Vulnerabilities > CVE-2015-0432

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

Vulnerable Configurations

Part Description Count
OS
Oracle
1
OS
Debian
1
OS
Canonical
3
OS
Redhat
7
OS
Fedoraproject
1
OS
Suse
4
Application
Oracle
42
Application
Mariadb
31

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0118.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81159
    published2015-02-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81159
    titleRHEL 7 : mariadb (RHSA-2015:0118)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0118. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81159);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0391", "CVE-2015-0411", "CVE-2015-0432");
      script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72227);
      script_xref(name:"RHSA", value:"2015:0118");
    
      script_name(english:"RHEL 7 : mariadb (RHSA-2015:0118)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mariadb packages that fix several security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    MariaDB is a multi-user, multi-threaded SQL database server that is
    binary compatible with MySQL.
    
    This update fixes several vulnerabilities in the MariaDB database
    server. Information about these flaws can be found on the Oracle
    Critical Patch Update Advisory page, listed in the References section.
    (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,
    CVE-2015-0432, CVE-2014-6568, CVE-2015-0374)
    
    These updated packages upgrade MariaDB to version 5.5.41. Refer to the
    MariaDB Release Notes listed in the References section for a complete
    list of changes.
    
    All MariaDB users should upgrade to these updated packages, which
    correct these issues. After installing this update, the MariaDB server
    daemon (mysqld) will be restarted automatically."
      );
      # http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?df55894d"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0381"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0118";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-bench-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-bench-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-debuginfo-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-devel-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-embedded-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-embedded-devel-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-libs-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-server-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-server-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-test-5.5.41-2.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-test-5.5.41-2.el7_0")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0118.NASL
    descriptionFrom Red Hat Security Advisory 2015:0118 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81157
    published2015-02-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81157
    titleOracle Linux 7 : mariadb (ELSA-2015-0118)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:0118 and 
    # Oracle Linux Security Advisory ELSA-2015-0118 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81157);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/27 13:00:36");
    
      script_cve_id("CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0391", "CVE-2015-0411", "CVE-2015-0432");
      script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72227);
      script_xref(name:"RHSA", value:"2015:0118");
    
      script_name(english:"Oracle Linux 7 : mariadb (ELSA-2015-0118)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2015:0118 :
    
    Updated mariadb packages that fix several security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    MariaDB is a multi-user, multi-threaded SQL database server that is
    binary compatible with MySQL.
    
    This update fixes several vulnerabilities in the MariaDB database
    server. Information about these flaws can be found on the Oracle
    Critical Patch Update Advisory page, listed in the References section.
    (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,
    CVE-2015-0432, CVE-2014-6568, CVE-2015-0374)
    
    These updated packages upgrade MariaDB to version 5.5.41. Refer to the
    MariaDB Release Notes listed in the References section for a complete
    list of changes.
    
    All MariaDB users should upgrade to these updated packages, which
    correct these issues. After installing this update, the MariaDB server
    daemon (mysqld) will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-February/004829.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-bench-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-devel-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-embedded-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-embedded-devel-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-libs-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-server-5.5.41-2.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-test-5.5.41-2.el7_0")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2480-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id80943
    published2015-01-23
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80943
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2480-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2480-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80943);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:31");
    
      script_cve_id("CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0411", "CVE-2015-0432");
      script_bugtraq_id(72191, 72200, 72210, 72214, 72217, 72227);
      script_xref(name:"USN", value:"2480-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2480-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in MySQL and this update
    includes a new upstream MySQL version to fix these issues. MySQL has
    been updated to 5.5.41.
    
    In addition to security fixes, the updated packages contain bug fixes,
    new features, and possibly incompatible changes.
    
    Please see the following for more information:
    http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html
    http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h
    tml.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2480-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mysql-server-5.5 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"mysql-server-5.5", pkgver:"5.5.41-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"mysql-server-5.5", pkgver:"5.5.41-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"mysql-server-5.5", pkgver:"5.5.41-0ubuntu0.14.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.5");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-091.NASL
    descriptionThis update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen2020-06-01
    modified2020-06-02
    plugin id82344
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82344
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:091. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82344);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2012-5615", "CVE-2013-5908", "CVE-2014-0384", "CVE-2014-0401", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0437", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6478", "CVE-2014-6484", "CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6495", "CVE-2014-6496", "CVE-2014-6500", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0391", "CVE-2015-0411", "CVE-2015-0432");
      script_xref(name:"MDVSA", value:"2015:091");
    
      script_name(english:"Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update provides MariaDB 5.5.42, which fixes several security
    issues and other bugs. Please refer to the Oracle Critical Patch
    Update Advisories and the Release Notes for MariaDB for further
    information regarding the security vulnerabilities.
    
    Additionally the jemalloc packages is being provided as it was
    previousely provided with the mariadb source code, built and used but
    removed from the mariadb source code since 5.5.40."
      );
      # http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ef1fc2a6"
      );
      # http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?17c46362"
      );
      # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?75c6cafb"
      );
      # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1ada40cc"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5535-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5536-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5537-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5538-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5539-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5540-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5541-release-notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5542-release-notes/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64jemalloc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64jemalloc1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-feedback");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-obsolete");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-MariaDB");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64jemalloc-devel-3.6.0-2.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64jemalloc1-3.6.0-2.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-devel-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-embedded-devel-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-embedded18-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb18-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-bench-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-client-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-common-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-common-core-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-core-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-extra-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-feedback-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-obsolete-5.5.42-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mysql-MariaDB-5.5.42-1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1628.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id85443
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85443
    titleRHEL 5 : mysql55-mysql (RHSA-2015:1628)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:1628. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85443);
      script_version("2.12");
      script_cvs_date("Date: 2019/10/24 15:35:40");
    
      script_cve_id("CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0391", "CVE-2015-0411", "CVE-2015-0432", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0499", "CVE-2015-0501", "CVE-2015-0505", "CVE-2015-2568", "CVE-2015-2571", "CVE-2015-2573", "CVE-2015-2582", "CVE-2015-2620", "CVE-2015-2643", "CVE-2015-2648", "CVE-2015-4737", "CVE-2015-4752", "CVE-2015-4757", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4864", "CVE-2015-4879");
      script_xref(name:"RHSA", value:"2015:1628");
    
      script_name(english:"RHEL 5 : mysql55-mysql (RHSA-2015:1628)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mysql55-mysql packages that fix several security issues are
    now available for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    MySQL is a multi-user, multi-threaded SQL database server. It consists
    of the MySQL server daemon (mysqld) and many client programs and
    libraries.
    
    This update fixes several vulnerabilities in the MySQL database
    server. Information about these flaws can be found on the Oracle
    Critical Patch Update Advisory pages, listed in the References
    section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382,
    CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433,
    CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505,
    CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,
    CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737,
    CVE-2015-4752, CVE-2015-4757)
    
    These updated packages upgrade MySQL to version 5.5.45. Refer to the
    MySQL Release Notes listed in the References section for a complete
    list of changes.
    
    All MySQL users should upgrade to these updated packages, which
    correct these issues. After installing this update, the MySQL server
    daemon (mysqld) will be restarted automatically."
      );
      # http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?df55894d"
      );
      # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ef68d9ef"
      );
      # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?73eb3b44"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:1628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-6568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0505"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2571"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2620"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4757"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2648"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4816"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4879"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:1628";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql55-mysql-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql55-mysql-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql55-mysql-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql55-mysql-bench-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql55-mysql-bench-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql55-mysql-bench-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"mysql55-mysql-debuginfo-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"mysql55-mysql-devel-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql55-mysql-libs-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql55-mysql-libs-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql55-mysql-libs-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql55-mysql-server-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql55-mysql-server-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql55-mysql-server-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql55-mysql-test-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql55-mysql-test-5.5.45-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql55-mysql-test-5.5.45-1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-debuginfo / etc");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201504-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201504-05 (MySQL and MariaDB: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit vulnerabilities to possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82735
    published2015-04-13
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82735
    titleGLSA-201504-05 : MySQL and MariaDB: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201504-05.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82735);
      script_version("$Revision: 1.6 $");
      script_cvs_date("$Date: 2016/07/05 14:10:48 $");
    
      script_cve_id("CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0385", "CVE-2015-0391", "CVE-2015-0409", "CVE-2015-0411", "CVE-2015-0432");
      script_bugtraq_id(72191, 72200, 72205, 72210, 72214, 72217, 72223, 72227, 72229);
      script_xref(name:"GLSA", value:"201504-05");
    
      script_name(english:"GLSA-201504-05 : MySQL and MariaDB: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201504-05
    (MySQL and MariaDB: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in MySQL and MariaDB.
          Please review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could exploit vulnerabilities to possibly cause a
          Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201504-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All MySQL users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.6.22'
        All MariaDB users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/mariadb-10.0.16'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-db/mariadb", unaffected:make_list("ge 10.0.16", "rge 5.5.49"), vulnerable:make_list("lt 10.0.16"))) flag++;
    if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.6.22"), vulnerable:make_list("lt 5.6.22"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL and MariaDB");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-479.NASL
    descriptionMariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen2020-06-05
    modified2015-07-13
    plugin id84658
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84658
    titleopenSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-1162.NASL
    descriptionUpdate to MySQL 5.5.41, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html. This update also fixes security issues CVE-2015-0411, CVE-2015-0382, CVE-2015-0381, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-02-16
    plugin id81349
    published2015-02-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81349
    titleFedora 20 : community-mysql-5.5.41-1.fc20 (2015-1162)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150817_MYSQL55_MYSQL_ON_SL5_X.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2015-08-18
    plugin id85499
    published2015-08-18
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85499
    titleScientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-150302.NASL
    descriptionThe MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 42.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 41.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779)
    last seen2020-06-01
    modified2020-06-02
    plugin id82428
    published2015-03-30
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82428
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0743-1.NASL
    descriptionmariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption (bnc#915911). - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381 (bnc#915911). - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382 (bnc#915911). - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911). - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DML (bnc#915911). - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key (bnc#915911). - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500 (bnc#915912). - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491 (bnc#915912). - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912). - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (bnc#915912). - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496 (bnc#915912). - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494 (bnc#915912). - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (bnc#915912). - CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (bnc#873351). - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly validate fragment lengths in DTLS ClientHello messages, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (bnc#880891). - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not properly manage a buffer pointer during certain recursive calls, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (bnc#876282). - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (bnc#915913). - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly restrict processing of ChangeCipherSpec messages, which allowed man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id83716
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83716
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1628.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id85460
    published2015-08-18
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85460
    titleCentOS 5 : mysql55-mysql (CESA-2015:1628)
  • NASL familyDatabases
    NASL idMYSQL_5_6_22.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.5.x prior to 5.5.41 or 5.6.x prior to 5.6.22. It is, therefore, affected by vulnerabilities in the following components : - Server : DDL - Server : InnoDB : DDL : Foreign Key - Server : InnoDB : DML - Server : Optimizer - Server : Pluggable Auth - Server : Replication - Server : Security : Encryption - Server : Security : Privileges : Foreign Key
    last seen2020-06-01
    modified2020-06-02
    plugin id80886
    published2015-01-21
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80886
    titleMySQL 5.5.x < 5.5.41 / 5.6.x < 5.6.22 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0118.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81188
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81188
    titleCentOS 7 : mariadb (CESA-2015:0118)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1628.NASL
    descriptionFrom Red Hat Security Advisory 2015:1628 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id85488
    published2015-08-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85488
    titleOracle Linux 5 : mysql55-mysql (ELSA-2015-1628)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150203_MARIADB_ON_SL7_X.NASL
    descriptionThis update fixes several vulnerabilities in the MariaDB database server.(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2015-02-04
    plugin id81160
    published2015-02-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81160
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20150203)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3135.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2015-01-26
    plugin id80970
    published2015-01-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80970
    titleDebian DSA-3135-1 : mysql-5.5 - security update

Redhat

advisories
  • bugzilla
    id1184561
    titleCVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentmariadb is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118001
          • commentmariadb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702002
        • AND
          • commentmariadb-bench is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118003
          • commentmariadb-bench is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702006
        • AND
          • commentmariadb-libs is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118005
          • commentmariadb-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702004
        • AND
          • commentmariadb-devel is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118007
          • commentmariadb-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702012
        • AND
          • commentmariadb-server is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118009
          • commentmariadb-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702010
        • AND
          • commentmariadb-test is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118011
          • commentmariadb-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702008
        • AND
          • commentmariadb-embedded is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118013
          • commentmariadb-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702016
        • AND
          • commentmariadb-embedded-devel is earlier than 1:5.5.41-2.el7_0
            ovaloval:com.redhat.rhsa:tst:20150118015
          • commentmariadb-embedded-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702014
    rhsa
    idRHSA-2015:0118
    released2015-02-03
    severityModerate
    titleRHSA-2015:0118: mariadb security update (Moderate)
  • rhsa
    idRHSA-2015:0116
  • rhsa
    idRHSA-2015:0117
  • rhsa
    idRHSA-2015:1628
rpms
  • ceph-common-0:0.80.5-4.el6ost
  • ceph-debuginfo-0:0.80.5-4.el6ost
  • librados2-0:0.80.5-4.el6ost
  • librbd1-0:0.80.5-4.el6ost
  • mariadb-galera-common-0:5.5.41-1.el6ost
  • mariadb-galera-debuginfo-0:5.5.41-1.el6ost
  • mariadb-galera-server-0:5.5.41-1.el6ost
  • openstack-utils-0:2014.2-1.el6ost
  • python-ceph-0:0.80.5-4.el6ost
  • python-novaclient-1:2.17.0-4.el6ost
  • python-novaclient-doc-1:2.17.0-4.el6ost
  • python-requests-0:2.3.0-1.el6
  • python-sqlalchemy-0:0.8.4-2.el6ost
  • python-sqlalchemy-debuginfo-0:0.8.4-2.el6ost
  • python-urllib3-0:1.8.2-4.1.el6
  • mariadb-galera-common-1:5.5.41-2.el7ost
  • mariadb-galera-debuginfo-1:5.5.41-2.el7ost
  • mariadb-galera-server-1:5.5.41-2.el7ost
  • openstack-sahara-0:2014.1.3-3.el7ost
  • openstack-sahara-doc-0:2014.1.3-3.el7ost
  • openstack-selinux-0:0.6.25-1.el7ost
  • openstack-utils-0:2014.2-1.el7ost
  • python-novaclient-1:2.17.0-4.el7ost
  • python-novaclient-doc-1:2.17.0-4.el7ost
  • python-requests-0:2.3.0-3.el7ost
  • python-sqlalchemy-0:0.8.4-2.el7ost
  • python-sqlalchemy-debuginfo-0:0.8.4-2.el7ost
  • python-urllib3-0:1.8.2-5.el7ost
  • rabbitmq-server-0:3.3.5-3.el7ost
  • diskimage-builder-0:0.1.34-21.el7ost
  • mariadb-galera-common-1:5.5.41-2.el7ost
  • mariadb-galera-debuginfo-1:5.5.41-2.el7ost
  • mariadb-galera-server-1:5.5.41-2.el7ost
  • openstack-selinux-0:0.6.29-1.el7ost
  • openstack-trove-0:2014.2.3-3.el7ost
  • openstack-trove-api-0:2014.2.3-3.el7ost
  • openstack-trove-common-0:2014.2.3-3.el7ost
  • openstack-trove-conductor-0:2014.2.3-3.el7ost
  • openstack-trove-guestagent-0:2014.2.3-3.el7ost
  • openstack-trove-taskmanager-0:2014.2.3-3.el7ost
  • python-trove-0:2014.2.3-3.el7ost
  • redhat-access-plugin-openstack-0:6.0.3-1.el7ost
  • mysql55-mysql-0:5.5.41-2.el6
  • mysql55-mysql-0:5.5.41-2.el7
  • mysql55-mysql-bench-0:5.5.41-2.el6
  • mysql55-mysql-bench-0:5.5.41-2.el7
  • mysql55-mysql-debuginfo-0:5.5.41-2.el6
  • mysql55-mysql-debuginfo-0:5.5.41-2.el7
  • mysql55-mysql-devel-0:5.5.41-2.el6
  • mysql55-mysql-devel-0:5.5.41-2.el7
  • mysql55-mysql-libs-0:5.5.41-2.el6
  • mysql55-mysql-libs-0:5.5.41-2.el7
  • mysql55-mysql-server-0:5.5.41-2.el6
  • mysql55-mysql-server-0:5.5.41-2.el7
  • mysql55-mysql-test-0:5.5.41-2.el6
  • mysql55-mysql-test-0:5.5.41-2.el7
  • mariadb55-mariadb-0:5.5.41-12.el6
  • mariadb55-mariadb-0:5.5.41-12.el7
  • mariadb55-mariadb-bench-0:5.5.41-12.el6
  • mariadb55-mariadb-bench-0:5.5.41-12.el7
  • mariadb55-mariadb-debuginfo-0:5.5.41-12.el6
  • mariadb55-mariadb-debuginfo-0:5.5.41-12.el7
  • mariadb55-mariadb-devel-0:5.5.41-12.el6
  • mariadb55-mariadb-devel-0:5.5.41-12.el7
  • mariadb55-mariadb-libs-0:5.5.41-12.el6
  • mariadb55-mariadb-libs-0:5.5.41-12.el7
  • mariadb55-mariadb-server-0:5.5.41-12.el6
  • mariadb55-mariadb-server-0:5.5.41-12.el7
  • mariadb55-mariadb-test-0:5.5.41-12.el6
  • mariadb55-mariadb-test-0:5.5.41-12.el7
  • mariadb-1:5.5.41-2.el7_0
  • mariadb-bench-1:5.5.41-2.el7_0
  • mariadb-debuginfo-1:5.5.41-2.el7_0
  • mariadb-devel-1:5.5.41-2.el7_0
  • mariadb-embedded-1:5.5.41-2.el7_0
  • mariadb-embedded-devel-1:5.5.41-2.el7_0
  • mariadb-libs-1:5.5.41-2.el7_0
  • mariadb-server-1:5.5.41-2.el7_0
  • mariadb-test-1:5.5.41-2.el7_0
  • mysql55-mysql-0:5.5.45-1.el5
  • mysql55-mysql-bench-0:5.5.45-1.el5
  • mysql55-mysql-debuginfo-0:5.5.45-1.el5
  • mysql55-mysql-devel-0:5.5.45-1.el5
  • mysql55-mysql-libs-0:5.5.45-1.el5
  • mysql55-mysql-server-0:5.5.45-1.el5
  • mysql55-mysql-test-0:5.5.45-1.el5

References