Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-3370-1.NASLHistoryDec 23, 2019 - 12:00 a.m.
SUSE SLED12 / SLES12 Security Update : mariadb-100 (SUSE-SU-2019:3370-1)
2019-12-2300:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%
This update for mariadb-100 fixes the following issues :
Security issue fixed :
CVE-2019-2974: Fixed Server Optimizer (bsc#1154162).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:3370-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(132388);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/02");
script_cve_id("CVE-2019-2974");
script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb-100 (SUSE-SU-2019:3370-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for mariadb-100 fixes the following issues :
Security issue fixed :
CVE-2019-2974: Fixed Server Optimizer (bsc#1154162).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1154162");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-2974/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20193370-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52a6b445");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch
SUSE-SLE-WE-12-SP5-2019-3370=1
SUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch
SUSE-SLE-WE-12-SP4-2019-3370=1
SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t
patch SUSE-SLE-SDK-12-SP5-2019-3370=1
SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2019-3370=1
SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2019-3370=1
SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-3370=1
SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-3370=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2974");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-100-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-100-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-100-errormessages");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4/5", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"4", reference:"libmysqlclient18-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libmysqlclient18-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libmysqlclient18-debuginfo-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libmysqlclient18-debuginfo-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-100-debuginfo-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-100-debugsource-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-100-errormessages-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libmysqlclient18-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libmysqlclient18-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libmysqlclient18-debuginfo-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libmysqlclient18-debuginfo-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mariadb-100-debuginfo-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mariadb-100-debugsource-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mariadb-100-errormessages-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libmysqlclient18-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-100-debuginfo-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-100-debugsource-10.0.40.2-2.12.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-100-errormessages-10.0.40.2-2.12.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb-100");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libmysqlclient18 | p-cpe:/a:novell:suse_linux:libmysqlclient18 |
| novell | suse_linux | libmysqlclient18-debuginfo | p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo |
| novell | suse_linux | libmysqlclient_r18 | p-cpe:/a:novell:suse_linux:libmysqlclient_r18 |
| novell | suse_linux | mariadb-100-debuginfo | p-cpe:/a:novell:suse_linux:mariadb-100-debuginfo |
| novell | suse_linux | mariadb-100-debugsource | p-cpe:/a:novell:suse_linux:mariadb-100-debugsource |
| novell | suse_linux | mariadb-100-errormessages | p-cpe:/a:novell:suse_linux:mariadb-100-errormessages |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
Related
debiancve
debiancve
CVE-2019-2974
2019-10-16 18:15:32
alpinelinux
alpinelinux
CVE-2019-2974
2019-10-16 18:15:32
osv
osv
CVE-2019-2974
2019-10-16 18:15:32
CGA-g8qm-43p2-6gfg
2024-07-04 22:10:33
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:3370-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2021-1327)
2021-02-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0050-1)
2021-04-19 00:00:00
cve
cve
CVE-2019-2974
2019-10-16 18:15:32
prion
prion
Code injection
2019-10-16 18:15:00
veracode
veracode
Denial Of Service (DoS)
2020-08-20 02:25:41
mariadbunix
mariadbunix
CVE-2019-2974
2019-10-16 18:15:32
ubuntucve
ubuntucve
CVE-2019-2974
2019-10-16 00:00:00
nvd
nvd
CVE-2019-2974
2019-10-16 18:15:32
cvelist
cvelist
CVE-2019-2974
2019-10-16 17:40:57
nessus
nessus
EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2021-1327)
2021-02-22 00:00:00
SUSE SLES12 Security Update : mariadb (SUSE-SU-2020:0050-1)
2020-01-10 00:00:00
Ubuntu 18.04 LTS : MariaDB vulnerabilities (USN-4195-2)
2019-11-21 00:00:00
redhatcve
redhatcve
CVE-2019-2974
2020-04-06 17:02:25
ubuntu
ubuntu
MariaDB vulnerabilities
2019-11-20 00:00:00
MySQL vulnerabilities
2019-11-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.4.9-alt1
2019-12-06 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.43-alt1
2020-01-24 00:00:00
amazon
amazon
Medium: mysql56
2020-01-06 23:26:00
Medium: mysql57
2020-01-06 23:27:00
Important: mariadb
2020-10-22 18:28:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2019-11-20 00:16:53
f5
f5
oraclelinux
oraclelinux
mariadb security and bug fix update
2020-10-06 00:00:00
mariadb:10.3 security, bug fix, and enhancement update
2020-12-18 00:00:00
mysql:8.0 security update
2020-09-16 00:00:00
centos
centos
mariadb security update
2020-10-20 18:30:49
redhat
redhat
(RHSA-2020:4026) Moderate: mariadb security and bug fix update
2020-09-29 07:52:34
suse
suse
Security update for mariadb (moderate)
2019-12-22 00:00:00
cloudfoundry
cloudfoundry
MySQL Security Updates - Oct 2019 | Cloud Foundry
2020-01-27 00:00:00
almalinux
almalinux
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
Important: mysql:8.0 security update
2020-09-14 12:23:24
rocky
rocky
mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
mysql:8.0 security update
2020-09-14 12:23:24
ibm
ibm
fedora
fedora
[SECURITY] Fedora 31 Update: community-mysql-8.0.18-1.fc31
2019-11-12 02:21:56
[SECURITY] Fedora 30 Update: community-mysql-8.0.18-1.fc30
2019-11-12 02:09:19
[SECURITY] Fedora 29 Update: community-mysql-8.0.18-1.fc29
2019-11-11 17:41:09
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0284
2020-03-18 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0284
2020-04-02 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0220
2020-03-13 00:00:00
freebsd
freebsd
MySQL -- Multiple vulerabilities
2019-10-15 00:00:00
gentoo
gentoo
MariaDB: Multiple Vulnerabilities
2024-05-08 00:00:00
MySQL: Multiple vulnerabilities
2021-05-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%
Related for SUSE_SU-2019-3370-1.NASL