Executive Summary
Summary | |
---|---|
Title | mysql-5.5 security update |
Informations | |||
---|---|---|---|
Name | DSA-3054 | First vendor Publication | 2014-10-20 |
Vendor | Debian | Last vendor Modification | 2014-10-20 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html For the stable distribution (wheezy), these problems have been fixed in version 5.5.40-0+wheezy1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your mysql-5.5 packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-3054 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26769 | |||
Oval ID: | oval:org.mitre.oval:def:26769 | ||
Title: | USN-2384-1 -- MySQL vulnerabilities | ||
Description: | Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2384-1 CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 3 |
Platform(s): | Ubuntu 14.04 Ubuntu 12.04 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27137 | |||
Oval ID: | oval:org.mitre.oval:def:27137 | ||
Title: | DSA-3054-1 mysql-5.5 - security update | ||
Description: | Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3054-1 CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27610 | |||
Oval ID: | oval:org.mitre.oval:def:27610 | ||
Title: | RHSA-2014:1861 -- mariadb security update (Important) | ||
Description: | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1861 CESA-2014:1861 CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | mariadb |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28389 | |||
Oval ID: | oval:org.mitre.oval:def:28389 | ||
Title: | RHSA-2014:1859 -- mysql55-mysql security update (Important) | ||
Description: | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1859 CESA-2014:1859 CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql55-mysql |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-07 | Name : MySQL Authentication Error Message User Enumeration Vulnerability File : nvt/gb_oracle_mysql_old_auth_user_enum_vuln.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle MySQL user enumeration attempt RuleID : 24908 - Revision : 7 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-23 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-479.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-150302.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-091.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-75.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Fedora host is missing a security update. File : fedora_2014-16003.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-14791.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141117_mysql55_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141117_mariadb_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-02.nasl - Type : ACT_GATHER_INFO |
2014-11-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-307-01.nasl - Type : ACT_GATHER_INFO |
2014-10-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-210.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3054.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-428.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2384-1.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_21.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_20.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_39.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1807-1.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-102.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_5_29.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_3_12.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_2_14.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_1_67.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-121227.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8c773d7f6cbb11e2b242c8600054b392.nasl - Type : ACT_GATHER_INFO |
2013-01-28 | Name : The remote database server has an information disclosure vulnerability. File : mysql_user_enumeration.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-12-18 21:21:59 |
|
2014-10-22 13:26:03 |
|
2014-10-20 21:22:38 |
|