Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in
mariadb :

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote
authenticated users to affect availability via vectors related to XML
(CVE-2014-0384).

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
and 5.6.15 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Partition (CVE-2014-2419).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Performance Schema
(CVE-2014-2430).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote attackers to affect availability
via unknown vectors related to Options (CVE-2014-2431).

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and
earlier and 5.6.15 and earlier allows remote authenticated users to
affect availability via unknown vectors related to Federated
(CVE-2014-2432).

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
RBR (CVE-2014-2436).

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
and 5.6.15 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Replication
(CVE-2014-2438).

Unspecified vulnerability in the MySQL Client component in Oracle
MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors (CVE-2014-2440).

The updated packages have been upgraded to the 5.5.37 version which is
not vulnerable to these issues.

See also :

http://www.nessus.org/u?ef1fc2a6
https://mariadb.com/kb/en/mariadb-5537-changelog/

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now