Test ID:	1.3.6.1.4.1.25623.1.0.66852
Category:	CentOS Local Security Checks
Title:	CentOS Security Advisory CESA-2010:0110 (mysql)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates to mysql announced in advisory CESA-2010:0110. For details on the issues addressed in this update, please visit the referenced security advisories. Solution: Update the appropriate packages on your system. http://www.securityspace.com/smysecure/catid.html?in=CESA-2010:0110 http://www.securityspace.com/smysecure/catid.html?in=RHSA-2010:0110 https://rhn.redhat.com/errata/RHSA-2010-0110.html Risk factor : Critical CVSS Score: 8.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4098 32578 http://secunia.com/advisories/32578 32759 http://secunia.com/advisories/32759 32769 http://secunia.com/advisories/32769 38517 http://secunia.com/advisories/38517 DSA-1662 http://www.debian.org/security/2008/dsa-1662 MDVSA-2009:094 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 RHSA-2009:1067 http://www.redhat.com/support/errata/RHSA-2009-1067.html RHSA-2010:0110 http://www.redhat.com/support/errata/RHSA-2010-0110.html SUSE-SR:2008:025 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html USN-1397-1 http://www.ubuntu.com/usn/USN-1397-1 USN-671-1 http://www.ubuntu.com/usn/USN-671-1 USN-897-1 http://ubuntu.com/usn/usn-897-1 [oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 http://www.openwall.com/lists/oss-security/2008/09/09/20 [oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 http://www.openwall.com/lists/oss-security/2008/09/16/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://bugs.mysql.com/bug.php?id=32167 mysql-myisam-symlink-security-bypass(45649) https://exchange.xforce.ibmcloud.com/vulnerabilities/45649 oval:org.mitre.oval:def:10591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591 Common Vulnerability Exposure (CVE) ID: CVE-2008-4456 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 31486 http://www.securityfocus.com/bid/31486 Bugtraq: 20080930 MySQL command-line client HTML injection vulnerability (Google Search) http://www.securityfocus.com/archive/1/496842/100/0/threaded Bugtraq: 20080930 RE: MySQL command-line client HTML injection vulnerability (Google Search) http://www.securityfocus.com/archive/1/496877/100/0/threaded Bugtraq: 20081004 RE: RE: MySQL command-line client HTML injection vulnerability (Google Search) http://seclists.org/bugtraq/2008/Oct/0026.html Bugtraq: 20081029 Re: MySQL command-line client HTML injection vulnerability (Google Search) http://www.securityfocus.com/archive/1/497158/100/0/threaded http://www.securityfocus.com/archive/1/497885/100/0/threaded Debian Security Information: DSA-1783 (Google Search) http://www.debian.org/security/2009/dsa-1783 http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456 http://www.redhat.com/support/errata/RHSA-2009-1289.html http://secunia.com/advisories/32072 http://secunia.com/advisories/34907 http://secunia.com/advisories/36566 http://securityreason.com/securityalert/4357 XForce ISS Database: mysql-commandline-xss(45590) https://exchange.xforce.ibmcloud.com/vulnerabilities/45590 Common Vulnerability Exposure (CVE) ID: CVE-2009-2446 BugTraq ID: 35609 http://www.securityfocus.com/bid/35609 Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search) http://www.securityfocus.com/archive/1/504799/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:179 http://www.osvdb.org/55734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857 http://securitytracker.com/id?1022533 http://secunia.com/advisories/35767 http://www.vupen.com/english/advisories/2009/1857 XForce ISS Database: mysql-dispatchcommand-format-string(51614) https://exchange.xforce.ibmcloud.com/vulnerabilities/51614 Common Vulnerability Exposure (CVE) ID: CVE-2009-4030 38573 http://secunia.com/advisories/38573 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 APPLE-SA-2010-03-29-1 DSA-1997 http://www.debian.org/security/2010/dsa-1997 RHSA-2010:0109 http://www.redhat.com/support/errata/RHSA-2010-0109.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html [commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167 http://lists.mysql.com/commits/89940 [oss-security] 20091119 mysql-5.1.41 http://www.openwall.com/lists/oss-security/2009/11/19/3 [oss-security] 20091124 Re: mysql-5.1.41 http://marc.info/?l=oss-security&m=125908040022018&w=2 http://marc.info/?l=oss-security&m=125908080222685&w=2 http://www.openwall.com/lists/oss-security/2009/11/24/6 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://support.apple.com/kb/HT4077 oval:org.mitre.oval:def:11116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116 oval:org.mitre.oval:def:8156 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156 Common Vulnerability Exposure (CVE) ID: CVE-2008-2079 1019995 http://www.securitytracker.com/id?1019995 29106 http://www.securityfocus.com/bid/29106 30134 http://secunia.com/advisories/30134 31066 http://secunia.com/advisories/31066 31226 http://secunia.com/advisories/31226 31681 http://www.securityfocus.com/bid/31681 31687 http://secunia.com/advisories/31687 32222 http://secunia.com/advisories/32222 36566 36701 http://secunia.com/advisories/36701 ADV-2008-1472 http://www.vupen.com/english/advisories/2008/1472/references ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1608 http://www.debian.org/security/2008/dsa-1608 MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 MDVSA-2008:150 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 RHSA-2008:0505 http://www.redhat.com/support/errata/RHSA-2008-0505.html RHSA-2008:0510 http://www.redhat.com/support/errata/RHSA-2008-0510.html RHSA-2008:0768 http://www.redhat.com/support/errata/RHSA-2008-0768.html RHSA-2009:1289 SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 mysql-myisam-security-bypass(42267) https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 oval:org.mitre.oval:def:10133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.