Detections
Analytics

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2015:1646)

medium Nessus Plugin ID 210225

Synopsis

The remote Red Hat host is missing one or more security updates for rh-mariadb100-mariadb.

Description

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1646 advisory.

 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

 It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)

 This update fixes several vulnerabilities in the MariaDB database server.
 Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772)

 These updated packages upgrade MariaDB to version MariaDB 10.0.20. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

 All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rh-mariadb100-mariadb package based on the guidance in RHSA-2015:1646.

See Also

https://access.redhat.com/security/updates/classification/#important

http://www.nessus.org/u?eb13119f

https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/

https://bugzilla.redhat.com/show_bug.cgi?id=1217506

https://bugzilla.redhat.com/show_bug.cgi?id=1244768

https://bugzilla.redhat.com/show_bug.cgi?id=1244769

https://bugzilla.redhat.com/show_bug.cgi?id=1244770

https://bugzilla.redhat.com/show_bug.cgi?id=1244771

https://bugzilla.redhat.com/show_bug.cgi?id=1244772

https://bugzilla.redhat.com/show_bug.cgi?id=1244773

https://bugzilla.redhat.com/show_bug.cgi?id=1244774

https://bugzilla.redhat.com/show_bug.cgi?id=1244775

https://bugzilla.redhat.com/show_bug.cgi?id=1244776

https://bugzilla.redhat.com/show_bug.cgi?id=1244778

https://bugzilla.redhat.com/show_bug.cgi?id=1244779

https://bugzilla.redhat.com/show_bug.cgi?id=1244780

https://bugzilla.redhat.com/show_bug.cgi?id=1244781

https://bugzilla.redhat.com/show_bug.cgi?id=1244782

https://bugzilla.redhat.com/show_bug.cgi?id=1244784

https://bugzilla.redhat.com/show_bug.cgi?id=1244785

https://bugzilla.redhat.com/show_bug.cgi?id=1244786

https://bugzilla.redhat.com/show_bug.cgi?id=1244787

http://www.nessus.org/u?056ec446

https://access.redhat.com/errata/RHSA-2015:1646

Plugin Details

Severity: Medium

ID: 210225

File Name: redhat-RHSA-2015-1646.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/4/2024

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2015-2617

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2015-3152

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-config, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-server, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-bench, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-devel, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-common, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-oqgraph-engine, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mariadb100-mariadb-test

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/20/2015

Vulnerability Publication Date: 4/14/2015

Reference Information

CVE: CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2571, CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-3152, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772, CVE-2015-4864, CVE-2015-4866

RHSA: 2015:1646