Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871435
Category:Red Hat Local Security Checks
Title:RedHat Update for mariadb RHSA-2015:1665-01
Summary:The remote host is missing an update for the 'mariadb'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'mariadb'
package(s) announced via the referenced advisory.

Vulnerability Insight:
MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

It was found that the MySQL client library permitted but did not require
a client to use SSL/TLS when establishing a secure connection to a MySQL
server using the '--ssl' option. A man-in-the-middle attacker
could use this flaw to strip the SSL/TLS protection from a connection
between a client and a server. (CVE-2015-3152)

This update fixes several vulnerabilities in the MariaDB database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2015-0501,
CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,
CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,
CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

These updated packages upgrade MariaDB to version 5.5.44. Refer to the
MariaDB Release Notes listed in the References section for a complete list
of changes.

All MariaDB users should upgrade to these updated packages, which correct
these issues. After installing this update, the MariaDB server daemon
(mysqld) will be restarted automatically.

Affected Software/OS:
mariadb on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.7

CVSS Vector:
AV:N/AC:M/Au:M/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0433
Debian Security Information: DSA-3229 (Google Search)
http://www.debian.org/security/2015/dsa-3229
Debian Security Information: DSA-3311 (Google Search)
http://www.debian.org/security/2015/dsa-3311
https://security.gentoo.org/glsa/201507-19
RedHat Security Advisories: RHSA-2015:1628
http://rhn.redhat.com/errata/RHSA-2015-1628.html
RedHat Security Advisories: RHSA-2015:1629
http://rhn.redhat.com/errata/RHSA-2015-1629.html
RedHat Security Advisories: RHSA-2015:1647
http://rhn.redhat.com/errata/RHSA-2015-1647.html
RedHat Security Advisories: RHSA-2015:1665
http://rhn.redhat.com/errata/RHSA-2015-1665.html
http://www.securitytracker.com/id/1032121
SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://www.ubuntu.com/usn/USN-2575-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-0441
Common Vulnerability Exposure (CVE) ID: CVE-2015-0499
http://www.mandriva.com/security/advisories?name=MDVSA-2015:227
Common Vulnerability Exposure (CVE) ID: CVE-2015-0501
Common Vulnerability Exposure (CVE) ID: CVE-2015-0505
BugTraq ID: 74112
http://www.securityfocus.com/bid/74112
Common Vulnerability Exposure (CVE) ID: CVE-2015-2568
BugTraq ID: 74073
http://www.securityfocus.com/bid/74073
Common Vulnerability Exposure (CVE) ID: CVE-2015-2571
BugTraq ID: 74095
http://www.securityfocus.com/bid/74095
Common Vulnerability Exposure (CVE) ID: CVE-2015-2573
BugTraq ID: 74078
http://www.securityfocus.com/bid/74078
Common Vulnerability Exposure (CVE) ID: CVE-2015-2582
BugTraq ID: 75751
http://www.securityfocus.com/bid/75751
Debian Security Information: DSA-3308 (Google Search)
http://www.debian.org/security/2015/dsa-3308
https://security.gentoo.org/glsa/201610-06
RedHat Security Advisories: RHSA-2015:1630
http://rhn.redhat.com/errata/RHSA-2015-1630.html
RedHat Security Advisories: RHSA-2015:1646
http://rhn.redhat.com/errata/RHSA-2015-1646.html
http://www.securitytracker.com/id/1032911
SuSE Security Announcement: openSUSE-SU-2015:1629 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html
http://www.ubuntu.com/usn/USN-2674-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-2620
BugTraq ID: 75837
http://www.securityfocus.com/bid/75837
Common Vulnerability Exposure (CVE) ID: CVE-2015-2643
BugTraq ID: 75830
http://www.securityfocus.com/bid/75830
Common Vulnerability Exposure (CVE) ID: CVE-2015-2648
BugTraq ID: 75822
http://www.securityfocus.com/bid/75822
Common Vulnerability Exposure (CVE) ID: CVE-2015-3152
BugTraq ID: 74398
http://www.securityfocus.com/bid/74398
Bugtraq: 20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade (Google Search)
http://www.securityfocus.com/archive/1/535397/100/1100/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
http://www.ocert.org/advisories/ocert-2015-003.html
https://www.duosecurity.com/blog/backronym-mysql-vulnerability
http://www.securitytracker.com/id/1032216
Common Vulnerability Exposure (CVE) ID: CVE-2015-4737
BugTraq ID: 75802
http://www.securityfocus.com/bid/75802
Common Vulnerability Exposure (CVE) ID: CVE-2015-4752
BugTraq ID: 75849
http://www.securityfocus.com/bid/75849
Common Vulnerability Exposure (CVE) ID: CVE-2015-4757
BugTraq ID: 75759
http://www.securityfocus.com/bid/75759
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.