Test Kennung:	1.3.6.1.4.1.25623.1.0.882257
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for mariadb CESA-2015:1665 centos7
Zusammenfassung:	Check the version of mariadb
Beschreibung:	Summary: Check the version of mariadb Vulnerability Insight: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the '--ssl' option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. Affected Software/OS: mariadb on CentOS 7 Solution: Please install the updated packages. CVSS Score: 5.7 CVSS Vector: AV:N/AC:M/Au:M/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0433 Debian Security Information: DSA-3229 (Google Search) http://www.debian.org/security/2015/dsa-3229 Debian Security Information: DSA-3311 (Google Search) http://www.debian.org/security/2015/dsa-3311 https://security.gentoo.org/glsa/201507-19 RedHat Security Advisories: RHSA-2015:1628 http://rhn.redhat.com/errata/RHSA-2015-1628.html RedHat Security Advisories: RHSA-2015:1629 http://rhn.redhat.com/errata/RHSA-2015-1629.html RedHat Security Advisories: RHSA-2015:1647 http://rhn.redhat.com/errata/RHSA-2015-1647.html RedHat Security Advisories: RHSA-2015:1665 http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.securitytracker.com/id/1032121 SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.ubuntu.com/usn/USN-2575-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0441 Common Vulnerability Exposure (CVE) ID: CVE-2015-0499 http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 Common Vulnerability Exposure (CVE) ID: CVE-2015-0501 Common Vulnerability Exposure (CVE) ID: CVE-2015-0505 BugTraq ID: 74112 http://www.securityfocus.com/bid/74112 Common Vulnerability Exposure (CVE) ID: CVE-2015-2568 BugTraq ID: 74073 http://www.securityfocus.com/bid/74073 Common Vulnerability Exposure (CVE) ID: CVE-2015-2571 BugTraq ID: 74095 http://www.securityfocus.com/bid/74095 Common Vulnerability Exposure (CVE) ID: CVE-2015-2573 BugTraq ID: 74078 http://www.securityfocus.com/bid/74078 Common Vulnerability Exposure (CVE) ID: CVE-2015-2582 BugTraq ID: 75751 http://www.securityfocus.com/bid/75751 Debian Security Information: DSA-3308 (Google Search) http://www.debian.org/security/2015/dsa-3308 https://security.gentoo.org/glsa/201610-06 RedHat Security Advisories: RHSA-2015:1630 http://rhn.redhat.com/errata/RHSA-2015-1630.html RedHat Security Advisories: RHSA-2015:1646 http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.securitytracker.com/id/1032911 SuSE Security Announcement: openSUSE-SU-2015:1629 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://www.ubuntu.com/usn/USN-2674-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2620 BugTraq ID: 75837 http://www.securityfocus.com/bid/75837 Common Vulnerability Exposure (CVE) ID: CVE-2015-2643 BugTraq ID: 75830 http://www.securityfocus.com/bid/75830 Common Vulnerability Exposure (CVE) ID: CVE-2015-2648 BugTraq ID: 75822 http://www.securityfocus.com/bid/75822 Common Vulnerability Exposure (CVE) ID: CVE-2015-3152 BugTraq ID: 74398 http://www.securityfocus.com/bid/74398 Bugtraq: 20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade (Google Search) http://www.securityfocus.com/archive/1/535397/100/1100/threaded http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html http://www.ocert.org/advisories/ocert-2015-003.html https://www.duosecurity.com/blog/backronym-mysql-vulnerability http://www.securitytracker.com/id/1032216 Common Vulnerability Exposure (CVE) ID: CVE-2015-4737 BugTraq ID: 75802 http://www.securityfocus.com/bid/75802 Common Vulnerability Exposure (CVE) ID: CVE-2015-4752 BugTraq ID: 75849 http://www.securityfocus.com/bid/75849 Common Vulnerability Exposure (CVE) ID: CVE-2015-4757 BugTraq ID: 75759 http://www.securityfocus.com/bid/75759
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.