Vulnerabilities > CVE-2016-7440
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Vulnerable Configurations
Nessus
NASL family Databases NASL id MARIADB_10_0_28.NASL description The version of MariaDB running on the remote host is 10.0.x prior to 10.0.28. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-5584) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5624) - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629) - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys. Note that this vulnerability does not affect MariaDB packages included in Red Hat products since they last seen 2020-06-01 modified 2020-06-02 plugin id 95540 published 2016-12-05 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95540 title MariaDB 10.0.x < 10.0.28 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(95540); script_version("1.7"); script_cvs_date("Date: 2019/11/13"); script_cve_id( "CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283" ); script_bugtraq_id( 92911, 93614, 93635, 93638, 93650, 93659, 93668, 93735, 93737 ); script_xref(name:"EDB-ID", value:"40678"); script_name(english:"MariaDB 10.0.x < 10.0.28 Multiple Vulnerabilities"); script_summary(english:"Checks the MariaDB version."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MariaDB running on the remote host is 10.0.x prior to 10.0.28. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-5584) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5624) - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629) - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys. Note that this vulnerability does not affect MariaDB packages included in Red Hat products since they're built against system OpenSSL packages. (CVE-2016-7440) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8283) - A flaw exists in the fix_after_pullout() function in item.cc that is triggered when handling a prepared statement with a conversion to semi-join. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the mysql_admin_table() function in sql_admin.cc that is triggered when handling re-execution of certain ANALYZE TABLE prepared statements. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the fill_alter_inplace_info() function in sql_table.cc that is triggered when altering persistent virtual columns. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the mysql_rm_table_no_locks() function in sql_table.cc that is triggered during the handling of CREATE OR REPLACE TABLE queries. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition."); script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10028-changelog/"); script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/"); script_set_attribute(attribute:"solution", value: "Upgrade to MariaDB version 10.0.28 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6663"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'MariaDB', fixed:'10.0.28-MariaDB', min:'10.0', severity:SECURITY_WARNING);NASL family Databases NASL id MARIADB_10_1_19.NASL description The version of MariaDB running on the remote host is 10.1.x prior to 10.1.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-5584) - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys. Note that this vulnerability does not affect MariaDB packages included in Red Hat products since they last seen 2020-06-01 modified 2020-06-02 plugin id 95541 published 2016-12-05 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95541 title MariaDB 10.1.x < 10.1.19 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(95541); script_version("1.7"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-5584", "CVE-2016-7440"); script_bugtraq_id(93659, 93735); script_name(english:"MariaDB 10.1.x < 10.1.19 Multiple Vulnerabilities"); script_summary(english:"Checks the MariaDB version."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MariaDB running on the remote host is 10.1.x prior to 10.1.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-5584) - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys. Note that this vulnerability does not affect MariaDB packages included in Red Hat products since they're built against system OpenSSL packages. (CVE-2016-7440) - A flaw exists in the fill_alter_inplace_info() function in sql_table.cc that is triggered when altering persistent virtual columns. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the mysql_rm_table_no_locks() function in sql_table.cc that is triggered during the handling of CREATE OR REPLACE TABLE queries. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the buf_page_is_checksum_valid* functions in buf0buf.cc that is triggered during the handling of encrypted information. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the wsrep_replicate_myisam functionality that is triggered when dropping MyISAM tables. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition."); script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10119-changelog/"); script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10119-release-notes/"); script_set_attribute(attribute:"solution", value: "Upgrade to MariaDB version 10.1.19 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5584"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'MariaDB', fixed:'10.1.19-MariaDB', min:'10.1', severity:SECURITY_NOTE);NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3109-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94287 published 2016-10-26 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94287 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3109-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3109-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(94287); script_version("1.8"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2016-5584", "CVE-2016-7440"); script_xref(name:"USN", value:"3109-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3109-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3109-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected mysql-server-5.5 and / or mysql-server-5.7 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"mysql-server-5.5", pkgver:"5.5.53-0ubuntu0.12.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"mysql-server-5.5", pkgver:"5.5.53-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"mysql-server-5.7", pkgver:"5.7.16-0ubuntu0.16.04.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"mysql-server-5.7", pkgver:"5.7.16-0ubuntu0.16.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.5 / mysql-server-5.7"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9BC14850A07011E6A881B499BAEBFEAF.NASL description The MariaDB project reports : Fixes for the following security vulnerabilities : - CVE-2016-7440 - CVE-2016-5584 last seen 2020-06-01 modified 2020-06-02 plugin id 94458 published 2016-11-02 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94458 title FreeBSD : MySQL -- multiple vulnerabilities (9bc14850-a070-11e6-a881-b499baebfeaf) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(94458); script_version("2.4"); script_cvs_date("Date: 2018/11/21 10:46:31"); script_cve_id("CVE-2016-5584", "CVE-2016-7440"); script_name(english:"FreeBSD : MySQL -- multiple vulnerabilities (9bc14850-a070-11e6-a881-b499baebfeaf)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The MariaDB project reports : Fixes for the following security vulnerabilities : - CVE-2016-7440 - CVE-2016-5584" ); # https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/ script_set_attribute( attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-5553-release-notes/" ); # https://vuxml.freebsd.org/freebsd/9bc14850-a070-11e6-a881-b499baebfeaf.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f7995e5a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb55-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql55-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql56-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql57-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"mariadb55-server<5.5.53")) flag++; if (pkg_test(save_report:TRUE, pkg:"mysql55-server<5.5.53")) flag++; if (pkg_test(save_report:TRUE, pkg:"mysql56-server<5.6.34")) flag++; if (pkg_test(save_report:TRUE, pkg:"mysql57-server<5.7.15")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1289.NASL description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append last seen 2020-06-05 modified 2016-11-14 plugin id 94756 published 2016-11-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94756 title openSUSE Security Update : mysql-community-server (openSUSE-2016-1289) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1289. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(94756); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-2105", "CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3492", "CVE-2016-3501", "CVE-2016-3521", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5507", "CVE-2016-5584", "CVE-2016-5609", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5626", "CVE-2016-5627", "CVE-2016-5629", "CVE-2016-5630", "CVE-2016-6304", "CVE-2016-6662", "CVE-2016-7440", "CVE-2016-8283", "CVE-2016-8284", "CVE-2016-8288"); script_name(english:"openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)"); script_summary(english:"Check for the openSUSE-2016-1289 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%(_libexecdir)/systemd/system' with %(_unitdir) macro - remove useless [email protected] [boo#971456] - replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005555" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005557" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005560" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005561" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005563" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005570" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005581" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971456" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977614" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983938" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986251" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989911" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989913" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989914" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989915" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989925" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989926" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=990890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=998309" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999666" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql-community-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client18-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client18-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client_r18-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-bench-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-bench-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-client-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-client-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-debugsource-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-errormessages-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-test-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-test-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-tools-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-tools-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client18-32bit-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client18-debuginfo-32bit-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client_r18-32bit-5.6.34-19.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysql56client18-32bit / libmysql56client18 / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2932-1.NASL description This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes : - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes : - mysql_install_db can last seen 2020-06-01 modified 2020-06-02 plugin id 95383 published 2016-11-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95383 title SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2932-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(95383); script_version("3.6"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"); script_name(english:"SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes : - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes : - mysql_install_db can't find data files (bsc#1006539) - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Notable changes : - XtraDB updated to 5.6.33-79.0 - TokuDB updated to 5.6.33-79.0 - Innodb updated to 5.6.33 - Performance Schema updated to 5.6.33 - Release notes and upstream changelog : - https://kb.askmonty.org/en/mariadb-10028-release-notes - https://kb.askmonty.org/en/mariadb-10028-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1001367" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1003800" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005555" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005564" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005581" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1008318" ); # https://kb.askmonty.org/en/mariadb-10028-changelog script_set_attribute( attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10028-changelog/" ); # https://kb.askmonty.org/en/mariadb-10028-release-notes script_set_attribute( attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3492/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5584/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5616/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5624/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5626/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5629/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-6663/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-7440/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8283/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?44e8bca1" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2016-1718=1 SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2016-1718=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqld-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqld18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient-devel-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient_r18-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqld-devel-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqld18-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqld18-debuginfo-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-debuginfo-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debuginfo-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debugsource-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-errormessages-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-debuginfo-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-32bit-10.0.28-20.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-32bit-10.0.28-20.16.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-305-03.NASL description New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94440 published 2016-11-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94440 title Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03) NASL family Databases NASL id MYSQL_5_5_53.NASL description The version of MySQL running on the remote host is 5.5.x prior to 5.5.53. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-5584) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617) - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629) - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a last seen 2020-06-01 modified 2020-06-02 plugin id 94165 published 2016-10-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94165 title MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU) NASL family Databases NASL id MYSQL_5_7_16_RPM.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the last seen 2020-06-04 modified 2016-10-21 plugin id 94198 published 2016-10-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94198 title MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3711.NASL description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10028-release- notes/ last seen 2020-06-01 modified 2020-06-02 plugin id 94743 published 2016-11-14 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94743 title Debian DSA-3711-1 : mariadb-10.0 - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-708.NASL description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle last seen 2020-03-17 modified 2016-11-16 plugin id 94916 published 2016-11-16 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94916 title Debian DLA-708-1 : mysql-5.5 security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3706.NASL description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle last seen 2020-06-01 modified 2020-06-02 plugin id 94589 published 2016-11-07 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94589 title Debian DSA-3706-1 : mysql-5.5 - security update NASL family Databases NASL id MYSQL_5_5_53_RPM.NASL description The version of MySQL running on the remote host is 5.5.x prior to 5.5.53. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-5584) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617) - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629) - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a last seen 2020-06-04 modified 2016-10-21 plugin id 94196 published 2016-10-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94196 title MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2933-1.NASL description This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes : - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes : - mysql_install_db can last seen 2020-06-01 modified 2020-06-02 plugin id 95384 published 2016-11-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95384 title SUSE SLED12 / SLES12 Security Update : Recommended update for mariadb (SUSE-SU-2016:2933-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2780-1.NASL description This mysql version update to 5.5.53 fixes the following issues : - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 53.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94757 published 2016-11-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94757 title SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2780-1) NASL family Databases NASL id MYSQL_5_6_34_RPM.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.34. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the last seen 2020-06-04 modified 2016-10-21 plugin id 94197 published 2016-10-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94197 title MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) NASL family Databases NASL id MYSQL_5_7_16.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the last seen 2020-06-01 modified 2020-06-02 plugin id 94167 published 2016-10-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94167 title MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1417.NASL description This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318) : Security fixes : - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes : - mysql_install_db can last seen 2020-06-05 modified 2016-12-07 plugin id 95597 published 2016-12-07 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95597 title openSUSE Security Update : mariadb (openSUSE-2016-1417) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1283.NASL description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append last seen 2020-06-05 modified 2016-11-11 plugin id 94694 published 2016-11-11 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94694 title openSUSE Security Update : mysql-community-server (openSUSE-2016-1283) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1416.NASL description This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318) : Security fixes : - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes : - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Remove useless [email protected] (bsc#1004477) - Replace all occurrences of the string last seen 2020-06-05 modified 2016-12-07 plugin id 95596 published 2016-12-07 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95596 title openSUSE Security Update : mariadb (openSUSE-2016-1416) NASL family Databases NASL id MYSQL_5_6_34.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.34. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the last seen 2020-06-01 modified 2020-06-02 plugin id 94166 published 2016-10-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94166 title MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)
References
- http://www.securityfocus.com/bid/93659
- https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
- http://www.debian.org/security/2016/dsa-3706
- http://www.securitytracker.com/id/1037050