Test ID:	1.3.6.1.4.1.25623.1.0.130099
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0279)
Summary:	The remote host is missing an update for the 'mariadb' package(s) announced via the MGASA-2015-0279 advisory.
Description:	Summary: The remote host is missing an update for the 'mariadb' package(s) announced via the MGASA-2015-0279 advisory. Vulnerability Insight: The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled (CVE-2015-3152). The Mageia 4 update also fixes other unspecified security issues, such as CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, and CVE-2015-4752. Refer to the Oracle Critical Patch Update for details. Affected Software/OS: 'mariadb' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2582 BugTraq ID: 75751 http://www.securityfocus.com/bid/75751 Debian Security Information: DSA-3308 (Google Search) http://www.debian.org/security/2015/dsa-3308 Debian Security Information: DSA-3311 (Google Search) http://www.debian.org/security/2015/dsa-3311 https://security.gentoo.org/glsa/201610-06 RedHat Security Advisories: RHSA-2015:1628 http://rhn.redhat.com/errata/RHSA-2015-1628.html RedHat Security Advisories: RHSA-2015:1629 http://rhn.redhat.com/errata/RHSA-2015-1629.html RedHat Security Advisories: RHSA-2015:1630 http://rhn.redhat.com/errata/RHSA-2015-1630.html RedHat Security Advisories: RHSA-2015:1646 http://rhn.redhat.com/errata/RHSA-2015-1646.html RedHat Security Advisories: RHSA-2015:1647 http://rhn.redhat.com/errata/RHSA-2015-1647.html RedHat Security Advisories: RHSA-2015:1665 http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.securitytracker.com/id/1032911 SuSE Security Announcement: openSUSE-SU-2015:1629 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://www.ubuntu.com/usn/USN-2674-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2620 BugTraq ID: 75837 http://www.securityfocus.com/bid/75837 Common Vulnerability Exposure (CVE) ID: CVE-2015-2643 BugTraq ID: 75830 http://www.securityfocus.com/bid/75830 Common Vulnerability Exposure (CVE) ID: CVE-2015-2648 BugTraq ID: 75822 http://www.securityfocus.com/bid/75822 Common Vulnerability Exposure (CVE) ID: CVE-2015-3152 BugTraq ID: 74398 http://www.securityfocus.com/bid/74398 Bugtraq: 20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade (Google Search) http://www.securityfocus.com/archive/1/535397/100/1100/threaded http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html http://www.ocert.org/advisories/ocert-2015-003.html https://www.duosecurity.com/blog/backronym-mysql-vulnerability http://www.securitytracker.com/id/1032216 Common Vulnerability Exposure (CVE) ID: CVE-2015-4737 BugTraq ID: 75802 http://www.securityfocus.com/bid/75802 Common Vulnerability Exposure (CVE) ID: CVE-2015-4752 BugTraq ID: 75849 http://www.securityfocus.com/bid/75849
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.