ID CVE-2014-6559
Summary Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
References
Vulnerable Configurations
  • cpe:2.3:a:juniper:junos_space:15.1
    cpe:2.3:a:juniper:junos_space:15.1
  • MariaDB 5.5.40
    cpe:2.3:a:mariadb:mariadb:5.5.40
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • Oracle MySQL 5.5.0
    cpe:2.3:a:oracle:mysql:5.5.0
  • Oracle MySQL 5.5.1
    cpe:2.3:a:oracle:mysql:5.5.1
  • Oracle MySQL 5.5.2
    cpe:2.3:a:oracle:mysql:5.5.2
  • Oracle MySQL 5.5.3
    cpe:2.3:a:oracle:mysql:5.5.3
  • Oracle MySQL 5.5.4
    cpe:2.3:a:oracle:mysql:5.5.4
  • Oracle MySQL 5.5.5
    cpe:2.3:a:oracle:mysql:5.5.5
  • Oracle MySQL 5.5.6
    cpe:2.3:a:oracle:mysql:5.5.6
  • Oracle MySQL 5.5.7
    cpe:2.3:a:oracle:mysql:5.5.7
  • Oracle MySQL 5.5.8
    cpe:2.3:a:oracle:mysql:5.5.8
  • Oracle MySQL 5.5.9
    cpe:2.3:a:oracle:mysql:5.5.9
  • Oracle MySQL 5.5.10
    cpe:2.3:a:oracle:mysql:5.5.10
  • Oracle MySQL 5.5.11
    cpe:2.3:a:oracle:mysql:5.5.11
  • Oracle MySQL 5.5.12
    cpe:2.3:a:oracle:mysql:5.5.12
  • Oracle MySQL 5.5.13
    cpe:2.3:a:oracle:mysql:5.5.13
  • Oracle MySQL 5.5.14
    cpe:2.3:a:oracle:mysql:5.5.14
  • Oracle MySQL 5.5.15
    cpe:2.3:a:oracle:mysql:5.5.15
  • Oracle MySQL 5.5.16
    cpe:2.3:a:oracle:mysql:5.5.16
  • Oracle MySQL 5.5.17
    cpe:2.3:a:oracle:mysql:5.5.17
  • Oracle MySQL 5.5.18
    cpe:2.3:a:oracle:mysql:5.5.18
  • Oracle MySQL 5.5.19
    cpe:2.3:a:oracle:mysql:5.5.19
  • Oracle MySQL 5.5.20
    cpe:2.3:a:oracle:mysql:5.5.20
  • Oracle MySQL 5.5.21
    cpe:2.3:a:oracle:mysql:5.5.21
  • Oracle MySQL 5.5.22
    cpe:2.3:a:oracle:mysql:5.5.22
  • Oracle MySQL 5.5.23
    cpe:2.3:a:oracle:mysql:5.5.23
  • Oracle MySQL 5.5.24
    cpe:2.3:a:oracle:mysql:5.5.24
  • Oracle MySQL 5.5.25
    cpe:2.3:a:oracle:mysql:5.5.25
  • Oracle MySQL 5.5.25a
    cpe:2.3:a:oracle:mysql:5.5.25:a
  • Oracle MySQL 5.5.26
    cpe:2.3:a:oracle:mysql:5.5.26
  • Oracle MySQL 5.5.27
    cpe:2.3:a:oracle:mysql:5.5.27
  • Oracle MySQL 5.5.28
    cpe:2.3:a:oracle:mysql:5.5.28
  • Oracle MySQL 5.5.29
    cpe:2.3:a:oracle:mysql:5.5.29
  • Oracle MySQL 5.5.30
    cpe:2.3:a:oracle:mysql:5.5.30
  • Oracle MySQL 5.5.31
    cpe:2.3:a:oracle:mysql:5.5.31
  • Oracle MySQL 5.5.32
    cpe:2.3:a:oracle:mysql:5.5.32
  • Oracle MySQL 5.5.33
    cpe:2.3:a:oracle:mysql:5.5.33
  • Oracle MySQL 5.5.34
    cpe:2.3:a:oracle:mysql:5.5.34
  • Oracle MySQL 5.5.35
    cpe:2.3:a:oracle:mysql:5.5.35
  • Oracle MySQL 5.5.36
    cpe:2.3:a:oracle:mysql:5.5.36
  • Oracle MySQL 5.5.37
    cpe:2.3:a:oracle:mysql:5.5.37
  • Oracle MySQL 5.5.38
    cpe:2.3:a:oracle:mysql:5.5.38
  • Oracle MySQL 5.5.39
    cpe:2.3:a:oracle:mysql:5.5.39
  • Oracle MySQL 5.6.0
    cpe:2.3:a:oracle:mysql:5.6.0
  • Oracle MySQL 5.6.1
    cpe:2.3:a:oracle:mysql:5.6.1
  • Oracle MySQL 5.6.2
    cpe:2.3:a:oracle:mysql:5.6.2
  • Oracle MySQL 5.6.3
    cpe:2.3:a:oracle:mysql:5.6.3
  • Oracle MySQL 5.6.4
    cpe:2.3:a:oracle:mysql:5.6.4
  • Oracle MySQL 5.6.5
    cpe:2.3:a:oracle:mysql:5.6.5
  • Oracle MySQL 5.6.6
    cpe:2.3:a:oracle:mysql:5.6.6
  • Oracle MySQL 5.6.7
    cpe:2.3:a:oracle:mysql:5.6.7
  • Oracle MySQL 5.6.8
    cpe:2.3:a:oracle:mysql:5.6.8
  • Oracle MySQL 5.6.9
    cpe:2.3:a:oracle:mysql:5.6.9
  • Oracle MySQL 5.6.10
    cpe:2.3:a:oracle:mysql:5.6.10
  • Oracle MySQL 5.6.11
    cpe:2.3:a:oracle:mysql:5.6.11
  • Oracle MySQL 5.6.12
    cpe:2.3:a:oracle:mysql:5.6.12
  • Oracle MySQL 5.6.13
    cpe:2.3:a:oracle:mysql:5.6.13
  • Oracle MySQL 5.6.14
    cpe:2.3:a:oracle:mysql:5.6.14
  • Oracle MySQL 5.6.15
    cpe:2.3:a:oracle:mysql:5.6.15
  • Oracle MySQL 5.6.16
    cpe:2.3:a:oracle:mysql:5.6.16
  • Oracle MySQL 5.6.17
    cpe:2.3:a:oracle:mysql:5.6.17
  • Oracle MySQL 5.6.18
    cpe:2.3:a:oracle:mysql:5.6.18
  • Oracle MySQL 5.6.19
    cpe:2.3:a:oracle:mysql:5.6.19
  • Oracle MySQL 5.6.20
    cpe:2.3:a:oracle:mysql:5.6.20
CVSS
Base: 4.3 (as of 21-10-2016 - 10:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-428.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6491) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. (CVE-2014-6559) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6500) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2014-6494)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78558
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78558
    title Amazon Linux AMI : mysql55 (ALAS-2014-428)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-479.NASL
    description MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 84658
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84658
    title openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201411-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201411-02 (MySQL, MariaDB: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 78880
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78880
    title GLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-307-01.NASL
    description New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 78829
    published 2014-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78829
    title Slackware 14.1 / current : mariadb (SSA:2014-307-01)
  • NASL family Databases
    NASL id MYSQL_5_6_21.NASL
    description The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected by errors in the following components : - C API SSL CERTIFICATE HANDLING - CLIENT:SSL:yaSSL - SERVER:DML - SERVER:INNODB DML FOREIGN KEYS - SERVER:OPTIMIZER - SERVER:SSL:yaSSL
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78477
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78477
    title MySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities (October 2014 CPU)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0743-1.NASL
    description mariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption (bnc#915911). - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381 (bnc#915911). - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382 (bnc#915911). - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911). - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DML (bnc#915911). - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key (bnc#915911). - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500 (bnc#915912). - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491 (bnc#915912). - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912). - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (bnc#915912). - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496 (bnc#915912). - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494 (bnc#915912). - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (bnc#915912). - CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (bnc#873351). - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly validate fragment lengths in DTLS ClientHello messages, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (bnc#880891). - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not properly manage a buffer pointer during certain recursive calls, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (bnc#876282). - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (bnc#915913). - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly restrict processing of ChangeCipherSpec messages, which allowed man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability (bnc#915913). - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (bnc#915913). - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED (bnc#915913). - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allowed remote authenticated users to affect integrity and availability via vectors related to SERVER:SP (bnc#915913). - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913). - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allowed remote attackers to enumerate valid usernames (bnc#915913). - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM (bnc#896400). - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS (bnc#915913). - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (bnc#915913). - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913). - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect availability via vectors related to SERVER:DML (bnc#915913). - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL (bnc#915913). - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE (bnc#915913). - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:DDL (bnc#915913). - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP (bnc#915913). - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913). - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect availability via vectors related to DDL (bnc#915913). - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC (bnc#915914). - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed remote authenticated users to affect integrity and availability via vectors related to SRCHAR (bnc#915914). - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to affect availability via vectors related to ENARC (bnc#915914). - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to affect availability via vectors related to SROPTZR (bnc#915914). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83716
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83716
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3054.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5 -39.html - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5 -40.html - http://www.oracle.com/technetwork/topics/security/cpuoct 2014-1972960.html
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 78589
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78589
    title Debian DSA-3054-1 : mysql-5.5 - security update
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10698.NASL
    description According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities : - An error exists within the Apache 'mod_session_dbd' module, related to save operations for a session, due to a failure to consider the dirty flag and to require a new session ID. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2013-2249) - An unspecified flaw exists in the MySQL Server component related to error handling that allows a remote attacker to cause a denial of service condition. (CVE-2013-5908) - A flaw exists within the Apache 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. An unauthenticated, remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause the service to stop responding. (CVE-2013-6438) - A flaw exists within the Apache 'mod_log_config' module that is caused when logging a cookie that has an unassigned value. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the service to crash. (CVE-2014-0098) - A flaw exists, related to pixel manipulation, in the 2D component in the Oracle Java runtime that allows an unauthenticated, remote attacker to impact availability, confidentiality, and integrity. (CVE-2014-0429) - A flaw exists, related to PKCS#1 unpadding, in the Security component in the Oracle Java runtime that allows an unauthenticated, remote attacker to gain knowledge of timing information, which is intended to be protected by encryption. (CVE-2014-0453) - A race condition exists, related to array copying, in the Hotspot component in the Oracle Java runtime that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2014-0456) - A flaw exists in the JNDI component in the Oracle Java runtime due to missing randomization of query IDs. An unauthenticated, remote attacker can exploit this to conduct spoofing attacks. (CVE-2014-0460) - A flaw exists in the Mozilla Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. (CVE-2014-1568) - An unspecified flaw exists in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allows a remote attacker to impact integrity. (CVE-2014-6478) - Multiple unspecified flaws exist in the MySQL Server component related to the SERVER:SSL:yaSSL subcomponent that allow a remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6491, CVE-2014-6500) - Multiple unspecified flaws exist in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allow a remote attacker to cause a denial of service condition. (CVE-2014-6494, CVE-2014-6495, CVE-2014-6496) - An unspecified flaw exists in the MySQL Server component related to the C API SSL Certificate Handling subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2014-6559) - An unspecified flaw exists in the MySQL Server component related to the Server:Compiling subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-0501) - An XML external entity (XXE) injection vulnerability exists in OpenNMS due to the Castor component accepting XML external entities from exception messages. An unauthenticated, remote attacker can exploit this, via specially crafted XML data in a RTC post, to access local files. (CVE-2015-0975) - An unspecified flaw exists in the MySQL Server component related to the Server:Security:Privileges subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2620) - A heap buffer overflow condition exists in QEMU in the pcnet_transmit() function within file hw/net/pcnet.c due to improper validation of user-supplied input when handling multi-TMD packets with a length above 4096 bytes. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to gain elevated privileges from guest to host. (CVE-2015-3209) - Multiple cross-site scripting (XSS), SQL injection, and command injection vulnerabilities exist in Junos Space that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-7753)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 91778
    published 2016-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91778
    title Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1859.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79302
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79302
    title RHEL 5 : mysql55-mysql (RHSA-2014:1859)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-091.NASL
    description This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82344
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82344
    title Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16003.NASL
    description This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540- changelog and also couple of security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 79905
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79905
    title Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-210.NASL
    description Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (CVE-2014-6464). Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469). Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (CVE-2014-6507). Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (CVE-2014-6555). Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (CVE-2014-6559). The updated packages have been upgraded to the 5.5.40 version which is not vulnerable to these issues. Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from the source tarball and only builds with jemalloc if a system copy of the jemalloc library is detecting during the build. This update provides the jemalloc library packages to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78718
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78718
    title Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141117_MYSQL55_MYSQL_ON_SL5_X.NASL
    description This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 79305
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79305
    title Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1859.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79299
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79299
    title CentOS 5 : mysql55-mysql (CESA-2014:1859)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1861.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79300
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79300
    title CentOS 7 : mariadb (CESA-2014:1861)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2384-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 78505
    published 2014-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78505
    title Ubuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2384-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQL55CLIENT18-150302.NASL
    description The MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 42.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 41.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779)
    last seen 2019-02-21
    modified 2015-04-18
    plugin id 82428
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82428
    title SuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1859.NASL
    description From Red Hat Security Advisory 2014:1859 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79369
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79369
    title Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1861.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79303
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79303
    title RHEL 7 : mariadb (RHSA-2014:1861)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1861.NASL
    description From Red Hat Security Advisory 2014:1861 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79370
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79370
    title Oracle Linux 7 : mariadb (ELSA-2014-1861)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141117_MARIADB_ON_SL7_X.NASL
    description This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 79304
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79304
    title Scientific Linux Security Update : mariadb on SL7.x x86_64
redhat via4
advisories
  • bugzilla
    id 1153496
    title CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment mysql55-mysql is earlier than 0:5.5.40-2.el5
          oval oval:com.redhat.rhsa:tst:20141859002
        • comment mysql55-mysql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186003
      • AND
        • comment mysql55-mysql-bench is earlier than 0:5.5.40-2.el5
          oval oval:com.redhat.rhsa:tst:20141859010
        • comment mysql55-mysql-bench is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186009
      • AND
        • comment mysql55-mysql-devel is earlier than 0:5.5.40-2.el5
          oval oval:com.redhat.rhsa:tst:20141859012
        • comment mysql55-mysql-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186011
      • AND
        • comment mysql55-mysql-libs is earlier than 0:5.5.40-2.el5
          oval oval:com.redhat.rhsa:tst:20141859006
        • comment mysql55-mysql-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186005
      • AND
        • comment mysql55-mysql-server is earlier than 0:5.5.40-2.el5
          oval oval:com.redhat.rhsa:tst:20141859004
        • comment mysql55-mysql-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186007
      • AND
        • comment mysql55-mysql-test is earlier than 0:5.5.40-2.el5
          oval oval:com.redhat.rhsa:tst:20141859008
        • comment mysql55-mysql-test is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20140186013
    rhsa
    id RHSA-2014:1859
    released 2014-11-17
    severity Important
    title RHSA-2014:1859: mysql55-mysql security update (Important)
  • bugzilla
    id 1153496
    title CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment mariadb is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861005
        • comment mariadb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702006
      • AND
        • comment mariadb-bench is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861019
        • comment mariadb-bench is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702012
      • AND
        • comment mariadb-devel is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861015
        • comment mariadb-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702018
      • AND
        • comment mariadb-embedded is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861007
        • comment mariadb-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702014
      • AND
        • comment mariadb-embedded-devel is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861009
        • comment mariadb-embedded-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702010
      • AND
        • comment mariadb-libs is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861013
        • comment mariadb-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702008
      • AND
        • comment mariadb-server is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861011
        • comment mariadb-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702020
      • AND
        • comment mariadb-test is earlier than 1:5.5.40-1.el7_0
          oval oval:com.redhat.rhsa:tst:20141861017
        • comment mariadb-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702016
    rhsa
    id RHSA-2014:1861
    released 2014-11-17
    severity Important
    title RHSA-2014:1861: mariadb security update (Important)
rpms
  • mysql55-mysql-0:5.5.40-2.el5
  • mysql55-mysql-bench-0:5.5.40-2.el5
  • mysql55-mysql-devel-0:5.5.40-2.el5
  • mysql55-mysql-libs-0:5.5.40-2.el5
  • mysql55-mysql-server-0:5.5.40-2.el5
  • mysql55-mysql-test-0:5.5.40-2.el5
  • mariadb-1:5.5.40-1.el7_0
  • mariadb-bench-1:5.5.40-1.el7_0
  • mariadb-devel-1:5.5.40-1.el7_0
  • mariadb-embedded-1:5.5.40-1.el7_0
  • mariadb-embedded-devel-1:5.5.40-1.el7_0
  • mariadb-libs-1:5.5.40-1.el7_0
  • mariadb-server-1:5.5.40-1.el7_0
  • mariadb-test-1:5.5.40-1.el7_0
refmap via4
bid 70487
confirm
gentoo GLSA-201411-02
secunia
  • 61579
  • 62073
suse SUSE-SU-2015:0743
Last major update 02-01-2017 - 21:59
Published 15-10-2014 - 18:55
Last modified 18-12-2018 - 11:05
Back to Top