Test ID:	1.3.6.1.4.1.25623.1.0.59302
Category:	Fedora Local Security Checks
Title:	Fedora Core 5 FEDORA-2006-553 (mysql)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mysql announced via advisory FEDORA-2006-553. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the MySQL client programs, the client shared libraries, and generic MySQL files. Update Information: 5.0.21 fixes several moderate-severity security issues: see CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, and our bugs 181335 182025 189054 190866 190868 190870 * Thu May 11 2006 Tom Lane 5.0.21-2.FC5.1 - Fix bogus perl Requires for mysql-test * Tue May 2 2006 Tom Lane 5.0.21-1.FC5.1 - Update to MySQL 5.0.21 - Modify multilib header hack to not break non-RH arches, per bug #181335 - Remove logrotate script, per bug #180639. - Add a new mysql-test RPM to carry the regression test files hack up test scripts as needed to make them run in /usr/share/mysql-test. Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ 62b46ef270c73906c9480ce7cc3e0dce7d48b925 ppc/debug/mysql- debuginfo-5.0.21-2.FC5.1.ppc.rpm a9d1abdca3a9cdfeeaf0ec9f5221a117586683c6 x86_64/debug/mysql- debuginfo-5.0.21-2.FC5.1.x86_64.rpm b944dade30e23bf00dbb5207fb03d1c60b771c2c i386/debug/mysql- debuginfo-5.0.21-2.FC5.1.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-553 Risk factor : High CVSS Score: 6.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0903 1015693 http://securitytracker.com/id?1015693 16850 http://www.securityfocus.com/bid/16850 19034 http://secunia.com/advisories/19034 19502 http://secunia.com/advisories/19502 19814 http://secunia.com/advisories/19814 20060225 mysql <= 5.0.18 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html 20241 http://secunia.com/advisories/20241 20253 http://secunia.com/advisories/20253 20333 http://secunia.com/advisories/20333 20625 http://secunia.com/advisories/20625 30351 http://secunia.com/advisories/30351 ADV-2006-0752 http://www.vupen.com/english/advisories/2006/0752 DSA-1071 http://www.debian.org/security/2006/dsa-1071 DSA-1073 http://www.debian.org/security/2006/dsa-1073 DSA-1079 http://www.debian.org/security/2006/dsa-1079 MDKSA-2006:064 http://www.mandriva.com/security/advisories?name=MDKSA-2006:064 RHSA-2006:0544 http://www.redhat.com/support/errata/RHSA-2006-0544.html RHSA-2007:0083 http://www.redhat.com/support/errata/RHSA-2007-0083.html RHSA-2008:0364 http://www.redhat.com/support/errata/RHSA-2008-0364.html USN-274-1 https://usn.ubuntu.com/274-1/ USN-274-2 http://www.ubuntu.com/usn/usn-274-2 http://bugs.mysql.com/bug.php?id=17667 http://rst.void.ru/papers/advisory39.txt mysql-query-log-bypass-security(24966) https://exchange.xforce.ibmcloud.com/vulnerabilities/24966 oval:org.mitre.oval:def:9915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915 Common Vulnerability Exposure (CVE) ID: CVE-2006-1516 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 17780 http://www.securityfocus.com/bid/17780 Bugtraq: 20060502 MySQL Anonymous Login Handshake - Information Leakage. (Google Search) http://www.securityfocus.com/archive/1/432733/100/0/threaded Bugtraq: 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage (Google Search) http://www.securityfocus.com/archive/1/434164/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1071 (Google Search) Debian Security Information: DSA-1073 (Google Search) Debian Security Information: DSA-1079 (Google Search) http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:084 http://www.wisec.it/vulns.php?page=7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918 http://securitytracker.com/id?1016017 http://secunia.com/advisories/19929 http://secunia.com/advisories/20002 http://secunia.com/advisories/20073 http://secunia.com/advisories/20076 http://secunia.com/advisories/20223 http://secunia.com/advisories/20424 http://secunia.com/advisories/20457 http://secunia.com/advisories/20762 http://secunia.com/advisories/24479 http://secunia.com/advisories/29847 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377 http://securityreason.com/securityalert/840 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 SuSE Security Announcement: SUSE-SA:2006:036 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html SuSE Security Announcement: SUSE-SR:2006:012 (Google Search) http://www.novell.com/linux/security/advisories/2006-06-02.html http://www.trustix.org/errata/2006/0028 https://usn.ubuntu.com/283-1/ http://www.vupen.com/english/advisories/2006/1633 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2008/1326/references XForce ISS Database: mysql-login-packet-info-disclosure(26236) https://exchange.xforce.ibmcloud.com/vulnerabilities/26236 Common Vulnerability Exposure (CVE) ID: CVE-2006-1517 Bugtraq: 20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution. (Google Search) http://www.securityfocus.com/archive/1/432734/100/0/threaded http://www.wisec.it/vulns.php?page=8 http://www.osvdb.org/25228 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036 http://securitytracker.com/id?1016016 http://securityreason.com/securityalert/839 XForce ISS Database: mysql-sqlparcecc-information-disclosure(26228) https://exchange.xforce.ibmcloud.com/vulnerabilities/26228 Common Vulnerability Exposure (CVE) ID: CVE-2006-1518 CERT/CC vulnerability note: VU#602457 http://www.kb.cert.org/vuls/id/602457 XForce ISS Database: mysql-comtabledump-bo(26232) https://exchange.xforce.ibmcloud.com/vulnerabilities/26232
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.