ID CVE-2015-0432
Summary Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
References
Vulnerable Configurations
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • Novell SUSE Linux Enterprise Desktop 11.0 Service Pack 3
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Oracle MySQL 5.5.40
    cpe:2.3:a:oracle:mysql:5.5.40
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
CVSS
Base: 4.0 (as of 20-10-2016 - 12:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150203_MARIADB_ON_SL7_X.NASL
    description This update fixes several vulnerabilities in the MariaDB database server.(CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2017-10-29
    modified 2015-04-18
    plugin id 81160
    published 2015-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81160
    title Scientific Linux Security Update : mariadb on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-1162.NASL
    description Update to MySQL 5.5.41, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html. This update also fixes security issues CVE-2015-0411, CVE-2015-0382, CVE-2015-0381, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-19
    plugin id 81349
    published 2015-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81349
    title Fedora 20 : community-mysql-5.5.41-1.fc20 (2015-1162)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQL55CLIENT18-150302.NASL
    description The MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 42.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 41.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779)
    last seen 2017-10-29
    modified 2015-04-18
    plugin id 82428
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82428
    title SuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3135.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5 -41.html - http://www.oracle.com/technetwork/topics/security/cpujan 2015-1972971.html
    last seen 2017-10-29
    modified 2015-04-18
    plugin id 80970
    published 2015-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80970
    title Debian DSA-3135-1 : mysql-5.5 - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-479.NASL
    description MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 84658
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84658
    title openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150817_MYSQL55_MYSQL_ON_SL5_X.NASL
    description This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2017-10-29
    modified 2015-10-24
    plugin id 85499
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85499
    title Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0118.NASL
    description From Red Hat Security Advisory 2015:0118 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2018-07-21
    modified 2018-07-18
    plugin id 81157
    published 2015-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81157
    title Oracle Linux 7 : mariadb (ELSA-2015-0118)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0118.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2018-07-03
    modified 2018-07-02
    plugin id 81188
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81188
    title CentOS 7 : mariadb (CESA-2015:0118)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0118.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 81159
    published 2015-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81159
    title RHEL 7 : mariadb (RHSA-2015:0118)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1628.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 85443
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85443
    title RHEL 5 : mysql55-mysql (RHSA-2015:1628)
  • NASL family Databases
    NASL id MYSQL_5_6_22.NASL
    description The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.41 or 5.6.x prior to 5.6.22. It is, therefore, affected by vulnerabilities in the following components : - Server : DDL - Server : InnoDB : DDL : Foreign Key - Server : InnoDB : DML - Server : Optimizer - Server : Pluggable Auth - Server : Replication - Server : Security : Encryption - Server : Security : Privileges : Foreign Key
    last seen 2018-07-18
    modified 2018-07-16
    plugin id 80886
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80886
    title MySQL 5.5.x < 5.5.41 / 5.6.x < 5.6.22 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1628.NASL
    description From Red Hat Security Advisory 2015:1628 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2018-07-21
    modified 2018-07-18
    plugin id 85488
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85488
    title Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2480-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-05
    modified 2018-08-03
    plugin id 80943
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80943
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2480-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-091.NASL
    description This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen 2018-08-02
    modified 2018-07-19
    plugin id 82344
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82344
    title Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-05 (MySQL and MariaDB: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit vulnerabilities to possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-07-05
    plugin id 82735
    published 2015-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82735
    title GLSA-201504-05 : MySQL and MariaDB: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0743-1.NASL
    description mariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption (bnc#915911). - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381 (bnc#915911). - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382 (bnc#915911). - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911). - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DML (bnc#915911). - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key (bnc#915911). - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500 (bnc#915912). - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491 (bnc#915912). - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912). - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (bnc#915912). - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496 (bnc#915912). - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494 (bnc#915912). - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (bnc#915912). - CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (bnc#873351). - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly validate fragment lengths in DTLS ClientHello messages, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (bnc#880891). - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not properly manage a buffer pointer during certain recursive calls, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (bnc#876282). - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (bnc#915913). - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly restrict processing of ChangeCipherSpec messages, which allowed man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability (bnc#915913). - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (bnc#915913). - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED (bnc#915913). - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allowed remote authenticated users to affect integrity and availability via vectors related to SERVER:SP (bnc#915913). - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913). - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allowed remote attackers to enumerate valid usernames (bnc#915913). - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM (bnc#896400). - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS (bnc#915913). - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (bnc#915913). - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913). - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect availability via vectors related to SERVER:DML (bnc#915913). - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL (bnc#915913). - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE (bnc#915913). - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:DDL (bnc#915913). - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP (bnc#915913). - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allowed local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913). - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allowed remote authenticated users to affect availability via vectors related to DDL (bnc#915913). - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC (bnc#915914). - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed remote authenticated users to affect integrity and availability via vectors related to SRCHAR (bnc#915914). - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to affect availability via vectors related to ENARC (bnc#915914). - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to affect availability via vectors related to SROPTZR (bnc#915914). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-01
    modified 2018-07-31
    plugin id 83716
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83716
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1628.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2018-07-03
    modified 2018-07-02
    plugin id 85460
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85460
    title CentOS 5 : mysql55-mysql (CESA-2015:1628)
redhat via4
advisories
  • bugzilla
    id 1184561
    title CVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment mariadb is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118005
        • comment mariadb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702006
      • AND
        • comment mariadb-bench is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118015
        • comment mariadb-bench is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702012
      • AND
        • comment mariadb-devel is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118019
        • comment mariadb-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702018
      • AND
        • comment mariadb-embedded is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118013
        • comment mariadb-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702014
      • AND
        • comment mariadb-embedded-devel is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118007
        • comment mariadb-embedded-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702010
      • AND
        • comment mariadb-libs is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118011
        • comment mariadb-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702008
      • AND
        • comment mariadb-server is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118017
        • comment mariadb-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702020
      • AND
        • comment mariadb-test is earlier than 1:5.5.41-2.el7_0
          oval oval:com.redhat.rhsa:tst:20150118009
        • comment mariadb-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140702016
    rhsa
    id RHSA-2015:0118
    released 2015-02-03
    severity Moderate
    title RHSA-2015:0118: mariadb security update (Moderate)
  • rhsa
    id RHSA-2015:0116
  • rhsa
    id RHSA-2015:0117
  • rhsa
    id RHSA-2015:1628
rpms
  • mariadb-1:5.5.41-2.el7_0
  • mariadb-bench-1:5.5.41-2.el7_0
  • mariadb-devel-1:5.5.41-2.el7_0
  • mariadb-embedded-1:5.5.41-2.el7_0
  • mariadb-embedded-devel-1:5.5.41-2.el7_0
  • mariadb-libs-1:5.5.41-2.el7_0
  • mariadb-server-1:5.5.41-2.el7_0
  • mariadb-test-1:5.5.41-2.el7_0
  • mysql55-mysql-0:5.5.45-1.el5
  • mysql55-mysql-bench-0:5.5.45-1.el5
  • mysql55-mysql-devel-0:5.5.45-1.el5
  • mysql55-mysql-libs-0:5.5.45-1.el5
  • mysql55-mysql-server-0:5.5.45-1.el5
  • mysql55-mysql-test-0:5.5.45-1.el5
refmap via4
bid 72217
confirm
debian DSA-3135
fedora FEDORA-2015-1162
gentoo GLSA-201504-05
sectrack 1031581
secunia
  • 62728
  • 62730
  • 62732
suse SUSE-SU-2015:0743
ubuntu USN-2480-1
xf oracle-cpujan2015-cve20150432(100187)
Last major update 02-01-2017 - 21:59
Published 21-01-2015 - 14:59
Last modified 07-09-2017 - 21:29
Back to Top