ID CVE-2018-2622
Summary Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
Vulnerable Configurations
  • Oracle MySQL 5.5.0
    cpe:2.3:a:oracle:mysql:5.5.0
  • Oracle MySQL 5.5.1
    cpe:2.3:a:oracle:mysql:5.5.1
  • Oracle MySQL 5.5.2
    cpe:2.3:a:oracle:mysql:5.5.2
  • Oracle MySQL 5.5.3
    cpe:2.3:a:oracle:mysql:5.5.3
  • Oracle MySQL 5.5.4
    cpe:2.3:a:oracle:mysql:5.5.4
  • Oracle MySQL 5.5.5
    cpe:2.3:a:oracle:mysql:5.5.5
  • Oracle MySQL 5.5.6
    cpe:2.3:a:oracle:mysql:5.5.6
  • Oracle MySQL 5.5.7
    cpe:2.3:a:oracle:mysql:5.5.7
  • Oracle MySQL 5.5.8
    cpe:2.3:a:oracle:mysql:5.5.8
  • Oracle MySQL 5.5.9
    cpe:2.3:a:oracle:mysql:5.5.9
  • Oracle MySQL 5.5.10
    cpe:2.3:a:oracle:mysql:5.5.10
  • Oracle MySQL 5.5.11
    cpe:2.3:a:oracle:mysql:5.5.11
  • Oracle MySQL 5.5.12
    cpe:2.3:a:oracle:mysql:5.5.12
  • Oracle MySQL 5.5.13
    cpe:2.3:a:oracle:mysql:5.5.13
  • Oracle MySQL 5.5.14
    cpe:2.3:a:oracle:mysql:5.5.14
  • Oracle MySQL 5.5.15
    cpe:2.3:a:oracle:mysql:5.5.15
  • Oracle MySQL 5.5.16
    cpe:2.3:a:oracle:mysql:5.5.16
  • Oracle MySQL 5.5.17
    cpe:2.3:a:oracle:mysql:5.5.17
  • Oracle MySQL 5.5.18
    cpe:2.3:a:oracle:mysql:5.5.18
  • Oracle MySQL 5.5.19
    cpe:2.3:a:oracle:mysql:5.5.19
  • Oracle MySQL 5.5.20
    cpe:2.3:a:oracle:mysql:5.5.20
  • Oracle MySQL 5.5.21
    cpe:2.3:a:oracle:mysql:5.5.21
  • Oracle MySQL 5.5.22
    cpe:2.3:a:oracle:mysql:5.5.22
  • Oracle MySQL 5.5.23
    cpe:2.3:a:oracle:mysql:5.5.23
  • Oracle MySQL 5.5.24
    cpe:2.3:a:oracle:mysql:5.5.24
  • Oracle MySQL 5.5.25
    cpe:2.3:a:oracle:mysql:5.5.25
  • Oracle MySQL 5.5.25a
    cpe:2.3:a:oracle:mysql:5.5.25:a
  • Oracle MySQL 5.5.26
    cpe:2.3:a:oracle:mysql:5.5.26
  • Oracle MySQL 5.5.27
    cpe:2.3:a:oracle:mysql:5.5.27
  • Oracle MySQL 5.5.28
    cpe:2.3:a:oracle:mysql:5.5.28
  • Oracle MySQL 5.5.29
    cpe:2.3:a:oracle:mysql:5.5.29
  • Oracle MySQL 5.5.30
    cpe:2.3:a:oracle:mysql:5.5.30
  • Oracle MySQL 5.5.31
    cpe:2.3:a:oracle:mysql:5.5.31
  • Oracle MySQL 5.5.32
    cpe:2.3:a:oracle:mysql:5.5.32
  • Oracle MySQL 5.5.33
    cpe:2.3:a:oracle:mysql:5.5.33
  • Oracle MySQL 5.5.34
    cpe:2.3:a:oracle:mysql:5.5.34
  • Oracle MySQL 5.5.35
    cpe:2.3:a:oracle:mysql:5.5.35
  • Oracle MySQL 5.5.36
    cpe:2.3:a:oracle:mysql:5.5.36
  • Oracle MySQL 5.5.37
    cpe:2.3:a:oracle:mysql:5.5.37
  • Oracle MySQL 5.5.38
    cpe:2.3:a:oracle:mysql:5.5.38
  • Oracle MySQL 5.5.39
    cpe:2.3:a:oracle:mysql:5.5.39
  • Oracle MySQL 5.5.40
    cpe:2.3:a:oracle:mysql:5.5.40
  • Oracle MySQL 5.5.41
    cpe:2.3:a:oracle:mysql:5.5.41
  • Oracle MySQL 5.5.42
    cpe:2.3:a:oracle:mysql:5.5.42
  • Oracle MySQL 5.5.43
    cpe:2.3:a:oracle:mysql:5.5.43
  • Oracle MySQL 5.5.44
    cpe:2.3:a:oracle:mysql:5.5.44
  • Oracle MySQL 5.5.45
    cpe:2.3:a:oracle:mysql:5.5.45
  • Oracle MySQL 5.5.46
    cpe:2.3:a:oracle:mysql:5.5.46
  • Oracle MySQL 5.5.47
    cpe:2.3:a:oracle:mysql:5.5.47
  • Oracle MySQL 5.5.48
    cpe:2.3:a:oracle:mysql:5.5.48
  • Oracle MySQL 5.5.49
    cpe:2.3:a:oracle:mysql:5.5.49
  • Oracle MySQL 5.5.50
    cpe:2.3:a:oracle:mysql:5.5.50
  • Oracle MySQL 5.5.51
    cpe:2.3:a:oracle:mysql:5.5.51
  • Oracle MySQL 5.5.52
    cpe:2.3:a:oracle:mysql:5.5.52
  • Oracle MySQL 5.5.53
    cpe:2.3:a:oracle:mysql:5.5.53
  • Oracle MySQL 5.5.54
    cpe:2.3:a:oracle:mysql:5.5.54
  • Oracle MySQL 5.5.55
    cpe:2.3:a:oracle:mysql:5.5.55
  • Oracle MySQL 5.5.56
    cpe:2.3:a:oracle:mysql:5.5.56
  • Oracle MySQL 5.5.57
    cpe:2.3:a:oracle:mysql:5.5.57
  • Oracle MySQL 5.5.58
    cpe:2.3:a:oracle:mysql:5.5.58
  • Oracle MySQL 5.6.0
    cpe:2.3:a:oracle:mysql:5.6.0
  • Oracle MySQL 5.6.1
    cpe:2.3:a:oracle:mysql:5.6.1
  • Oracle MySQL 5.6.2
    cpe:2.3:a:oracle:mysql:5.6.2
  • Oracle MySQL 5.6.3
    cpe:2.3:a:oracle:mysql:5.6.3
  • Oracle MySQL 5.6.4
    cpe:2.3:a:oracle:mysql:5.6.4
  • Oracle MySQL 5.6.5
    cpe:2.3:a:oracle:mysql:5.6.5
  • Oracle MySQL 5.6.6
    cpe:2.3:a:oracle:mysql:5.6.6
  • Oracle MySQL 5.6.7
    cpe:2.3:a:oracle:mysql:5.6.7
  • Oracle MySQL 5.6.8
    cpe:2.3:a:oracle:mysql:5.6.8
  • Oracle MySQL 5.6.9
    cpe:2.3:a:oracle:mysql:5.6.9
  • Oracle MySQL 5.6.10
    cpe:2.3:a:oracle:mysql:5.6.10
  • Oracle MySQL 5.6.11
    cpe:2.3:a:oracle:mysql:5.6.11
  • Oracle MySQL 5.6.12
    cpe:2.3:a:oracle:mysql:5.6.12
  • Oracle MySQL 5.6.13
    cpe:2.3:a:oracle:mysql:5.6.13
  • Oracle MySQL 5.6.14
    cpe:2.3:a:oracle:mysql:5.6.14
  • Oracle MySQL 5.6.15
    cpe:2.3:a:oracle:mysql:5.6.15
  • Oracle MySQL 5.6.16
    cpe:2.3:a:oracle:mysql:5.6.16
  • Oracle MySQL 5.6.17
    cpe:2.3:a:oracle:mysql:5.6.17
  • Oracle MySQL 5.6.18
    cpe:2.3:a:oracle:mysql:5.6.18
  • Oracle MySQL 5.6.19
    cpe:2.3:a:oracle:mysql:5.6.19
  • Oracle MySQL 5.6.20
    cpe:2.3:a:oracle:mysql:5.6.20
  • Oracle MySQL 5.6.21
    cpe:2.3:a:oracle:mysql:5.6.21
  • Oracle MySQL 5.6.22
    cpe:2.3:a:oracle:mysql:5.6.22
  • Oracle MySQL 5.6.23
    cpe:2.3:a:oracle:mysql:5.6.23
  • Oracle MySQL 5.6.24
    cpe:2.3:a:oracle:mysql:5.6.24
  • Oracle MySQL 5.6.25
    cpe:2.3:a:oracle:mysql:5.6.25
  • Oracle MySQL 5.6.26
    cpe:2.3:a:oracle:mysql:5.6.26
  • Oracle MySQL 5.6.27
    cpe:2.3:a:oracle:mysql:5.6.27
  • Oracle MySQL 5.6.28
    cpe:2.3:a:oracle:mysql:5.6.28
  • Oracle MySQL 5.6.29
    cpe:2.3:a:oracle:mysql:5.6.29
  • Oracle MySQL 5.6.30
    cpe:2.3:a:oracle:mysql:5.6.30
  • Oracle MySQL 5.6.31
    cpe:2.3:a:oracle:mysql:5.6.31
  • Oracle MySQL 5.6.32
    cpe:2.3:a:oracle:mysql:5.6.32
  • Oracle MySQL 5.6.33
    cpe:2.3:a:oracle:mysql:5.6.33
  • Oracle MySQL 5.6.34
    cpe:2.3:a:oracle:mysql:5.6.34
  • Oracle MySQL 5.6.35
    cpe:2.3:a:oracle:mysql:5.6.35
  • Oracle MySQL 5.6.36
    cpe:2.3:a:oracle:mysql:5.6.36
  • Oracle MySQL 5.6.37
    cpe:2.3:a:oracle:mysql:5.6.37
  • Oracle MySQL 5.6.38
    cpe:2.3:a:oracle:mysql:5.6.38
  • Oracle MySQL 5.7.0
    cpe:2.3:a:oracle:mysql:5.7.0
  • Oracle MySQL 5.7.1
    cpe:2.3:a:oracle:mysql:5.7.1
  • Oracle MySQL 5.7.2
    cpe:2.3:a:oracle:mysql:5.7.2
  • Oracle MySQL 5.7.3
    cpe:2.3:a:oracle:mysql:5.7.3
  • Oracle MySQL 5.7.4
    cpe:2.3:a:oracle:mysql:5.7.4
  • Oracle MySQL 5.7.5
    cpe:2.3:a:oracle:mysql:5.7.5
  • Oracle MySQL 5.7.6
    cpe:2.3:a:oracle:mysql:5.7.6
  • Oracle MySQL 5.7.7
    cpe:2.3:a:oracle:mysql:5.7.7
  • Oracle MySQL 5.7.8
    cpe:2.3:a:oracle:mysql:5.7.8
  • Oracle MySQL 5.7.9
    cpe:2.3:a:oracle:mysql:5.7.9
  • Oracle MySQL 5.7.10
    cpe:2.3:a:oracle:mysql:5.7.10
  • Oracle MySQL 5.7.11
    cpe:2.3:a:oracle:mysql:5.7.11
  • Oracle MySQL 5.7.12
    cpe:2.3:a:oracle:mysql:5.7.12
  • Oracle MySQL 5.7.13
    cpe:2.3:a:oracle:mysql:5.7.13
  • Oracle MySQL 5.7.14
    cpe:2.3:a:oracle:mysql:5.7.14
  • Oracle MySQL 5.7.15
    cpe:2.3:a:oracle:mysql:5.7.15
  • Oracle MySQL 5.7.16
    cpe:2.3:a:oracle:mysql:5.7.16
  • Oracle MySQL 5.7.17
    cpe:2.3:a:oracle:mysql:5.7.17
  • Oracle MySQL 5.7.18
    cpe:2.3:a:oracle:mysql:5.7.18
  • Oracle MySQL 5.7.19
    cpe:2.3:a:oracle:mysql:5.7.19
  • Oracle MySQL 5.7.20
    cpe:2.3:a:oracle:mysql:5.7.20
CVSS
Base: 6.8
Impact:
Exploitability:
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E3445736FD0111E7AC58B499BAEBFEAF.NASL
    description Oracle reports : Not all vulnerabilities are relevant for all flavors/versions of the servers and clients - Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. GIS: CVE-2018-2573, DDL CVE-2018-2622, Optimizer: CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, Security:Privileges: CVE-2018-2703, Partition: CVE-2018-2562. - Vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. InnoDB: CVE-2018-2565, CVE-2018-2612 DML: CVE-2018-2576, CVE-2018-2646, Stored Procedure: CVE-2018-2583, Performance Schema : CVE-2018-2590, Partition: CVE-2018-2591, Optimizer: CVE-2018-2600, CVE-2018-2667, Security:Privileges: CVE-2018-2696, Replication : CVE-2018-2647. - Vulnerability allows a low or high privileged attacker with network access via multiple protocols to compromise MySQL Server with unauthorized creation, deletion, modification or access to data/ critical data. InnoDB: CVE-2018-2612, Performance Schema : CVE-2018-2645, Replication: CVE-2018-2647, Partition: CVE-2018-2562.
    last seen 2018-09-01
    modified 2018-01-31
    plugin id 106216
    published 2018-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106216
    title FreeBSD : MySQL -- multiple vulnerabilities (e3445736-fd01-11e7-ac58-b499baebfeaf)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0126.NASL
    description An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released.
    last seen 2018-09-01
    modified 2018-08-17
    plugin id 111930
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111930
    title Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201802-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. Workaround : There are no known workarounds at this time.
    last seen 2018-09-01
    modified 2018-06-07
    plugin id 106885
    published 2018-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106885
    title GLSA-201802-04 : MySQL: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4091.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5 -59.html - http://www.oracle.com/technetwork/security-advisory/cpuj an2018-3236628.html
    last seen 2018-09-01
    modified 2018-01-29
    plugin id 106176
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106176
    title Debian DSA-4091-1 : mysql-5.5 - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0697-1.NASL
    description This update for mariadb fixes the following issues: MariaDB was updated to 10.0.34 (bsc#1078431) The following security vulnerabilities are fixed : - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. - CVE-2018-2622: Vulnerability in the MySQL Server subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2640: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2665: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2668: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2612: Vulnerability in the MySQL Server subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The MariaDB external release notes and changelog for this release : - https://kb.askmonty.org/en/mariadb-10034-release-notes - https://kb.askmonty.org/en/mariadb-10034-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 108401
    published 2018-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108401
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:0697-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3537-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-06
    plugin id 106265
    published 2018-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106265
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3537-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1407.NASL
    description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.35. Please see the MariaDB 10.0 Release Notes for further details : https://mariadb.com/kb/en/mariadb/mariadb-10033-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10034-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10035-release-notes/ For Debian 8 'Jessie', these problems have been fixed in version 10.0.35-0+deb8u1. We recommend that you upgrade your mariadb-10.0 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 110816
    published 2018-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110816
    title Debian DLA-1407-1 : mariadb-10.0 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-270.NASL
    description This update for mariadb fixes the following issues : MariaDB was updated to 10.0.34 (bsc#1078431) The following security vulnerabilities are fixed : - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. - CVE-2018-2622: Vulnerability in the MySQL Server subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2640: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2665: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2668: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2612: Vulnerability in the MySQL Server subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The MariaDB external release notes and changelog for this release : - https://kb.askmonty.org/en/mariadb-10034-release-notes - https://kb.askmonty.org/en/mariadb-10034-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2018-09-01
    modified 2018-03-19
    plugin id 108439
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108439
    title openSUSE Security Update : mariadb (openSUSE-2018-270)
  • NASL family Databases
    NASL id MYSQL_5_5_59_RPM.NASL
    description The version of MySQL running on the remote host is 5.5.x prior to 5.5.59. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-17
    plugin id 106098
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106098
    title MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1302.NASL
    description According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-28
    modified 2018-09-27
    plugin id 117745
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117745
    title EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-394BF4FB5A.NASL
    description **MySQL 5.7.21** Bugs fixed : https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html CVEs fixed : http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628 .html CVE-2018-2696 CVE-2018-2703 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2600 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2646 CVE-2018-2647 CVE-2018-2665 CVE-2018-2667 CVE-2018-2668 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-03-12
    plugin id 107281
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107281
    title Fedora 26 : community-mysql (2018-394bf4fb5a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-02C0E3725E.NASL
    description **MariaDB 10.1.32** Release notes : https://mariadb.com/kb/en/library/mariadb-10131-release-notes/ https://mariadb.com/kb/en/library/mariadb-10132-release-notes/ Bugs solved : Jemalloc issue on aarch64 (solved in jemalloc package) https://bugzilla.redhat.com/show_bug.cgi?id=1545539 CVEs fixed : CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2612 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-04-03
    plugin id 108790
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108790
    title Fedora 26 : 3:mariadb (2018-02c0e3725e)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1303.NASL
    description According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-28
    modified 2018-09-27
    plugin id 117746
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117746
    title EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-00647AE0D5.NASL
    description **MariaDB 10.2.13** Release notes : https://mariadb.com/kb/en/library/mariadb-10213-release-notes/ CVEs fixed : CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 Bugs fixed : POSTIN scriplets fix for: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a4dc47afe Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-03-14
    plugin id 108305
    published 2018-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108305
    title Fedora 27 : 3:mariadb (2018-00647ae0d5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0698-1.NASL
    description This update for mariadb to 10.0.34 fixes several issues. These security issues were fixed : - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. - CVE-2018-2622: Vulnerability in the MySQL Server subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2640: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2665: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2668: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2612: Vulnerability in the MySQL Server subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 108402
    published 2018-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108402
    title SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:0698-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-90.NASL
    description This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed : - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2696: Vulnerability in the subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2583: Vulnerability in the subcomponent: Stored Procedure. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2612: Vulnerability in the subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2703: Vulnerability in the subcomponent: Server : Security : Privileges. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2573: Vulnerability in the subcomponent: Server: GIS. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2017-3737: OpenSSL introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it did not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error - CVE-2018-2647: Vulnerability in the subcomponent: Server: Replication. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2591: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2590: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2645: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1076369). For additional details please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html
    last seen 2018-09-02
    modified 2018-01-26
    plugin id 106359
    published 2018-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106359
    title openSUSE Security Update : mysql-community-server (openSUSE-2018-90)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-032-01.NASL
    description New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
    last seen 2018-09-01
    modified 2018-02-02
    plugin id 106564
    published 2018-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106564
    title Slackware 14.1 / 14.2 : mariadb (SSA:2018-032-01)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2439.NASL
    description From Red Hat Security Advisory 2018:2439 : An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111800
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111800
    title Oracle Linux 7 : mariadb (ELSA-2018-2439)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1250.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628 .html For Debian 7 'Wheezy', these problems have been fixed in version 5.5.59-0+deb7u1. We recommend that you upgrade your mysql-5.5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-06
    plugin id 106206
    published 2018-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106206
    title Debian DLA-1250-1 : mysql-5.5 security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180816_MARIADB_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: mariadb (5.5.60). Security Fix(es) : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Bug Fix(es) : - Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111806
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111806
    title Scientific Linux Security Update : mariadb on SL7.x x86_64
  • NASL family Databases
    NASL id MYSQL_5_6_39_RPM.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-17
    plugin id 106100
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106100
    title MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2439.NASL
    description An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen 2018-10-18
    modified 2018-10-17
    plugin id 111802
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111802
    title RHEL 7 : mariadb (RHSA-2018:2439)
  • NASL family Databases
    NASL id MYSQL_5_7_21_RPM.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.21. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-17
    plugin id 106102
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106102
    title MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1346.NASL
    description According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 118434
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118434
    title EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1078.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)
    last seen 2018-09-20
    modified 2018-09-19
    plugin id 117592
    published 2018-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117592
    title Amazon Linux 2 : mariadb (ALAS-2018-1078)
  • NASL family Databases
    NASL id MYSQL_5_7_21.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.21. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-17
    plugin id 106101
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106101
    title MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (January 2018 CPU)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0037.NASL
    description An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 111297
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111297
    title Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037)
  • NASL family Databases
    NASL id MYSQL_5_6_39.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-17
    plugin id 106099
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106099
    title MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (January 2018 CPU)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2439.NASL
    description An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 112020
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112020
    title CentOS 7 : mariadb (CESA-2018:2439)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0422-1.NASL
    description This update for mysql to version 5.5.59 fixes several issues. These security issues were fixed : - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369) - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 59.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 106786
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106786
    title SUSE SLES11 Security Update : mysql (SUSE-SU-2018:0422-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-969.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2640) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2573) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2018-2647) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2576) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2668) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2565) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2586) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2612) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2696) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2583) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2622) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2600) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2590) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2018-2645) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2703) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2646) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2665) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2667)
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 107240
    published 2018-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107240
    title Amazon Linux AMI : mysql55 / mysql56,mysql57 (ALAS-2018-969)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1337.NASL
    description According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 118425
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118425
    title EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)
  • NASL family Databases
    NASL id MYSQL_5_5_59.NASL
    description The version of MySQL running on the remote host is 5.5.x prior to 5.5.59. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-19
    modified 2018-09-17
    plugin id 106097
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106097
    title MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (January 2018 CPU)
redhat via4
advisories
  • rhsa
    id RHSA-2018:0586
  • rhsa
    id RHSA-2018:0587
  • rhsa
    id RHSA-2018:2439
  • rhsa
    id RHSA-2018:2729
rpms
  • mariadb-1:5.5.60-1.el7_5
  • mariadb-bench-1:5.5.60-1.el7_5
  • mariadb-devel-1:5.5.60-1.el7_5
  • mariadb-embedded-1:5.5.60-1.el7_5
  • mariadb-embedded-devel-1:5.5.60-1.el7_5
  • mariadb-libs-1:5.5.60-1.el7_5
  • mariadb-server-1:5.5.60-1.el7_5
  • mariadb-test-1:5.5.60-1.el7_5
refmap via4
bid 102706
confirm
debian DSA-4091
mlist
  • [debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update
  • [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
sectrack 1040216
ubuntu
  • USN-3537-1
  • USN-3537-2
Last major update 17-01-2018 - 21:29
Published 17-01-2018 - 21:29
Last modified 21-09-2018 - 06:29
Back to Top