Scientific Linux Security Update : mariadb on SL7.x x86_64 (BACKRONYM)

Medium Nessus Plugin ID 85622


The remote Scientific Linux host is missing one or more security updates.


It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)

(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 85622

File Name: sl_20150824_mariadb_on_SL7_x.nasl

Version: $Revision: 2.8 $

Type: local

Agent: unix

Published: 2015/08/25

Modified: 2016/10/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.7

Vector: CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C


Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2015/08/24

Reference Information

CVE: CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-3152, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757