Vulnerabilities > CVE-2018-3060

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
oracle
netapp
canonical
mariadb
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
34
Application
Netapp
4
Application
Mariadb
26
OS
Canonical
3

Nessus

  • NASL familyDatabases
    NASL idMARIADB_10_2_17.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.2.17. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-10217-rn advisory. - An unspecified vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this to compromise MariaDB server, resulting in unauthorized update, insert, delete and read access to some of accessible data. (CVE-2018-3058, CVE-2018-3060, CVE-2018-3066) - A denial of service (DoS) vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this issue, to cause the application to stop responding. (CVE-2018-3063, CVE-2018-3064) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-31
    modified2019-06-05
    plugin id125730
    published2019-06-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125730
    titleMariaDB 10.2.0 < 10.2.17 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125730);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/25");
    
      script_cve_id(
        "CVE-2018-3058",
        "CVE-2018-3060",
        "CVE-2018-3063",
        "CVE-2018-3064",
        "CVE-2018-3066"
      );
      script_bugtraq_id(
        104766,
        104769,
        104776,
        104786
      );
    
      script_name(english:"MariaDB 10.2.0 < 10.2.17 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Mariadb.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of MariaDB installed on the remote host is prior to
    10.2.17. It is, therefore, affected by multiple vulnerabilities as
    referenced in the mdb-10217-rn advisory.
    
      - An unspecified vulnerability exists in MariaDB. An authenticated, remote attacker can exploit
      this to compromise MariaDB server, resulting in unauthorized update, insert, delete and read access
      to some of accessible data. (CVE-2018-3058, CVE-2018-3060, CVE-2018-3066)
    
      - A denial of service (DoS) vulnerability exists in MariaDB. An authenticated, remote attacker
      can exploit this issue, to cause the application to stop responding. (CVE-2018-3063, CVE-2018-3064)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's
    self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mdb-10217-rn");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-12837");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-14637");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-15822");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-15855");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-15953");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-16515");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-16596");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-16664");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-16713");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-16809");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MariaDB version 10.2.17 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3064");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/05");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
       script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include('mysql_version.inc');
    
    mysql_check_version(variant: 'MariaDB', min:'10.2.0-MariaDB', fixed:make_list('10.2.17-MariaDB'), severity:SECURITY_WARNING);
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-327.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed : - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) - CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) - CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed : - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). - Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) - Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog : - https://mariadb.com/kb/en/library/mariadb-10222-release-notes - https://mariadb.com/kb/en/library/mariadb-10222-changelog/ This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122849
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122849
    titleopenSUSE Security Update : mariadb (openSUSE-2019-327)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-327.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122849);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/05");
    
      script_cve_id("CVE-2016-9843", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3162", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3185", "CVE-2018-3200", "CVE-2018-3251", "CVE-2018-3277", "CVE-2018-3282", "CVE-2018-3284", "CVE-2019-2510", "CVE-2019-2537");
    
      script_name(english:"openSUSE Security Update : mariadb (openSUSE-2019-327)");
      script_summary(english:"Check for the openSUSE-2019-327 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for mariadb to version 10.2.22 fixes the following 
    issues :
    
    Security issues fixed :
    
      - CVE-2019-2510: Fixed a vulnerability which can lead to
        MySQL compromise and lead to Denial of Service
        (bsc#1122198). 
    
      - CVE-2019-2537: Fixed a vulnerability which can lead to
        MySQL compromise and lead to Denial of Service
        (bsc#1122198).
    
      - CVE-2018-3284: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112377)
    
      - CVE-2018-3282: Server Storage Engines unspecified
        vulnerability (CPU Oct 2018) (bsc#1112432)
    
      - CVE-2018-3277: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112391)
    
      - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct
        2018) (bsc#1112397)
    
      - CVE-2018-3200: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112404)
    
      - CVE-2018-3185: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112384)
    
      - CVE-2018-3174: Client programs unspecified vulnerability
        (CPU Oct 2018) (bsc#1112368)
    
      - CVE-2018-3173: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112386)
    
      - CVE-2018-3162: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112415)
    
      - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct
        2018) (bsc#1112417)
    
      - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct
        2018) (bsc#1112421)
    
      - CVE-2018-3066: Unspecified vulnerability in the MySQL
        Server component of Oracle MySQL (subcomponent Server
        Options). (bsc#1101678)
    
      - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul
        2018) (bsc#1103342)
    
      - CVE-2018-3063: Unspecified vulnerability in the MySQL
        Server component of Oracle MySQL (subcomponent Server
        Security Privileges). (bsc#1101677)
    
      - CVE-2018-3058: Unspecified vulnerability in the MySQL
        Server component of Oracle MySQL (subcomponent MyISAM).
        (bsc#1101676)
    
      - CVE-2016-9843: Big-endian out-of-bounds pointer
        (bsc#1013882)
    
    Non-security issues fixed :
    
      - Fixed an issue where mysl_install_db fails due to
        incorrect basedir (bsc#1127027).
    
      - Fixed an issue where the lograte was not working
        (bsc#1112767).
    
      - Backport Information Schema CHECK_CONSTRAINTS Table.
    
      - Maximum value of table_definition_cache is now 2097152.
    
      - InnoDB ALTER TABLE fixes.
    
      - Galera crash recovery fixes.
    
      - Encryption fixes.
    
      - Remove xtrabackup dependency as MariaDB ships a build in
        mariabackup so xtrabackup is not needed (bsc#1122475).
    
      - Maria DB testsuite - test main.plugin_auth failed
        (bsc#1111859)
    
      - Maria DB testsuite - test encryption.second_plugin-12863
        failed (bsc#1111858)
    
      - Remove PerconaFT from the package as it has AGPL licence
        (bsc#1118754)
    
      - remove PerconaFT from the package as it has AGPL licence
        (bsc#1118754)
    
      - Database corruption after renaming a prefix-indexed
        column (bsc#1120041)
    
    Release notes and changelog :
    
    - https://mariadb.com/kb/en/library/mariadb-10222-release-notes
    
    - https://mariadb.com/kb/en/library/mariadb-10222-changelog/
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101676"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112421"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122198"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127027"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-10222-changelog/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-10222-release-notes"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld19");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld19-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-galera");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libmysqld-devel-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libmysqld19-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libmysqld19-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-bench-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-bench-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-client-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-client-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-debugsource-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-errormessages-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-galera-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-test-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-test-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-tools-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-tools-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqld-devel / libmysqld19 / libmysqld19-debuginfo / mariadb / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-F67FDA3DB6.NASL
    description**MySQL 5.7.23** Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120915
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120915
    titleFedora 28 : community-mysql (2018-f67fda3db6)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-f67fda3db6.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120915);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-2767", "CVE-2018-3056", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3061", "CVE-2018-3062", "CVE-2018-3064", "CVE-2018-3065", "CVE-2018-3066", "CVE-2018-3070", "CVE-2018-3071", "CVE-2018-3077", "CVE-2018-3081");
      script_xref(name:"FEDORA", value:"2018-f67fda3db6");
    
      script_name(english:"Fedora 28 : community-mysql (2018-f67fda3db6)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "**MySQL 5.7.23**
    
    Release notes
    
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html
    
    CVEs fixed
    
    CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061
    CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070
    CVE-2018-3071 CVE-2018-3077 CVE-2018-3081
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-f67fda3db6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected community-mysql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"community-mysql-5.7.23-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1070.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3077) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3064) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3062) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2018-3058) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-3056) Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3081) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3065) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3071) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3061) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2018-3060) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3054) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3070) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2018-3066)
    last seen2020-06-01
    modified2020-06-02
    plugin id112097
    published2018-08-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112097
    titleAmazon Linux AMI : mysql57 (ALAS-2018-1070)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3725-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111510
    published2018-08-02
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111510
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : mysql-5.5, mysql-5.7 vulnerabilities (USN-3725-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-77E610115A.NASL
    description**MariaDB 10.2.17 ** Release notes : https://mariadb.com/kb/en/library/mariadb-10217-release-notes/ CVEs fixed : CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120543
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120543
    titleFedora 28 : 3:mariadb (2018-77e610115a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-D1C4A4CA50.NASL
    description**MariaDB 10.2.17 ** Release notes : https://mariadb.com/kb/en/library/mariadb-10217-release-notes/ CVEs fixed : CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-09-04
    plugin id112235
    published2018-09-04
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112235
    titleFedora 27 : 3:mariadb (2018-d1c4a4ca50)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0170.NASL
    descriptionAn update of 'mysql' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111948
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111948
    titlePhoton OS 1.0: Mysql PHSA-2018-1.0-0170 (deprecated)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3A3C660BFA.NASL
    description**MySQL 5.7.23** Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-09-12
    plugin id117438
    published2018-09-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117438
    titleFedora 27 : community-mysql (2018-3a3c660bfa)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0170_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121869
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121869
    titlePhoton OS 1.0: Mysql PHSA-2018-1.0-0170
  • NASL familyDatabases
    NASL idMYSQL_8_0_12.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.12. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 and July 2019 Critical Patch Update advisories. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id111159
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111159
    titleMySQL 8.0.x < 8.0.12 Multiple Vulnerabilities (Jul 2018 CPU) (Jul 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0555-1.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed : CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed: Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). Fixed an issue where the lograte was not working (bsc#1112767). Backport Information Schema CHECK_CONSTRAINTS Table. Maximum value of table_definition_cache is now 2097152. InnoDB ALTER TABLE fixes. Galera crash recovery fixes. Encryption fixes. Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) remove PerconaFT from the package as it has AGPL licence (bsc#1118754) Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10222-release-notes https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122664
    published2019-03-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122664
    titleSUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)
  • NASL familyDatabases
    NASL idMYSQL_8_0_12_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.12. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id111160
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111160
    titleMySQL 8.0.x < 8.0.12 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL
    descriptionOracle reports : Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7
    last seen2020-06-01
    modified2020-06-02
    plugin id111596
    published2018-08-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111596
    titleFreeBSD : MySQL -- multiple vulnerabilities (909be51b-9b3b-11e8-add2-b499baebfeaf)
  • NASL familyDatabases
    NASL idMARIADB_10_3_9.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.3.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1039-rn advisory. - An unspecified vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this to compromise MariaDB server, resulting in unauthorized update, insert, delete and read access to some of accessible data. (CVE-2018-3058, CVE-2018-3060, CVE-2018-3066) - A denial of service (DoS) vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this issue, to cause the application to stop responding. (CVE-2018-3063, CVE-2018-3064) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-31
    modified2019-06-05
    plugin id125731
    published2019-06-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125731
    titleMariaDB 10.3.0 < 10.3.9 Multiple Vulnerabilities
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0079.NASL
    descriptionAn update of 'mysql' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111963
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111963
    titlePhoton OS 2.0: Mysql PHSA-2018-2.0-0079 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0079_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121976
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121976
    titlePhoton OS 2.0: Mysql PHSA-2018-2.0-0079
  • NASL familyDatabases
    NASL idMYSQL_5_7_23_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.23. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id111158
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111158
    titleMySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_7_23.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.23 It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id111157
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111157
    titleMySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (July 2018 CPU)

Redhat

advisories
  • rhsa
    idRHSA-2018:3655
  • rhsa
    idRHSA-2019:1258
rpms
  • rh-mysql57-mysql-0:5.7.24-1.el7
  • rh-mysql57-mysql-0:5.7.24-2.el6
  • rh-mysql57-mysql-common-0:5.7.24-1.el7
  • rh-mysql57-mysql-common-0:5.7.24-2.el6
  • rh-mysql57-mysql-config-0:5.7.24-1.el7
  • rh-mysql57-mysql-config-0:5.7.24-2.el6
  • rh-mysql57-mysql-debuginfo-0:5.7.24-1.el7
  • rh-mysql57-mysql-debuginfo-0:5.7.24-2.el6
  • rh-mysql57-mysql-devel-0:5.7.24-1.el7
  • rh-mysql57-mysql-devel-0:5.7.24-2.el6
  • rh-mysql57-mysql-errmsg-0:5.7.24-1.el7
  • rh-mysql57-mysql-errmsg-0:5.7.24-2.el6
  • rh-mysql57-mysql-server-0:5.7.24-1.el7
  • rh-mysql57-mysql-server-0:5.7.24-2.el6
  • rh-mysql57-mysql-test-0:5.7.24-1.el7
  • rh-mysql57-mysql-test-0:5.7.24-2.el6
  • rh-mariadb102-galera-0:25.3.25-1.el6
  • rh-mariadb102-galera-0:25.3.25-1.el7
  • rh-mariadb102-galera-debuginfo-0:25.3.25-1.el6
  • rh-mariadb102-galera-debuginfo-0:25.3.25-1.el7
  • rh-mariadb102-mariadb-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-backup-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-backup-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-bench-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-bench-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-common-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-common-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-config-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-config-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-devel-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-devel-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-test-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-test-1:10.2.22-1.el7