EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1035)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the mariadb packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database
server. It is a client/server implementation consisting
of a server daemon (mysqld) and many different client
programs and libraries. The base package contains the
standard MariaDB/MySQL client programs and generic
MySQL files.

- Security Fix(es)

- Unspecified vulnerability in Oracle MySQL 5.5.47 and
earlier, 5.6.28 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.48, 10.0.x before 10.0.24, and
10.1.x before 10.1.12 allows local users to affect
integrity and availability via vectors related to
DML.(CVE-2016-0640)

- Unspecified vulnerability in Oracle MySQL 5.5.47 and
earlier, 5.6.28 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.48, 10.0.x before 10.0.24, and
10.1.x before 10.1.12 allows local users to affect
confidentiality and availability via vectors related to
MyISAM.(CVE-2016-0641)

- Unspecified vulnerability in Oracle MySQL 5.5.48 and
earlier, 5.6.29 and earlier, and 5.7.11 and earlier and
MariaDB before 5.5.49, 10.0.x before 10.0.25, and
10.1.x before 10.1.14 allows local users to affect
confidentiality via vectors related to
DML.(CVE-2016-0643)

- Unspecified vulnerability in Oracle MySQL 5.5.47 and
earlier, 5.6.28 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.48, 10.0.x before 10.0.24, and
10.1.x before 10.1.12 allows local users to affect
availability via vectors related to DDL.(CVE-2016-0644)

- Unspecified vulnerability in Oracle MySQL 5.5.47 and
earlier, 5.6.28 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.48, 10.0.x before 10.0.24, and
10.1.x before 10.1.12 allows local users to affect
availability via vectors related to DML.(CVE-2016-0646)

- Unspecified vulnerability in Oracle MySQL 5.5.48 and
earlier, 5.6.29 and earlier, and 5.7.11 and earlier and
MariaDB before 5.5.49, 10.0.x before 10.0.25, and
10.1.x before 10.1.14 allows local users to affect
availability via vectors related to FTS.(CVE-2016-0647)

- Unspecified vulnerability in Oracle MySQL 5.5.48 and
earlier, 5.6.29 and earlier, and 5.7.11 and earlier and
MariaDB before 5.5.49, 10.0.x before 10.0.25, and
10.1.x before 10.1.14 allows local users to affect
availability via vectors related to PS.(CVE-2016-0648)

- Unspecified vulnerability in Oracle MySQL 5.5.47 and
earlier, 5.6.28 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.48, 10.0.x before 10.0.24, and
10.1.x before 10.1.12 allows local users to affect
availability via vectors related to PS.(CVE-2016-0649)

- Unspecified vulnerability in Oracle MySQL 5.5.47 and
earlier, 5.6.28 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.48, 10.0.x before 10.0.24, and
10.1.x before 10.1.12 allows local users to affect
availability via vectors related to
Replication.(CVE-2016-0650)

- Unspecified vulnerability in Oracle MySQL 5.5.48 and
earlier, 5.6.29 and earlier, and 5.7.11 and earlier and
MariaDB before 5.5.49, 10.0.x before 10.0.25, and
10.1.x before 10.1.14 allows local users to affect
availability via vectors related to Security:
Privileges.(CVE-2016-0666)

- Unspecified vulnerability in Oracle MySQL 5.5.48 and
earlier, 5.6.29 and earlier, and 5.7.10 and earlier and
MariaDB before 5.5.49, 10.0.x before 10.0.25, and
10.1.x before 10.1.14 allows remote attackers to affect
confidentiality via vectors related to Server:
Security: Encryption.(CVE-2016-3452)

- Unspecified vulnerability in Oracle MySQL 5.5.49 and
earlier, 5.6.30 and earlier, and 5.7.12 and earlier and
MariaDB before 5.5.50, 10.0.x before 10.0.26, and
10.1.x before 10.1.15 allows local users to affect
confidentiality, integrity, and availability via
vectors related to Server: Parser.(CVE-2016-3477)

- Unspecified vulnerability in Oracle MySQL 5.5.49 and
earlier, 5.6.30 and earlier, and 5.7.12 and earlier and
MariaDB before 5.5.50, 10.0.x before 10.0.26, and
10.1.x before 10.1.15 allows remote authenticated users
to affect availability via vectors related to Server:
Types.(CVE-2016-3521)

- Unspecified vulnerability in Oracle MySQL 5.5.49 and
earlier, 5.6.30 and earlier, and 5.7.12 and earlier and
MariaDB before 5.5.50, 10.0.x before 10.0.26, and
10.1.x before 10.1.15 allows remote authenticated users
to affect availability via vectors related to Server:
DML.(CVE-2016-3615)

- Unspecified vulnerability in Oracle MySQL 5.5.49 and
earlier, 5.6.30 and earlier, and 5.7.12 and earlier and
MariaDB before 5.5.50, 10.0.x before 10.0.26, and
10.1.x before 10.1.15 allows remote administrators to
affect availability via vectors related to Server:
RBR.(CVE-2016-5440)

- Unspecified vulnerability in Oracle MySQL 5.5.48 and
earlier, 5.6.29 and earlier, and 5.7.11 and earlier and
MariaDB before 5.5.49, 10.0.x before 10.0.25, and
10.1.x before 10.1.14 allows remote attackers to affect
confidentiality via vectors related to Server:
Connection.(CVE-2016-5444)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?22e7de18

Solution :

Update the affected mariadb packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now