Vulnerabilities > CVE-2015-2582
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Vulnerable Configurations
Nessus
NASL family Databases NASL id MYSQL_5_5_44_RPM.NASL description The version of Oracle MySQL installed on the remote host is 5.5.x prior to 5.5.44. It is, therefore, affected by the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the following subcomponents which can be exploited by an authenticated, remote attacker : - DML (CVE-2015-2648) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - Optimizer (CVE-2015-2643) - Multiple information disclosure vulnerabilities exist in the following subcomponents which can be exploited by an authenticated, remote attacker to gain access to sensitive information : - Pluggable Auth (CVE-2015-4737) - Security:Privileges (CVE-2015-2620) - An unspecified flaw exists in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4864) last seen 2020-06-04 modified 2015-08-19 plugin id 85536 published 2015-08-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85536 title Oracle MySQL 5.5.x < 5.5.44 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(85536); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03"); script_cve_id( "CVE-2015-2582", "CVE-2015-2620", "CVE-2015-2643", "CVE-2015-2648", "CVE-2015-4737", "CVE-2015-4752", "CVE-2015-4864" ); script_bugtraq_id( 75751, 75802, 75822, 75830, 75837, 75849, 77187 ); script_name(english:"Oracle MySQL 5.5.x < 5.5.44 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The version of Oracle MySQL installed on the remote host is 5.5.x prior to 5.5.44. It is, therefore, affected by the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the following subcomponents which can be exploited by an authenticated, remote attacker : - DML (CVE-2015-2648) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - Optimizer (CVE-2015-2643) - Multiple information disclosure vulnerabilities exist in the following subcomponents which can be exploited by an authenticated, remote attacker to gain access to sensitive information : - Pluggable Auth (CVE-2015-4737) - Security:Privileges (CVE-2015-2620) - An unspecified flaw exists in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4864)"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368792.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?178c8ed1"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368795.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1de82df5"); script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html"); script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2024204.1"); script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2048227.1"); # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85"); # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75a4a4fb"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2015 and October 2015 Oracle Critical Patch Update advisories."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2620"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/19"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled"); script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release"); exit(0); } include("mysql_version.inc"); fix_version = "5.5.44"; exists_version = "5.5"; mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3308.NASL description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle last seen 2020-06-01 modified 2020-06-02 plugin id 84836 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84836 title Debian DSA-3308-1 : mysql-5.5 - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-608.NASL description The MySQL Community Server edition was updated to 5.6.26, fixing security issues and bugs. All changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html - Fixed CVEs: CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582 CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772 CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771 CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641 CVE-2015-2661, CVE-2015-4767 - disable Performance Schema by default. Since MySQL 5.6.6 upstream enabled Performance Schema by default which results in increased memory usage. The added option disable Performance Schema again in order to decrease MySQL memory usage [bnc#852477]. - install INFO_BIN and INFO_SRC, noticed in MDEV-6912 - remove superfluous last seen 2020-06-05 modified 2015-09-28 plugin id 86182 published 2015-09-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86182 title openSUSE Security Update : mysql-community-server (openSUSE-2015-608) NASL family Databases NASL id MYSQL_5_6_25_RPM.NASL description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.25. It is, therefore, affected by the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the following subcomponents which can be exploited by a remote, authenticated attacker : - Partition (CVE-2015-2617) - DML (CVE-2015-2648, CVE-2015-2611) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - Optimizer (CVE-2015-2643) - Partition (CVE-2015-4772) - Memcached (CVE-2015-4761) - RBR (CVE-2015-4771) - Security:Firewall (CVE-2015-4769, CVE-2015-4767) - Security:Privileges (CVE-2015-2641) - An unspecified vulnerability exists related to the Security:Firewall subcomponent that can be exploited by an authenticated, remote attacker to have an impact on the integrity of the system. (CVE-2015-2639) - A denial of service vulnerability exists in the Client subcomponent which can be exploited by a local attacker. (CVE-2015-2661) - An unspecified flaw exists in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4864) last seen 2020-06-04 modified 2015-08-19 plugin id 85539 published 2015-08-19 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85539 title Oracle MySQL 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU) NASL family Databases NASL id MYSQL_5_6_25.NASL description The version of MySQL running on the remote host is version 5.5.x prior to 5.5.44 or version 5.6.x prior to 5.6.25. It is, therefore, potentially affected by the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the following Server subcomponents which can be exploited by a remote, authenticated attacker : - Partition (CVE-2015-2617) - DML (CVE-2015-2648, CVE-2015-2611) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - InnoDB (CVE-2015-4756) - Optimizer (CVE-2015-2643, CVE-2015-4757) - Partition (CVE-2015-4772) - Memcached (CVE-2015-4761) - RBR (CVE-2015-4771) - Security:Firewall (CVE-2015-4769, CVE-2015-4767) - Security:Privileges (CVE-2015-2641) - Multiple Information disclosure vulnerabilities exist in the following Server subcomponents which can be exploited by a remote, authenticated attacker to gain access to sensitive information : - Pluggable Auth (CVE-2015-4737) - Security:Privileges (CVE-2015-2620) - An unspecified vulnerability exists related to the Security:Firewall subcomponent of the Server that can be exploited by a remote, authenticated attacker to have an impact on the integrity of the system. (CVE-2015-2639) - A denial of service vulnerability exists in the Client subcomponent which can be exploited by a local attacker. No other details have been given. (CVE-2015-2661) last seen 2020-06-01 modified 2020-06-02 plugin id 84767 published 2015-07-15 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84767 title MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3311.NASL description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10017-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10018-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10019-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10020-release- notes/ last seen 2020-06-01 modified 2020-06-02 plugin id 84839 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84839 title Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM) NASL family Databases NASL id MARIADB_10_0_20.NASL description The version of MariaDB running on the remote host is 10.0.x prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the GIS component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2582) - An unspecified flaw exists in the Security: Privileges component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2015-2620) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2643) - An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2648) - A security feature bypass vulnerability, known as last seen 2020-06-01 modified 2020-06-02 plugin id 84796 published 2015-07-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84796 title MariaDB 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1628.NASL description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 85443 published 2015-08-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85443 title RHEL 5 : mysql55-mysql (RHSA-2015:1628) NASL family Scientific Linux Local Security Checks NASL id SL_20150824_MARIADB_ON_SL7_X.NASL description It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-03-18 modified 2015-08-25 plugin id 85622 published 2015-08-25 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85622 title Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201610-06.NASL description The remote host is affected by the vulnerability described in GLSA-201610-06 (MySQL and MariaDB: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit vulnerabilities, through multiple vectors, that affect the confidentiality, integrity, and availability of MySQL and MariaDB. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 93993 published 2016-10-12 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93993 title GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1665.NASL description From Red Hat Security Advisory 2015:1665 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 85612 published 2015-08-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85612 title Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM) NASL family Scientific Linux Local Security Checks NASL id SL_20150817_MYSQL55_MYSQL_ON_SL5_X.NASL description This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-03-18 modified 2015-08-18 plugin id 85499 published 2015-08-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85499 title Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1788-1.NASL description MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the last seen 2020-06-01 modified 2020-06-02 plugin id 86537 published 2015-10-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86537 title SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2674-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84915 published 2015-07-22 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84915 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2674-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1628.NASL description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 85460 published 2015-08-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85460 title CentOS 5 : mysql55-mysql (CESA-2015:1628) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1628.NASL description From Red Hat Security Advisory 2015:1628 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 85488 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85488 title Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1665.NASL description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 85616 published 2015-08-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85616 title RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1665.NASL description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 85635 published 2015-08-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85635 title CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)
Redhat
| advisories |
| ||||||||||||||||||||||||
| rpms |
|
References
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.ubuntu.com/usn/USN-2674-1
- http://rhn.redhat.com/errata/RHSA-2015-1630.html
- http://www.debian.org/security/2015/dsa-3308
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/75751
- http://rhn.redhat.com/errata/RHSA-2015-1629.html
- http://rhn.redhat.com/errata/RHSA-2015-1628.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html
- https://security.gentoo.org/glsa/201610-06
- http://www.securitytracker.com/id/1032911
- http://www.debian.org/security/2015/dsa-3311
- http://rhn.redhat.com/errata/RHSA-2015-1665.html
- http://rhn.redhat.com/errata/RHSA-2015-1647.html
- http://rhn.redhat.com/errata/RHSA-2015-1646.html