Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2015-890.NASL
HistoryDec 18, 2015 - 12:00 a.m.

openSUSE Security Update : MariaDB 5.5.46 (openSUSE-2015-890)

2015-12-1800:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.4%

JSON

MariaDB was updated to 5.5.46 to fix security issues and bugs.

The following vulnerabilities were fixed in the upstream release :

CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792

A list of upstream changes and release notes can be found here:
https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-890.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87486);
  script_version("2.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4913");

  script_name(english:"openSUSE Security Update : MariaDB 5.5.46 (openSUSE-2015-890)");
  script_summary(english:"Check for the openSUSE-2015-890 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"MariaDB was updated to 5.5.46 to fix security issues and bugs.

The following vulnerabilities were fixed in the upstream release :

CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,
CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,
CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 

A list of upstream changes and release notes can be found here:
https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/"
  );
  # https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5546-changelog/"
  );
  # https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5546-release-notes/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MariaDB 5.5.46 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient_r18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-errormessages");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"libmysqlclient-devel-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysqlclient18-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysqlclient18-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysqlclient_r18-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysqld-devel-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysqld18-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmysqld18-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-bench-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-bench-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-client-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-client-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-debugsource-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-errormessages-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-test-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-test-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-tools-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mariadb-tools-debuginfo-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmysqlclient18-32bit-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-5.5.46-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-5.5.46-13.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlclient-devel / libmysqlclient18-32bit / libmysqlclient18 / etc");
}
VendorProductVersionCPE
novellopensusemariadb-tools-debuginfop-cpe:/a:novell:opensuse:mariadb-tools-debuginfo
novellopensuse13.1cpe:/o:novell:opensuse:13.1
novellopensuselibmysqlclient-develp-cpe:/a:novell:opensuse:libmysqlclient-devel
novellopensuselibmysqlclient18p-cpe:/a:novell:opensuse:libmysqlclient18
novellopensuselibmysqlclient18-32bitp-cpe:/a:novell:opensuse:libmysqlclient18-32bit
novellopensuselibmysqlclient18-debuginfop-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo
novellopensuselibmysqlclient18-debuginfo-32bitp-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit
novellopensuselibmysqlclient_r18p-cpe:/a:novell:opensuse:libmysqlclient_r18
novellopensuselibmysqlclient_r18-32bitp-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit
novellopensuselibmysqld-develp-cpe:/a:novell:opensuse:libmysqld-devel
Rows per page:
1-10 of 231

Related

freebsd 1
nessus 32
openvas 23
suse 3
archlinux 1
mageia 1
debian 4
cvelist 11
f5 4
ubuntucve 11
prion 11
cve 11
mariadbunix 11
nvd 11
symantec 1
redhat 6
ubuntu 1
osv 1
oraclelinux 1
ibm 1
centos 1
fedora 4
veracode 10
zdt 1
checkpoint_advisories 1
packetstorm 1
exploitpack 1
amazon 1
exploitdb 1
securityvulns 1
oracle 1
freebsd
freebsd
MySQL - Multiple vulnerabilities
2015-11-10 00:00:00
nessus
nessus
MariaDB Server 10.0.x < 10.0.22 Multiple DoS Vulnerabilities
2016-05-13 00:00:00
FreeBSD : MySQL - Multiple vulnerabilities (851a0eea-88aa-11e5-90e7-b499baebfeaf)
2015-11-12 00:00:00
openSUSE Security Update : mariadb (openSUSE-2015-884)
2015-12-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for Security (openSUSE-SU-2015:2244-1)
2015-12-11 00:00:00
Oracle MySQL Multiple Unspecified Vulnerabilities-01 (Oct 2015) - Linux
2016-07-01 00:00:00
openSUSE: Security Advisory for Security (openSUSE-SU-2015:2246-1)
2015-12-11 00:00:00
suse
suse
Security update to MariaDB 5.5.46 (important)
2015-12-10 13:10:14
Security update to MariaDB 10.0.22 (important)
2015-12-10 12:13:12
Security update to MySQL 5.6.27 (important)
2015-12-10 12:12:21
archlinux
archlinux
mariadb: denial of service
2015-10-30 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2015-11-17 00:36:58
debian
debian
[SECURITY] [DSA 3377-1] mysql-5.5 security update
2015-10-24 08:06:52
[SECURITY] [DSA 3377-1] mysql-5.5 security update
2015-10-24 08:06:52
[SECURITY] [DSA 3385-1] mariadb-10.0 security update
2015-10-31 08:23:38
cvelist
cvelist
CVE-2015-4792
2015-10-21 21:00:00
CVE-2015-4802
2015-10-21 21:00:00
CVE-2015-4913
2015-10-21 23:00:00
f5
f5
K59010802 : Multiple MySQL vulnerabilities
2015-12-15 00:00:00
SOL59010802 - Multiple MySQL vulnerabilities
2015-12-15 00:00:00
SOL86326526 - MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807
2015-12-03 00:00:00
ubuntucve
ubuntucve
CVE-2015-4802
2015-10-21 00:00:00
CVE-2015-4792
2015-10-21 00:00:00
CVE-2015-4858
2015-10-21 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-21 21:59:00
cve
cve
CVE-2015-4802
2015-10-21 21:59:19
CVE-2015-4792
2015-10-21 21:59:09
CVE-2015-4913
2015-10-22 00:00:16
mariadbunix
mariadbunix
CVE-2015-4802
2015-10-21 21:59:00
CVE-2015-4792
2015-10-21 21:59:00
CVE-2015-4858
2015-10-21 23:59:00
nvd
nvd
CVE-2015-4858
2015-10-21 23:59:23
CVE-2015-4792
2015-10-21 21:59:09
CVE-2015-4802
2015-10-21 21:59:19
symantec
symantec
SA106 : MySQL Vulnerabilities October 2015
2015-12-17 08:00:00
redhat
redhat
(RHSA-2016:22610) Moderate: mariadb security and bug fix update
2016-02-03 05:00:00
(RHSA-2016:0534) Moderate: mariadb security and bug fix update
2016-03-31 14:15:24
(RHSA-2016:1481) Moderate: mariadb55-mariadb security update
2016-07-25 07:45:27
ubuntu
ubuntu
MySQL vulnerabilities
2015-10-26 00:00:00
osv
osv
mysql-5.5 packages as an option announcement
2015-12-16 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-03-31 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSource Oracle Mysql affect IBM Security Guardium Database Activity Monitor
2018-06-16 21:38:45
centos
centos
mariadb security update
2016-03-31 20:53:35
fedora
fedora
[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22
2016-03-05 22:51:47
[SECURITY] Fedora 23 Update: mariadb-10.0.23-1.fc23
2016-02-21 16:34:44
[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22
2016-03-09 20:17:15
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:17
Information Disclosure
2019-05-02 05:29:17
Denial Of Service (DoS)
2019-05-02 05:29:17
zdt
zdt
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
checkpoint_advisories
checkpoint_advisories
MySQL Failed Memory Allocation Denial of Service (CVE-2015-4870)
2016-06-08 00:00:00
packetstorm
packetstorm
MySQL Procedure Analyse Denial Of Service
2016-05-28 00:00:00
exploitpack
exploitpack
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
amazon
amazon
Important: mysql56
2016-04-06 14:40:00
exploitdb
exploitdb
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-11-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.4%

JSON
Related for OPENSUSE-2015-890.NASL
freebsd1nessus32openvas23suse3archlinux1mageia1debian4cvelist11f54ubuntucve11prion11cve11mariadbunix11nvd11symantec1redhat6ubuntu1osv1oraclelinux1ibm1centos1fedora4veracode10zdt1checkpoint_advisories1packetstorm1exploitpack1amazon1exploitdb1securityvulns1oracle1