openSUSE-SU-2015:1629

RHSA-2015:1628

RHSA-2015:1629

RHSA-2015:1630

RHSA-2015:1646

RHSA-2015:1647

RHSA-2015:1665

DSA-3311

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

75759

1032911

USN-2674-1

GLSA-201610-06

The remote host is affected by the vulnerability described in GLSA-201610-06 (MySQL and MariaDB: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL and MariaDB.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could exploit vulnerabilities, through multiple       vectors, that affect the confidentiality, integrity, and availability of       MySQL and MariaDB.
  Workaround :

    There is no known workaround at this time.

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.43 or 5.6.x prior to 5.6.24 and is affected an unspecified flaw related to the Server:Optimizer subcomponent.  This may allow an authenticated remote attacker to cause a denial of service.  No further details have been provided by the vendor.

MySQL was updated to version 5.5.45, fixing bugs and security issues.

A list of all changes can be found on :

- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html

- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html

To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152]

Additional bugs fixed :

  - fix rc.mysql-multi script to start instances after     restart properly [bnc#934401].

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The MySQL Community Server edition was updated to 5.6.26, fixing security issues and bugs.

All changes:
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html

  - Fixed CVEs: CVE-2015-2617, CVE-2015-2648, CVE-2015-2611,     CVE-2015-2582 CVE-2015-4752, CVE-2015-4756,     CVE-2015-2643, CVE-2015-4772 CVE-2015-4761,     CVE-2015-4757, CVE-2015-4737, CVE-2015-4771     CVE-2015-4769, CVE-2015-2639, CVE-2015-2620,     CVE-2015-2641 CVE-2015-2661, CVE-2015-4767

  - disable Performance Schema by default. Since MySQL 5.6.6     upstream enabled Performance Schema by default which     results in increased memory usage. The added option     disable Performance Schema again in order to decrease     MySQL memory usage [bnc#852477].

  - install INFO_BIN and INFO_SRC, noticed in MDEV-6912

  - remove superfluous '--group' parameter from     mysql-systemd-helper

  - make -devel package installable in the presence of     LibreSSL

  - cleanup after the update-message if it was displayed

  - add 'exec' to mysql-systemd-helper to shutdown     mysql/mariadb cleanly [bnc#943096]

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)

This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)

(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

From Red Hat Security Advisory 2015:1665 :

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)

This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.24. It is, therefore, affected by the following vulnerabilities :

  - Multiple information disclosure vulnerabilities exist in     the following subcomponents which can be exploited by an     authenticated, remote attacker to gain access to     sensitive information :
    - Pluggable Auth (CVE-2015-4737)
    - Security:Privileges (CVE-2015-2620)

  - Multiple denial of service vulnerabilities exist in the     following subcomponents which can be exploited by an     authenticated, remote attacker :
    - DML (CVE-2015-4905)
    - InnoDB (CVE-2015-4866)
    - Optimizer (CVE-2015-4757)

This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

From Red Hat Security Advisory 2015:1628 :

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes.

All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes.

All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

The version of Oracle MySQL installed on the remote host is 5.5.x prior to 5.5.43. It is, therefore, affected by an unspecified flaw in the Optimizer subcomponent. An authenticated, remote attacker can exploit this to cause a denial of service condition.

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.h tml.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues have been discovered in the MariaDB database server.
The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details :

  -     https://mariadb.com/kb/en/mariadb/mariadb-10017-release-     notes/
  -     https://mariadb.com/kb/en/mariadb/mariadb-10018-release-     notes/

  -     https://mariadb.com/kb/en/mariadb/mariadb-10019-release-     notes/

  -     https://mariadb.com/kb/en/mariadb/mariadb-10020-release-     notes/

The version of MySQL running on the remote host is version 5.5.x prior to 5.5.44 or version 5.6.x prior to 5.6.25. It is, therefore, potentially affected by the following vulnerabilities :

  - Multiple denial of service vulnerabilities exist in the     following Server subcomponents which can be exploited by     a remote, authenticated attacker :
    - Partition (CVE-2015-2617)
    - DML (CVE-2015-2648, CVE-2015-2611)
    - GIS (CVE-2015-2582)
    - I_S (CVE-2015-4752)
    - InnoDB (CVE-2015-4756)
    - Optimizer (CVE-2015-2643, CVE-2015-4757)
    - Partition (CVE-2015-4772)
    - Memcached (CVE-2015-4761)
    - RBR (CVE-2015-4771)
    - Security:Firewall (CVE-2015-4769, CVE-2015-4767)
    - Security:Privileges (CVE-2015-2641)

  - Multiple Information disclosure vulnerabilities exist in     the following Server subcomponents which can be     exploited by a remote, authenticated attacker to gain     access to sensitive information :
    - Pluggable Auth (CVE-2015-4737)
    - Security:Privileges (CVE-2015-2620)

  - An unspecified vulnerability exists related to the     Security:Firewall subcomponent of the Server that can be     exploited by a remote, authenticated attacker to have an     impact on the integrity of the system. (CVE-2015-2639)

  - A denial of service vulnerability exists in the Client     subcomponent which can be exploited by a local attacker.
    No other details have been given. (CVE-2015-2661)

ID	Name	Product	Family	Severity
93993	GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
9258	Oracle MySQL 5.5.x < 5.5.43 / 5.6.x < 5.6.24 DoS	Nessus Network Monitor	Database	medium
86537	SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM)	Nessus	SuSE Local Security Checks	medium
86182	openSUSE Security Update : mysql-community-server (openSUSE-2015-608)	Nessus	SuSE Local Security Checks	medium
85635	CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)	Nessus	CentOS Local Security Checks	medium
85622	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM)	Nessus	Scientific Linux Local Security Checks	medium
85616	RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)	Nessus	Red Hat Local Security Checks	medium
85612	Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)	Nessus	Oracle Linux Local Security Checks	medium
85538	Oracle MySQL 5.6.x < 5.6.24 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)	Nessus	Databases	medium
85499	Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817)	Nessus	Scientific Linux Local Security Checks	high
85488	Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)	Nessus	Oracle Linux Local Security Checks	high
85460	CentOS 5 : mysql55-mysql (CESA-2015:1628)	Nessus	CentOS Local Security Checks	high
85443	RHEL 5 : mysql55-mysql (RHSA-2015:1628)	Nessus	Red Hat Local Security Checks	high
84924	Oracle MySQL 5.5.x < 5.5.43 Optimizer DoS (July 2015 CPU)	Nessus	Databases	low
84915	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2674-1)	Nessus	Ubuntu Local Security Checks	medium
84839	Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)	Nessus	Debian Local Security Checks	medium
84767	MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU)	Nessus	Databases	medium

CVE-2015-4757

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins