Oracle Linux 8 : mariadb:10.3 (ELSA-2020-5500)

critical Nessus Plugin ID 144375

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5500 advisory.

asio [1.10.8-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1.10.8-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1.10.8-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1.10.8-4]
- Rebuilt for Boost 1.64

[1.10.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[1.10.8-2]
- Rebuilt for Boost 1.63

[1.10.8-1]
- Update to 1.10.8

[1.10.7-1]
- Update to 1.10.7

[1.10.6-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[1.10.6-6]
- Rebuilt for Boost 1.60

[1.10.6-5]
- Remove useless pieces of the spec
- Conform to more recent SPEC style
- Fix date in changelog that was giving warnings

[1.10.6-4]
- Move from define to global

[1.10.6-3]
- Rebuilt for Boost 1.59

[1.10.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159

[-1.10.6-1]
- Update to 1.10.6 version

[1.10.4-5]
- rebuild for Boost 1.58

[1.10.4-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[1.10.4-3]
- Rebuild for boost 1.57.0

[1.10.4-2]
- Forgot to update the commit id

[1.10.4-1]
- Update to 1.10.4 version

[1.10.3-1]
- Update to 1.10.3 version

[1.4.8-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[1.4.8-8]
- Rebuild for boost 1.55.0

[1.4.8-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

[1.4.8-6]
- Rebuild for boost 1.54.0

[1.4.8-5]
- Rebuild for Boost-1.53.0

[1.4.8-4]
- Rebuild for Boost-1.53.0

[1.4.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1.4.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[1.4.8-1]
- Update to 1.4.8 bugfix release

[1.4.1-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[1.4.1-3]
- fix FTBFS #538893 and #599857 (patch by Petr Machata)

[1.4.1-2]
- The tarball is now a gzip archive

[1.4.1-1]
- New upstream release

[1.2.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[1.2.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

[1.2.0-1]
- New upstream release

galera [25.3.31-1]
- Rebase to 25.3.31 Resolves: #1731289, #1856812

Judy mariadb [3:10.3.27-3]
- Remove mariadb_rpl.h from includedir This file is shipped in mariadb-connector-c package
- Require matching version of mariadb-connector-c package

[3:10.3.27-2]
- Disable building of the ed25519 client plugin.
From now on it will be shipped by 'mariadb-connector-c' package

[3:10.3.27-1]
- Rebase to 10.3.27
- mariadb-debug_build.patch is no more needed, upstream did the changes:
https://github.com/MariaDB/server/commit/31eaa2029f3c2a4f8e5609ce8b87682286238d9a#diff- 32766783af7cac683980224d63c59929 https://github.com/MariaDB/server/commit/23c6fb3e6231b8939331e2d9f157092f24ed8f4f#diff- 78f3162f137407db5240950beb2bcd7c

[3:10.3.23-1]
- Rebase to 10.3.23
- Make conflicts between corresponding mariadb and mysql packages explicit
- Get rid of the Conflicts macro, it was intended to mark conflicts with
*upstream* packages Resolves: #1853159

[3:10.3.22-1]
- Rebase to 10.3.22

[3:10.3.21-1]
- Rebase to 10.3.21

[3:10.3.20-2]
- Change path of groonga's packaged files
- Fix bz#1763287

[3:10.3.20-1]
- Rebase to 10.3.20
- NOTE: 10.3.19 was deleted by upstream

[3:10.3.18-1]
- Rebase to 10.3.18

[3:10.3.17-2]
- Fix the debug build

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2020-5500.html

Plugin Details

Severity: Critical

ID: 144375

File Name: oraclelinux_ELSA-2020-5500.nasl

Version: 1.7

Type: local

Agent: unix

Published: 12/18/2020

Updated: 11/2/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-15180

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:judy-devel, p-cpe:/a:oracle:linux:asio-devel, p-cpe:/a:oracle:linux:judy, p-cpe:/a:oracle:linux:mariadb-oqgraph-engine, p-cpe:/a:oracle:linux:mariadb-common, p-cpe:/a:oracle:linux:mariadb-server-galera, p-cpe:/a:oracle:linux:mariadb-server-utils, p-cpe:/a:oracle:linux:mariadb-embedded, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:mariadb-gssapi-server, p-cpe:/a:oracle:linux:mariadb-devel, p-cpe:/a:oracle:linux:mariadb, p-cpe:/a:oracle:linux:mariadb-backup, p-cpe:/a:oracle:linux:mariadb-errmsg, p-cpe:/a:oracle:linux:mariadb-server, p-cpe:/a:oracle:linux:mariadb-test, p-cpe:/a:oracle:linux:galera, p-cpe:/a:oracle:linux:mariadb-embedded-devel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 12/18/2020

Vulnerability Publication Date: 10/15/2019

Reference Information

CVE: CVE-2019-2938, CVE-2019-2974, CVE-2020-13249, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-14812, CVE-2020-15180, CVE-2020-2574, CVE-2020-2752, CVE-2020-2760, CVE-2020-2780, CVE-2020-2812, CVE-2020-2814