Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102)

medium Nessus Plugin ID 74080

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been discovered and corrected in mariadb :

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML (CVE-2014-0384).

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2014-2419).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema (CVE-2014-2430).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options (CVE-2014-2431).

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated (CVE-2014-2432).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR (CVE-2014-2436).

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-2438).

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-2440).

The updated packages have been upgraded to the 5.5.37 version which is not vulnerable to these issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ef1fc2a6

https://mariadb.com/kb/en/library/mariadb-5537-changelog/

Plugin Details

Severity: Medium

ID: 74080

File Name: mandriva_MDVSA-2014-102.nasl

Version: 1.6

Type: local

Published: 5/19/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 5.2

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mariadb-client, p-cpe:/a:mandriva:linux:mariadb-common, p-cpe:/a:mandriva:linux:mariadb-common-core, p-cpe:/a:mandriva:linux:mariadb-core, p-cpe:/a:mandriva:linux:mariadb-extra, p-cpe:/a:mandriva:linux:lib64mariadb-devel, p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel, p-cpe:/a:mandriva:linux:lib64mariadb-embedded18, p-cpe:/a:mandriva:linux:lib64mariadb18, p-cpe:/a:mandriva:linux:mariadb, p-cpe:/a:mandriva:linux:mariadb-bench, p-cpe:/a:mandriva:linux:mariadb-feedback, p-cpe:/a:mandriva:linux:mariadb-obsolete, p-cpe:/a:mandriva:linux:mysql-mariadb, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/16/2014

Reference Information

CVE: CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440

BID: 66896, 66835, 66846, 66850, 66858, 66875, 66880, 66890

MDVSA: 2014:102