Debian DLA-2103-1 : debian-security-support update: libqb and mysql-5.5 end

high Nessus Plugin ID 133698

Language:

Synopsis

The remote Debian host is missing a security update.

Description

debian-security-support, the Debian security support coverage checker, has been updated in jessie-security.

This marks the end of life of the libqb package in jessie. A recently reported vulnerability against libqb which allows users to overwrite arbitrary files via a symlink attack cannot be adequately addressed in libqb in jessie. Upstream no longer supports this version and no packages in jessie depend upon libqb.

We recommend that if your systems or applications depend upon the libqb package provided from the Debian archive that you upgrade your systems to a more recent Debian release or find an alternate and up to date source of libqb packages.

Additionally, MySQL 5.5 is no longer supported. Upstream has ended its support and we are unable to backport fixes from newer versions due to the lack of patch details. Options are to switch to MariaDB 10.0 in jessie or to a newer version of MySQL in more recent Debian releases.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected debian-security-support package.

Plugin Details

Severity: High

ID: 133698

File Name: debian_DLA-2103.nasl

Version: 1.3

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 2/14/2020

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:debian-security-support, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/13/2020

Vulnerability Publication Date: 2/13/2020

Detections

Analytics