");\n\n script_name(english:\"Fedora 20 : community-mysql-5.5.41-1.fc20 (2015-1162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to MySQL 5.5.41, for various fixes described at\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html. This\nupdate also fixes security issues CVE-2015-0411, CVE-2015-0382,\nCVE-2015-0381, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?391eb82b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"community-mysql-5.5.41-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:27", "bulletinFamily": "scanner", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-0118.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81188", "published": "2015-02-06T00:00:00", "title": "CentOS 7 : mariadb (CESA-2015:0118)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0118 and \n# CentOS Errata and Security Advisory 2015:0118 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81188);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72227);\n script_xref(name:\"RHSA\", value:\"2015:0118\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2015:0118)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-February/020922.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?344696d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.41-2.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:26", "bulletinFamily": "scanner", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-0118.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81159", "published": "2015-02-04T00:00:00", "title": "RHEL 7 : mariadb (RHSA-2015:0118)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0118. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81159);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72227);\n script_xref(name:\"RHSA\", value:\"2015:0118\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2015:0118)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df55894d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0381\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0118\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.41-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.41-2.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:26", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:0118 :\n\nUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2015-0118.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81157", "published": "2015-02-04T00:00:00", "title": "Oracle Linux 7 : mariadb (ELSA-2015-0118)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0118 and \n# Oracle Linux Security Advisory ELSA-2015-0118 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81157);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72227);\n script_xref(name:\"RHSA\", value:\"2015:0118\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2015-0118)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0118 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-February/004829.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.41-2.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:26", "bulletinFamily": "scanner", "description": "This update fixes several vulnerabilities in the MariaDB database server.(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "modified": "2018-12-28T00:00:00", "id": "SL_20150203_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81160", "published": "2015-02-04T00:00:00", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81160);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the MariaDB database\nserver.(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2014-6568, CVE-2015-0374)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will\nbe restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1502&L=scientific-linux-errata&T=0&P=193\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a660d60\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.41-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.41-2.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:58", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201504-05 (MySQL and MariaDB: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL and MariaDB.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could exploit vulnerabilities to possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2016-07-05T00:00:00", "id": "GENTOO_GLSA-201504-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82735", "published": "2015-04-13T00:00:00", "title": "GLSA-201504-05 : MySQL and MariaDB: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201504-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82735);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/07/05 14:10:48 $\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0385\", \"CVE-2015-0391\", \"CVE-2015-0409\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72223, 72227, 72229);\n script_xref(name:\"GLSA\", value:\"201504-05\");\n\n script_name(english:\"GLSA-201504-05 : MySQL and MariaDB: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201504-05\n(MySQL and MariaDB: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL and MariaDB.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could exploit vulnerabilities to possibly cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201504-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.6.22'\n All MariaDB users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mariadb-10.0.16'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mariadb\", unaffected:make_list(\"ge 10.0.16\", \"rge 5.5.49\"), vulnerable:make_list(\"lt 10.0.16\"))) flag++;\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.6.22\"), vulnerable:make_list(\"lt 5.6.22\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL and MariaDB\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:19", "bulletinFamily": "scanner", "description": "The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.41 or 5.6.x prior to 5.6.22. It is, therefore, affected by vulnerabilities in the following components :\n\n - Server : DDL\n - Server : InnoDB : DDL : Foreign Key\n - Server : InnoDB : DML\n - Server : Optimizer\n - Server : Pluggable Auth\n - Server : Replication\n - Server : Security : Encryption\n - Server : Security : Privileges : Foreign Key", "modified": "2018-11-15T00:00:00", "id": "MYSQL_5_6_22.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80886", "published": "2015-01-21T00:00:00", "title": "MySQL 5.5.x < 5.5.41 / 5.6.x < 5.6.22 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80886);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2014-6568\",\n \"CVE-2015-0374\",\n \"CVE-2015-0381\",\n \"CVE-2015-0382\",\n \"CVE-2015-0385\",\n \"CVE-2015-0409\",\n \"CVE-2015-0411\",\n \"CVE-2015-0432\",\n \"CVE-2016-0594\"\n );\n script_bugtraq_id(\n 72191,\n 72200,\n 72210,\n 72214,\n 72217,\n 72223,\n 72227,\n 72229\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.41 / 5.6.x < 5.6.22 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is version 5.5.x\nprior to 5.5.41 or 5.6.x prior to 5.6.22. It is, therefore, affected\nby vulnerabilities in the following components :\n\n - Server : DDL\n - Server : InnoDB : DDL : Foreign Key\n - Server : InnoDB : DML\n - Server : Optimizer\n - Server : Pluggable Auth\n - Server : Replication\n - Server : Security : Encryption\n - Server : Security : Privileges : Foreign Key\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae261827\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6405bf15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.41 / 5.6.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\nmysql_check_version(fixed:make_list('5.5.41', '5.6.22'), severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:55", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1628 :\n\nUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes.\n\nAll MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2015-1628.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85488", "published": "2015-08-18T00:00:00", "title": "Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1628 and \n# Oracle Linux Security Advisory ELSA-2015-1628 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85488);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/07/18 17:43:58\");\n\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\", \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4864\", \"CVE-2015-4879\");\n script_xref(name:\"RHSA\", value:\"2015:1628\");\n\n script_name(english:\"Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1628 :\n\nUpdated mysql55-mysql packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThis update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory pages, listed in the References\nsection. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382,\nCVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433,\nCVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505,\nCVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737,\nCVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the\nMySQL Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005347.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql55-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql55-mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-5.5.45-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-bench-5.5.45-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-devel-5.5.45-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-libs-5.5.45-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-server-5.5.45-1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mysql55-mysql-test-5.5.45-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:53:00", "bulletinFamily": "scanner", "description": "Several issues have been\ndiscovered in the MySQL database server. The vulnerabilities are addressed\nby upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL\n5.5 Release Notes and Oracle", "modified": "2017-07-07T00:00:00", "published": "2015-01-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703135", "id": "OPENVAS:703135", "title": "Debian Security Advisory DSA 3135-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3135.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3135-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703135);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\",\n \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_name(\"Debian Security Advisory DSA 3135-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-23 00:00:00 +0100 (Fri, 23 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3135.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.5.41-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been\ndiscovered in the MySQL database server. The vulnerabilities are addressed\nby upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.41-0+wheezy1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842070", "title": "Ubuntu Update for mysql-5.5 USN-2480-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.5 USN-2480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842070\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:59:15 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\",\n \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for mysql-5.5 USN-2480-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\nMySQL and this update includes a new upstream MySQL version to fix these issues.\nMySQL has been updated to 5.5.41.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2480-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2480-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.41-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.41-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.41-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "description": "Several issues have been\ndiscovered in the MySQL database server. The vulnerabilities are addressed\nby upgrading MySQL to the new upstream version 5.5.41.", "modified": "2019-03-18T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310703135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703135", "title": "Debian Security Advisory DSA 3135-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3135.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3135-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703135\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\",\n \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_name(\"Debian Security Advisory DSA 3135-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 00:00:00 +0100 (Fri, 23 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3135.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.5.41-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been\ndiscovered in the MySQL database server. The vulnerabilities are addressed\nby upgrading MySQL to the new upstream version 5.5.41.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.41-0+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-29T00:00:00", "published": "2016-06-03T00:00:00", "id": "OPENVAS:1361412562310808135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808135", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-23 Jun16 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln23_jun16_lin.nasl 12153 2018-10-29 13:38:34Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-23 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808135\");\n script_version(\"$Revision: 12153 $\");\n script_cve_id(\"CVE-2015-0411\", \"CVE-2014-6568\", \"CVE-2015-0382\", \"CVE-2015-0381\",\n \"CVE-2015-0374\");\n script_bugtraq_id(72191, 72210, 72200, 72214, 72227);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 14:38:34 +0100 (Mon, 29 Oct 2018) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:39 +0530 (Fri, 03 Jun 2016)\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-23 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to Server:- Security:Encryption,\n InnoDB:DML, Replication, and Security:Privileges:Foreign Key.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, manipulate certain data,\n cause a DoS (Denial of Service), and compromise a vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server version 5.5.40 and earlier,\n and 5.6.21 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62525\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)) {\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.40\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.21\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-02-03T00:00:00", "id": "OPENVAS:1361412562310805132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805132", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-01 Feb15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln01_feb15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified vulnerabilities-01 Feb15 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805132\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-0411\", \"CVE-2014-6568\", \"CVE-2015-0382\", \"CVE-2015-0381\",\n \"CVE-2015-0374\");\n script_bugtraq_id(72191, 72210, 72200, 72214, 72227);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-03 11:37:02 +0530 (Tue, 03 Feb 2015)\");\n script_name(\"Oracle MySQL Multiple Unspecified vulnerabilities-01 Feb15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to Server:- Security:Encryption,\n InnoDB:DML, Replication, and Security:Privileges:Foreign Key.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, manipulate certain data,\n cause a DoS (Denial of Service), and compromise a vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server version 5.5.40 and earlier,\n and 5.6.21 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62525\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)) {\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.40\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.21\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-0118", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123189", "title": "Oracle Linux Local Check: ELSA-2015-0118", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0118.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123189\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0118\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0118 - mariadb security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0118\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0118.html\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.41~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-04-17T00:00:00", "id": "OPENVAS:1361412562310871311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871311", "title": "RedHat Update for mariadb RHSA-2015:0118-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2015:0118-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871311\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-17 13:26:08 +0530 (Fri, 17 Apr 2015)\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\",\n \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for mariadb RHSA-2015:0118-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0381,\nCVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,\nCVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0118-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-February/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.41~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "description": "Check the version of mariadb", "modified": "2019-03-08T00:00:00", "published": "2015-02-06T00:00:00", "id": "OPENVAS:1361412562310882115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882115", "title": "CentOS Update for mariadb CESA-2015:0118 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mariadb CESA-2015:0118 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882115\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-06 05:44:52 +0100 (Fri, 06 Feb 2015)\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0391\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for mariadb CESA-2015:0118 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of mariadb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0381,\nCVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,\nCVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0118\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-February/020922.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.41~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201504-05", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121372", "title": "Gentoo Security Advisory GLSA 201504-05", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121372\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-05\");\n script_cve_id(\"CVE-2014-6568\", \"CVE-2015-0374\", \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0385\", \"CVE-2015-0391\", \"CVE-2015-0409\", \"CVE-2015-0411\", \"CVE-2015-0432\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 5.6.22\"), vulnerable: make_list(\"lt 5.6.22\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-db/mariadb\", unaffected: make_list(\"ge 10.0.16\"), vulnerable: make_list(\"lt 10.0.16\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "scanner", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", "modified": "2018-10-29T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310105717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105717", "title": "F5 BIG-IP - SOL44611310 - MySQL vulnerability CVE-2015-0411", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_sol44611310.nasl 12149 2018-10-29 10:48:30Z asteins $\n#\n# F5 BIG-IP - SOL44611310 - MySQL vulnerability CVE-2015-0411\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105717\");\n script_cve_id(\"CVE-2015-0411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12149 $\");\n\n script_name(\"F5 BIG-IP - SOL44611310 - MySQL vulnerability CVE-2015-0411\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/44/sol44611310.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 11:04:09 +0200 (Tue, 17 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['GTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '11.6.1;');\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;');\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0118\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0381,\nCVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,\nCVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/020922.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0118.html", "modified": "2015-02-05T16:54:20", "published": "2015-02-05T16:54:20", "href": "http://lists.centos.org/pipermail/centos-announce/2015-February/020922.html", "id": "CESA-2015:0118", "title": "mariadb security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1628\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021331.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1628.html", "modified": "2015-08-17T15:20:46", "published": "2015-08-17T15:20:46", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021331.html", "id": "CESA-2015:1628", "title": "mysql55 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could exploit vulnerabilities to possibly cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.6.22\"\n \n\nAll MariaDB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mariadb-10.0.16\"", "modified": "2015-04-11T00:00:00", "published": "2015-04-11T00:00:00", "id": "GLSA-201504-05", "href": "https://security.gentoo.org/glsa/201504-05", "type": "gentoo", "title": "MySQL and MariaDB: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2016-11-09T00:09:35", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nAdditionally, for Enterprise Manager, you should not enable the Remote Access feature to provide remote access to the statistical database. If you have enabled the Remote Access feature, you should disable it by performing the following procedure:\n\nDisabling the Remote Access feature\n\n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options **> **Statistics **>** Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL44611310: MySQL vulnerability CVE-2015-0411\n", "modified": "2016-06-28T00:00:00", "published": "2015-04-03T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16355.html", "id": "SOL16355", "title": "SOL16355 - Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-08-22T03:35:11", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 502493 (BIG-IP) and ID 507720 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H515699 on the **Diagnostics **> **Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP AAM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP AFM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.3.0 - 11.6.3 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP Analytics | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP APM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP ASM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP DNS | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP GTM | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP Link Controller | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP PEM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.3.0 - 11.6.3 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | High | MySQL Database Server Application, multiple sub-components impacted \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None | High | MySQL Database Server Application, multiple sub-components impacted \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nLineRate | None | 2.2.0 - 2.5.0 \n1.6.0 - 1.6.4 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \nBIG-IP Edge Clients for Android | None | 2.0.0 - 2.0.6 | Not vulnerable | None \nBIG-IP Edge Clients for Apple iOS | None | 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6 | Not vulnerable | None \nBIG-IP Edge Clients for Linux | None | 6035.x - 7110.x | Not vulnerable | None \nBIG-IP Edge Clients for MAC OS X | None | 6035.x - 7110.x | Not vulnerable | None \nBIG-IP Edge Clients for Windows | None | 6035.x - 7110.x | Not vulnerable | None \nBIG-IP Edge Clients Windows Phone 8.1 | None | 1.0.0.x | Not vulnerable | None \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | Not vulnerable | None \nBIG-IP Edge Portal for Apple iOS | None | 1.0.0 - 1.0.3 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nAdditionally, for Enterprise Manager, you should not enable the Remote Access feature to provide remote access to the statistical database. If you have enabled the Remote Access feature, you should disable it by performing the following procedure:\n\nDisabling the Remote Access feature\n\n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options **> **Statistics **>** Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K44611310: MySQL vulnerability CVE-2015-0411](<https://support.f5.com/csp/article/K44611310>)\n", "modified": "2018-03-02T00:11:00", "published": "2015-04-04T02:09:00", "id": "F5:K16355", "href": "https://support.f5.com/csp/article/K16355", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-04-30T18:21:16", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 508057 (BIG-IP) and ID 507720 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H44611310 on the **Diagnostics **> **Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4 HF4| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| MySQL Database Server Application, multiple sub-components impacted \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| MySQL Database Server Application, multiple sub-components impacted \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| High| MySQL Database Server Application, multiple sub-components impacted \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.0 \n1.6.0 - 1.6.4| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager systems, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nAdditionally, for Enterprise Manager, you should not enable the Remote Access feature to provide remote access to the statistical database. If you have enabled the Remote Access feature, you should disable it by performing the following procedure:\n\nDisabling the Remote Access feature\n\n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options **> **Statistics **>** Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K16355: Multiple MySQL vulnerabilities](<https://support.f5.com/csp/article/K16355>)\n", "modified": "2017-04-26T22:57:00", "published": "2016-05-11T02:50:00", "id": "F5:K44611310", "href": "https://support.f5.com/csp/article/K44611310", "title": "MySQL vulnerability CVE-2015-0411", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:08", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager systems, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nAdditionally, for Enterprise Manager, you should not enable the Remote Access feature to provide remote access to the statistical database. If you have enabled the Remote Access feature, you should disable it by performing the following procedure:\n\nDisabling the Remote Access feature\n\n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options **> **Statistics **>** Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL16355: Multiple MySQL vulnerabilities\n", "modified": "2016-05-10T00:00:00", "published": "2016-05-10T00:00:00", "id": "SOL44611310", "href": "http://support.f5.com/kb/en-us/solutions/public/k/44/sol44611310.html", "type": "f5", "title": "SOL44611310 - MySQL vulnerability CVE-2015-0411", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:14", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0381,\nCVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,\nCVE-2015-0374)\n\nThese updated packages upgrade MariaDB to version 5.5.41. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-04-12T03:32:43", "published": "2015-02-03T05:00:00", "id": "RHSA-2015:0118", "href": "https://access.redhat.com/errata/RHSA-2015:0118", "type": "redhat", "title": "(RHSA-2015:0118) Moderate: mariadb security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:21", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0381,\nCVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,\nCVE-2015-0374)\n\nThese updated packages upgrade MySQL to version 5.5.41. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:20", "published": "2015-02-03T05:00:00", "id": "RHSA-2015:0116", "href": "https://access.redhat.com/errata/RHSA-2015:0116", "type": "redhat", "title": "(RHSA-2015:0116) Moderate: mysql55-mysql security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2017-09-08T12:13:43", "published": "2015-08-17T04:00:00", "id": "RHSA-2015:1628", "href": "https://access.redhat.com/errata/RHSA-2015:1628", "type": "redhat", "title": "(RHSA-2015:1628) Moderate: mysql55-mysql security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "unix", "description": "[1:5.5.41-2]\n- Include new certificate for tests\n Resolves: #1186109\n[1:5.5.41-1]\n- Rebase to 5.5.41\n Also fix: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382\n CVE-2015-0391 CVE-2015-0411 CVE-2015-0432\n Resolves: #1186109\n[1:5.5.40-2]\n- Fix header to let dependencies to build fine\n Resolves: #1177836", "modified": "2015-02-03T00:00:00", "published": "2015-02-03T00:00:00", "id": "ELSA-2015-0118", "href": "http://linux.oracle.com/errata/ELSA-2015-0118.html", "title": "mariadb security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "unix", "description": "[5.5.45-1]\n- Rebase to 5.5.45\n Includes fixes for: CVE-2014-6568 CVE-2015-0374\n CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432\n CVE-2015-0501 CVE-2015-2568 CVE-2015-0499 CVE-2015-2571 CVE-2015-0433\n CVE-2015-0441 CVE-2015-0505 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620\n CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757\n Resolves: #1247020", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "ELSA-2015-1628", "href": "http://linux.oracle.com/errata/ELSA-2015-1628.html", "title": "mysql55-mysql security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:13:48", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", "modified": "2018-12-18T16:06:00", "id": "CVE-2014-6568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6568", "published": "2015-01-21T15:28:00", "title": "CVE-2014-6568", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", "modified": "2019-02-01T18:02:00", "id": "CVE-2015-0381", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0381", "published": "2015-01-21T18:59:00", "title": "CVE-2015-0381", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", "modified": "2019-02-01T18:04:00", "id": "CVE-2015-0374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0374", "published": "2015-01-21T18:59:00", "title": "CVE-2015-0374", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "modified": "2019-02-01T17:58:00", "id": "CVE-2015-0391", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0391", "published": "2015-01-21T18:59:00", "title": "CVE-2015-0391", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", "modified": "2019-02-01T17:58:00", "id": "CVE-2015-0382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0382", "published": "2015-01-21T18:59:00", "title": "CVE-2015-0382", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", "modified": "2017-09-08T01:29:00", "id": "CVE-2015-0432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0432", "published": "2015-01-21T19:59:00", "title": "CVE-2015-0432", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", "modified": "2019-02-01T17:53:00", "id": "CVE-2015-0411", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0411", "published": "2015-01-21T19:59:00", "title": "CVE-2015-0411", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:33:54", "bulletinFamily": "unix", "description": "The MySQL datebase server was updated to 5.5.42, fixing various bugs and\n security issues.\n\n More information can be found on:\n\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>>\n\n Also various issues with the mysql start script were fixed.\n (bsc#868673,bsc#878779)\n\n Security Issues:\n\n * CVE-2015-0411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411</a>>\n * CVE-2015-0382\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382</a>>\n * CVE-2015-0381\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381</a>>\n * CVE-2015-0391\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391</a>>\n * CVE-2015-0432\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432</a>>\n * CVE-2015-0409\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409</a>>\n * CVE-2014-6568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568</a>>\n * CVE-2015-0385\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385</a>>\n * CVE-2015-0374\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374</a>>\n * CVE-2012-5615\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615</a>>\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-4274\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274</a>>\n * CVE-2014-4287\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287</a>>\n * CVE-2014-6463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463</a>>\n * CVE-2014-6464\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464</a>>\n * CVE-2014-6469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469</a>>\n * CVE-2014-6474\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474</a>>\n * CVE-2014-6478\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478</a>>\n * CVE-2014-6484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484</a>>\n * CVE-2014-6489\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489</a>>\n * CVE-2014-6491\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491</a>>\n * CVE-2014-6494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494</a>>\n * CVE-2014-6495\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495</a>>\n * CVE-2014-6496\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496</a>>\n * CVE-2014-6500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500</a>>\n * CVE-2014-6505\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505</a>>\n * CVE-2014-6507\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507</a>>\n * CVE-2014-6520\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520</a>>\n * CVE-2014-6530\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530</a>>\n * CVE-2014-6551\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551</a>>\n * CVE-2014-6555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555</a>>\n * CVE-2014-6559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559</a>>\n * CVE-2014-6564\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564</a>>\n\n", "modified": "2015-03-28T01:04:56", "published": "2015-03-28T01:04:56", "id": "SUSE-SU-2015:0620-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00033.html", "type": "suse", "title": "Security update for MySQL (important)", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "modified": "2015-07-09T17:08:05", "published": "2015-07-09T17:08:05", "id": "OPENSUSE-SU-2015:1216-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "title": "Security update for MariaDB (important)", "type": "suse", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:04", "bulletinFamily": "unix", "description": "mariadb was updated to version 10.0.16 to fix 40 security issues.\n\n These security issues were fixed:\n - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors related\n to Server : Security : Encryption (bnc#915911).\n - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0381 (bnc#915911).\n - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0382 (bnc#915911).\n - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier allowed remote authenticated users to affect availability\n via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911).\n - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote authenticated users\n to affect availability via vectors related to Server : InnoDB : DML\n (bnc#915911).\n - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote authenticated users to\n affect confidentiality via unknown vectors related to Server : Security\n : Privileges : Foreign Key (bnc#915911).\n - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to SERVER:DML (bnc#915912).\n - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500\n (bnc#915912).\n - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491\n (bnc#915912).\n - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and eariler and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912).\n - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect confidentiality, integrity, and availability via vectors related\n to SERVER:DML (bnc#915912).\n - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n (bnc#915912).\n - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6496 (bnc#915912).\n - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6494 (bnc#915912).\n - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:INNODB DML FOREIGN\n KEYS (bnc#915912).\n - CVE-2010-5298: Race condition in the ssl3_read_bytes function in\n s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is\n enabled, allowed remote attackers to inject data across sessions or\n cause a denial of service (use-after-free and parsing error) via an SSL\n connection in a multithreaded environment (bnc#873351).\n - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allowed remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (bnc#880891).\n - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not\n properly manage a buffer pointer during certain recursive calls, which\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors that trigger an alert\n condition (bnc#876282).\n - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\n allowed remote attackers to cause a denial of service (recursion and\n client crash) via a DTLS hello message in an invalid DTLS handshake\n (bnc#915913).\n - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h did not properly restrict processing of ChangeCipherSpec\n messages, which allowed man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a\n crafted TLS handshake, aka the "CCS Injection" vulnerability\n (bnc#915913).\n - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h,\n when an anonymous ECDH cipher suite is used, allowed remote attackers to\n cause a denial of service (NULL pointer dereference and client crash) by\n triggering a NULL certificate value (bnc#915913).\n - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:MEMCACHED (bnc#915913).\n - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect integrity and\n availability via vectors related to SERVER:SP (bnc#915913).\n - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).\n - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and\n MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions,\n generates different error messages with different time delays depending\n on whether a user name exists, which allowed remote attackers to\n enumerate valid usernames (bnc#915913).\n - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:MyISAM (bnc#896400).\n - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:CHARACTER SETS\n (bnc#915913).\n - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:REPLICATION ROW FORMAT\n BINARY LOG DML (bnc#915913).\n - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:DML (bnc#915913).\n - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n availability via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:MEMORY STORAGE\n ENGINE (bnc#915913).\n - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:DDL (bnc#915913).\n - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to CLIENT:MYSQLDUMP (bnc#915913).\n - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913).\n - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to DDL (bnc#915913).\n - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote\n authenticated users to affect confidentiality, integrity, and\n availability via vectors related to SRINFOSC (bnc#915914).\n - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed\n remote authenticated users to affect integrity and availability via\n vectors related to SRCHAR (bnc#915914).\n - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to ENARC (bnc#915914).\n - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to SROPTZR (bnc#915914).\n\n These non-security issues were fixed:\n - Get query produced incorrect results in MariaDB 10.0.11 vs MySQL 5.5 -\n SLES12 (bnc#906194).\n - After update to version 10.0.14 mariadb did not start - Job for\n mysql.service failed (bnc#911442).\n - Fix crash when disk full situation is reached on alter table\n (bnc#904627).\n - Allow md5 in FIPS mode (bnc#911556).\n - Fixed a situation when bit and hex string literals unintentionally\n changed column names (bnc#919229).\n\n Release notes: <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10016-release-notes/\">https://kb.askmonty.org/en/mariadb-10016-release-notes/</a>\n\n", "modified": "2015-04-21T19:05:04", "published": "2015-04-21T19:05:04", "id": "SUSE-SU-2015:0743-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:35", "bulletinFamily": "info", "description": "[](<https://3.bp.blogspot.com/--9USvf5yv2A/VL_-buUdlUI/AAAAAAAAhhw/TFrC2PxX7_k/s1600/Java-update.png>)\n\nGet Ready to update your Java program as [Oracle](<https://thehackernews.com/search/label/Oracle%20Vulnerability>) has released its massive patch package for multiple security vulnerabilities in its software. \n\n \n\n\nThe United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as \"_**Critical Patch Updates**_\" (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169 security fixes for hundreds of its products including Java, Fusion Middleware, Enterprise Manager and MySQL.\n\n \n\n\nThe security update for Oracle\u2019s popular browser plug-in **[Java](<https://thehackernews.com/search/label/Java>)** addresses vulnerabilities in the software, 14 of which could be remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network. \n\n \n\n\nFour Java flaws were marked most severe and received a score of 10.0 on the _**Common Vulnerability Scoring System (CVSS)**_, the most critical ranking. Nine other Java flaws given a CVSS Base Score of 6.0 or higher.\n\n> \"_Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patche_s,\" Oracle said in a [pre-release ](<http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html>)announcement. \"_Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay._\"\n\nThe other most severe ratings of CVSS base score 10.0 belong to Fujitsu M10-1 of Oracle Sun Systems Products Suite, M10-4 of Oracle Sun Systems Products Suite, and M10-4S Servers of Oracle Sun Systems Products Suite.\n\n \n\n\nEight vulnerabilities in Oracle database were also addressed in the recent release, including CVE-2014-6567, which received a CVSS Base Score of 9.0, as it allows a full compromise of the targeted server on the Windows platform with authentication. None of the [database vulnerabilities](<https://thehackernews.com/search/label/Vulnerability>) could be remotely exploitable without authentication.\n\n \n\n\nA total of 10 security updates have been included for Oracle E-Business Suite, including one assigned _CVE-2015-0393 _discovered and reported to Oracle this past year by Australian researcher David Litchfield, which could have granted administrator privileges to lower-level users. \n\n \n\n\nSix security fixes have been included for Oracle Supply Chain Suite, 7 for Oracle PeopleSoft Enterprise, 1 for Oracle JDEdwards EnterpriseOne, 17 for Oracle Siebel CRM, and 2 for Oracle iLearning. Oracle's MySQL received 9 security fixes, 3 of which could be remotely exploitable without authentication, and the most critical bug, _CVE-2015-0411_, had a base score of 7.5.\n\n \n\n\nIn total, 36 new fixes have been issued for Oracle Fusion Middleware products, and the most severe bug, _CVE-2011-1944_, received a rating of 9.3 that affects Oracle HTTP Server. Two of the Oracle Fusion Middleware vulnerabilities fixed in this CPU can result in a server takeover. \n\n \n\n\nThe company also provided 29 fixes for the Oracle Sun Systems Products Suite, 10 of which could be remotely exploitable without authentication. One bug, CVE-2013-4784, received the highest CVSS base score of 10.0. This particularly nasty flaw affects XCP Firmware versions prior to XCP 2232. Another bug, CVE-2014-4259, received a rating of 9.0.\n\n \n\n\nYou can see the full list of affected software from [here](<http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html>). The next CPU date is 14 April 2015. _Stay Safe! Stay Tuned!_\n", "modified": "2015-01-21T19:40:48", "published": "2015-01-21T08:36:00", "id": "THN:B5218A4B6680543EFCCADB0F38E960BF", "href": "https://thehackernews.com/2015/01/java-update-patch-vulnerability.html", "type": "thn", "title": "Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:21:04", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nPlease note that on October 16, 2014, Oracle released information for [CVE-2014-3566 \"POODLE\"](<http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2015-01-20T00:00:00", "published": "2015-03-10T00:00:00", "id": "ORACLE:CPUJAN2015-1972971", "href": "", "title": "Oracle Critical Patch Update - January 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:59", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 253 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2019-05-16T00:00:00", "published": "2016-10-18T00:00:00", "id": "ORACLE:CPUOCT2016-2881722", "href": "", "title": "Oracle Critical Patch Update - October 2016", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Over 150 vulnerabilities in different applications are closed in auqrterly update.", "modified": "2015-01-25T00:00:00", "published": "2015-01-25T00:00:00", "id": "SECURITYVULNS:VULN:14233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14233", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
