ID CVE-2015-2573
Summary Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
References
Vulnerable Configurations
  • cpe:2.3:o:novell:suse_linux:11.0:sp3:-:-:desktop
    cpe:2.3:o:novell:suse_linux:11.0:sp3:-:-:desktop
  • cpe:2.3:o:novell:suse_linux:11.0:sp3:-:-:server
    cpe:2.3:o:novell:suse_linux:11.0:sp3:-:-:server
  • cpe:2.3:o:novell:suse_linux_for_vmware:11.0:sp3:-:-:server
    cpe:2.3:o:novell:suse_linux_for_vmware:11.0:sp3:-:-:server
  • cpe:2.3:o:novell:suse_linux_sdk:11.0:sp3
    cpe:2.3:o:novell:suse_linux_sdk:11.0:sp3
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • Oracle MySQL 5.5.0
    cpe:2.3:a:oracle:mysql:5.5.0
  • Oracle MySQL 5.5.1
    cpe:2.3:a:oracle:mysql:5.5.1
  • Oracle MySQL 5.5.2
    cpe:2.3:a:oracle:mysql:5.5.2
  • Oracle MySQL 5.5.3
    cpe:2.3:a:oracle:mysql:5.5.3
  • Oracle MySQL 5.5.4
    cpe:2.3:a:oracle:mysql:5.5.4
  • Oracle MySQL 5.5.5
    cpe:2.3:a:oracle:mysql:5.5.5
  • Oracle MySQL 5.5.6
    cpe:2.3:a:oracle:mysql:5.5.6
  • Oracle MySQL 5.5.7
    cpe:2.3:a:oracle:mysql:5.5.7
  • Oracle MySQL 5.5.8
    cpe:2.3:a:oracle:mysql:5.5.8
  • Oracle MySQL 5.5.9
    cpe:2.3:a:oracle:mysql:5.5.9
  • Oracle MySQL 5.5.10
    cpe:2.3:a:oracle:mysql:5.5.10
  • Oracle MySQL 5.5.11
    cpe:2.3:a:oracle:mysql:5.5.11
  • Oracle MySQL 5.5.12
    cpe:2.3:a:oracle:mysql:5.5.12
  • Oracle MySQL 5.5.13
    cpe:2.3:a:oracle:mysql:5.5.13
  • Oracle MySQL 5.5.14
    cpe:2.3:a:oracle:mysql:5.5.14
  • Oracle MySQL 5.5.15
    cpe:2.3:a:oracle:mysql:5.5.15
  • Oracle MySQL 5.5.16
    cpe:2.3:a:oracle:mysql:5.5.16
  • Oracle MySQL 5.5.17
    cpe:2.3:a:oracle:mysql:5.5.17
  • Oracle MySQL 5.5.18
    cpe:2.3:a:oracle:mysql:5.5.18
  • Oracle MySQL 5.5.19
    cpe:2.3:a:oracle:mysql:5.5.19
  • Oracle MySQL 5.5.20
    cpe:2.3:a:oracle:mysql:5.5.20
  • Oracle MySQL 5.5.21
    cpe:2.3:a:oracle:mysql:5.5.21
  • Oracle MySQL 5.5.22
    cpe:2.3:a:oracle:mysql:5.5.22
  • Oracle MySQL 5.5.23
    cpe:2.3:a:oracle:mysql:5.5.23
  • Oracle MySQL 5.5.24
    cpe:2.3:a:oracle:mysql:5.5.24
  • Oracle MySQL 5.5.25
    cpe:2.3:a:oracle:mysql:5.5.25
  • Oracle MySQL 5.5.25a
    cpe:2.3:a:oracle:mysql:5.5.25:a
  • Oracle MySQL 5.5.26
    cpe:2.3:a:oracle:mysql:5.5.26
  • Oracle MySQL 5.5.27
    cpe:2.3:a:oracle:mysql:5.5.27
  • Oracle MySQL 5.5.28
    cpe:2.3:a:oracle:mysql:5.5.28
  • Oracle MySQL 5.5.29
    cpe:2.3:a:oracle:mysql:5.5.29
  • Oracle MySQL 5.5.30
    cpe:2.3:a:oracle:mysql:5.5.30
  • Oracle MySQL 5.5.31
    cpe:2.3:a:oracle:mysql:5.5.31
  • Oracle MySQL 5.5.32
    cpe:2.3:a:oracle:mysql:5.5.32
  • Oracle MySQL 5.5.33
    cpe:2.3:a:oracle:mysql:5.5.33
  • Oracle MySQL 5.5.34
    cpe:2.3:a:oracle:mysql:5.5.34
  • Oracle MySQL 5.5.35
    cpe:2.3:a:oracle:mysql:5.5.35
  • Oracle MySQL 5.5.36
    cpe:2.3:a:oracle:mysql:5.5.36
  • Oracle MySQL 5.5.37
    cpe:2.3:a:oracle:mysql:5.5.37
  • Oracle MySQL 5.5.38
    cpe:2.3:a:oracle:mysql:5.5.38
  • Oracle MySQL 5.5.39
    cpe:2.3:a:oracle:mysql:5.5.39
  • Oracle MySQL 5.5.40
    cpe:2.3:a:oracle:mysql:5.5.40
  • Oracle MySQL 5.5.41
    cpe:2.3:a:oracle:mysql:5.5.41
  • Oracle MySQL 5.6.0
    cpe:2.3:a:oracle:mysql:5.6.0
  • Oracle MySQL 5.6.1
    cpe:2.3:a:oracle:mysql:5.6.1
  • Oracle MySQL 5.6.2
    cpe:2.3:a:oracle:mysql:5.6.2
  • Oracle MySQL 5.6.3
    cpe:2.3:a:oracle:mysql:5.6.3
  • Oracle MySQL 5.6.4
    cpe:2.3:a:oracle:mysql:5.6.4
  • Oracle MySQL 5.6.5
    cpe:2.3:a:oracle:mysql:5.6.5
  • Oracle MySQL 5.6.6
    cpe:2.3:a:oracle:mysql:5.6.6
  • Oracle MySQL 5.6.7
    cpe:2.3:a:oracle:mysql:5.6.7
  • Oracle MySQL 5.6.8
    cpe:2.3:a:oracle:mysql:5.6.8
  • Oracle MySQL 5.6.9
    cpe:2.3:a:oracle:mysql:5.6.9
  • Oracle MySQL 5.6.10
    cpe:2.3:a:oracle:mysql:5.6.10
  • Oracle MySQL 5.6.11
    cpe:2.3:a:oracle:mysql:5.6.11
  • Oracle MySQL 5.6.12
    cpe:2.3:a:oracle:mysql:5.6.12
  • Oracle MySQL 5.6.13
    cpe:2.3:a:oracle:mysql:5.6.13
  • Oracle MySQL 5.6.14
    cpe:2.3:a:oracle:mysql:5.6.14
  • Oracle MySQL 5.6.15
    cpe:2.3:a:oracle:mysql:5.6.15
  • Oracle MySQL 5.6.16
    cpe:2.3:a:oracle:mysql:5.6.16
  • Oracle MySQL 5.6.17
    cpe:2.3:a:oracle:mysql:5.6.17
  • Oracle MySQL 5.6.18
    cpe:2.3:a:oracle:mysql:5.6.18
  • Oracle MySQL 5.6.19
    cpe:2.3:a:oracle:mysql:5.6.19
  • Oracle MySQL 5.6.20
    cpe:2.3:a:oracle:mysql:5.6.20
  • Oracle MySQL 5.6.21
    cpe:2.3:a:oracle:mysql:5.6.21
  • Oracle MySQL 5.6.22
    cpe:2.3:a:oracle:mysql:5.6.22
CVSS
Base: 4.0 (as of 03-01-2017 - 11:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-479.NASL
    description MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 84658
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84658
    title openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0946-1.NASL
    description MySQL was updated to version 5.5.43 to fix several security and non security issues : CVEs fixed: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498, CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508, CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2576. Fix integer overflow in regcomp (Henry Spencer's regex library) for excessively long pattern strings. (bnc#922043, CVE-2015-2305) For a comprehensive list of changes, refer to http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83860
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83860
    title SUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK)
  • NASL family Databases
    NASL id MARIADB_5_5_42.NASL
    description The version of MariaDB running of remote host is 5.5.0 prior to 5.5.42. It is, therefore, affected by multiple vulnerabilities
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 121190
    published 2019-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121190
    title MariaDB 5.5.0 < 5.5.42 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_6_23.NASL
    description The version of MySQL running on the remote host is version 5.5.x prior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569) - Additionally, there are unspecified flaws in the following MySQL subcomponents that allow a denial of service by an authenticated, remote attacker : - XA (CVE-2015-0405) - Optimizer (CVE-2015-0423) - InnoDB : DML (CVE-2015-0433) - Partition (CVE-2015-0438) - InnoDB (CVE-2015-0439) - Security : Encryption (CVE-2015-0441) - DML (CVE-2015-2566) - Security : Privileges (CVE-2015-2568) - DDL (CVE-2015-2573)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82799
    published 2015-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82799
    title MySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2575-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 82993
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82993
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2575-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1273-1.NASL
    description This update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84913
    published 2015-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84913
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-132-02.NASL
    description New mysql packages are available for Slackware 14.0 to fix security issues.
    last seen 2019-02-21
    modified 2015-07-19
    plugin id 83372
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83372
    title Slackware 14.0 : mysql (SSA:2015-132-02)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1665.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85635
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85635
    title CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1628.NASL
    description From Red Hat Security Advisory 2015:1628 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85488
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85488
    title Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3229.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5 -42.html - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5 -43.html - http://www.oracle.com/technetwork/topics/security/cpuapr 2015-2365600.html
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 82865
    published 2015-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82865
    title Debian DSA-3229-1 : mysql-5.5 - security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150817_MYSQL55_MYSQL_ON_SL5_X.NASL
    description This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85499
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85499
    title Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1628.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85443
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85443
    title RHEL 5 : mysql55-mysql (RHSA-2015:1628)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150824_MARIADB_ON_SL7_X.NASL
    description It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85622
    published 2015-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85622
    title Scientific Linux Security Update : mariadb on SL7.x x86_64 (BACKRONYM)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1665.NASL
    description From Red Hat Security Advisory 2015:1665 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85612
    published 2015-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85612
    title Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3311.NASL
    description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10017-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10018-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10019-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10020-release- notes/
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 84839
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84839
    title Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1628.NASL
    description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85460
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85460
    title CentOS 5 : mysql55-mysql (CESA-2015:1628)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-132-01.NASL
    description New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2019-02-21
    modified 2015-07-19
    plugin id 83371
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83371
    title Slackware 14.1 / current : mariadb (SSA:2015-132-01)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201507-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201507-19 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-09-23
    plugin id 86088
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86088
    title GLSA-201507-19 : MySQL: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1665.NASL
    description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 85616
    published 2015-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85616
    title RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)
redhat via4
advisories
  • rhsa
    id RHSA-2015:1628
  • rhsa
    id RHSA-2015:1629
  • rhsa
    id RHSA-2015:1647
  • rhsa
    id RHSA-2015:1665
rpms
  • mysql55-mysql-0:5.5.45-1.el5
  • mysql55-mysql-bench-0:5.5.45-1.el5
  • mysql55-mysql-devel-0:5.5.45-1.el5
  • mysql55-mysql-libs-0:5.5.45-1.el5
  • mysql55-mysql-server-0:5.5.45-1.el5
  • mysql55-mysql-test-0:5.5.45-1.el5
  • mariadb-1:5.5.44-1.el7_1
  • mariadb-bench-1:5.5.44-1.el7_1
  • mariadb-devel-1:5.5.44-1.el7_1
  • mariadb-embedded-1:5.5.44-1.el7_1
  • mariadb-embedded-devel-1:5.5.44-1.el7_1
  • mariadb-libs-1:5.5.44-1.el7_1
  • mariadb-server-1:5.5.44-1.el7_1
  • mariadb-test-1:5.5.44-1.el7_1
refmap via4
bid 74078
confirm
debian
  • DSA-3229
  • DSA-3311
gentoo GLSA-201507-19
sectrack 1032121
suse SUSE-SU-2015:0946
ubuntu USN-2575-1
Last major update 02-01-2017 - 21:59
Published 16-04-2015 - 13:00
Last modified 05-02-2019 - 12:49
Back to Top