var-201504-0166
Vulnerability from variot
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'Server : Compiling' sub component is affected. This vulnerability affects the following supported versions: 5.5.42 and earlier, 5.6.23 and earlier. The database system has the characteristics of high performance, low cost and good reliability. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details:
https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/
For the stable distribution (jessie), these problems have been fixed in version 10.0.20-0+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 10.0.20-1 or earlier versions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-19
https://security.gentoo.org/
Severity: Normal Title: MySQL: Multiple vulnerabilities Date: July 10, 2015 Bugs: #546722 ID: 201507-19
Synopsis
Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 5.6.24 *>= 5.5.43 >= 5.6.24
Description
Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All MySQL 5.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.43"
All MySQL 5.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.24"
References
[ 1 ] CVE-2015-0405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0405 [ 2 ] CVE-2015-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0423 [ 3 ] CVE-2015-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0433 [ 4 ] CVE-2015-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0438 [ 5 ] CVE-2015-0439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0439 [ 6 ] CVE-2015-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0441 [ 7 ] CVE-2015-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0498 [ 8 ] CVE-2015-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0499 [ 9 ] CVE-2015-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0500 [ 10 ] CVE-2015-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0501 [ 11 ] CVE-2015-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0503 [ 12 ] CVE-2015-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0505 [ 13 ] CVE-2015-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0506 [ 14 ] CVE-2015-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0507 [ 15 ] CVE-2015-0508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0508 [ 16 ] CVE-2015-0511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0511 [ 17 ] CVE-2015-2566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2566 [ 18 ] CVE-2015-2567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2567 [ 19 ] CVE-2015-2568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2568 [ 20 ] CVE-2015-2571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2571 [ 21 ] CVE-2015-2573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2573
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2575-1 April 21, 2015
mysql-5.5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: mysql-server-5.5 5.5.43-0ubuntu0.14.10.1
Ubuntu 14.04 LTS: mysql-server-5.5 5.5.43-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: mysql-server-5.5 5.5.43-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
- 5 client):
Source: mysql55-mysql-5.5.45-1.el5.src.rpm
i386: mysql55-mysql-5.5.45-1.el5.i386.rpm mysql55-mysql-bench-5.5.45-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm mysql55-mysql-libs-5.5.45-1.el5.i386.rpm mysql55-mysql-server-5.5.45-1.el5.i386.rpm mysql55-mysql-test-5.5.45-1.el5.i386.rpm
x86_64: mysql55-mysql-5.5.45-1.el5.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el5.x86_64.rpm mysql55-mysql-server-5.5.45-1.el5.x86_64.rpm mysql55-mysql-test-5.5.45-1.el5.x86_64.rpm
RHEL Desktop Workstation (v. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVSKcbmqjQ0CJFipgRAjfdAJ4xRHxcEqpcBCUF+uVUXGIDpKpluACg1g2v iipB5199xtKopQzhD/EIn1Y= =fJFa -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.43-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.18-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.18-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.1 package: 17905b4257617eb8b1dc8dd128959b02 mariadb-5.5.43-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89560390c29526d793ccbbf18807c09f mariadb-5.5.43-x86_64-1_slack14.1.txz
Slackware -current package: 6ff4004dedd522fcd7de14a7b4d8f3be ap/mariadb-10.0.18-i586-1.txz
Slackware x86_64 -current package: 91b13958f3ab6bc8fe2b89d2b06d98dd ap/mariadb-10.0.18-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg mariadb-5.5.43-i486-1_slack14.1.txz
Then, restart the database server:
sh /etc/rc.d/rc.mysqld restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: mariadb55-mariadb security update Advisory ID: RHSA-2015:1647-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1647.html Issue date: 2015-08-20 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 =====================================================================
- Summary:
Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)
This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)
These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.
All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: mariadb55-mariadb-5.5.44-1.el7.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: mariadb55-mariadb-5.5.44-1.el7.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: mariadb55-mariadb-5.5.44-1.el7.src.rpm
x86_64: mariadb55-mariadb-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV1ZuWXlSAg2UNWIIRAp7oAJ9wnlqK62pAVkcjAYyIc52rAMg20gCcD8Jj Uaj+QJE4oDvI6BEK64IyZGM= =VrDe -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "5.5.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "5.5.43"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.18"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "junos space",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
}
],
"sources": [
{
"db": "BID",
"id": "74070"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.42",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.23",
"versionStartIncluding": "5.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.18",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.43",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "74070"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:M/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-78447",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:M/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0501",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-343",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78447",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78447"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. \nThe vulnerability can be exploited over the \u0027MySQL Protocol\u0027 protocol. The \u0027Server : Compiling\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n5.5.42 and earlier, 5.6.23 and earlier. The database system has the characteristics of high performance, low cost and good reliability. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201507-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: MySQL: Multiple vulnerabilities\n Date: July 10, 2015\n Bugs: #546722\n ID: 201507-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in MySQL, allowing attackers\nto execute arbitrary code or cause Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/mysql \u003c 5.6.24 *\u003e= 5.5.43 \n \u003e= 5.6.24 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in MySQL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\napplication or a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll MySQL 5.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/mysql-5.5.43\"\n\nAll MySQL 5.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/mysql-5.6.24\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-0405\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0405\n[ 2 ] CVE-2015-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0423\n[ 3 ] CVE-2015-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0433\n[ 4 ] CVE-2015-0438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0438\n[ 5 ] CVE-2015-0439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0439\n[ 6 ] CVE-2015-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0441\n[ 7 ] CVE-2015-0498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0498\n[ 8 ] CVE-2015-0499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0499\n[ 9 ] CVE-2015-0500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0500\n[ 10 ] CVE-2015-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0501\n[ 11 ] CVE-2015-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0503\n[ 12 ] CVE-2015-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0505\n[ 13 ] CVE-2015-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0506\n[ 14 ] CVE-2015-0507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0507\n[ 15 ] CVE-2015-0508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0508\n[ 16 ] CVE-2015-0511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0511\n[ 17 ] CVE-2015-2566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2566\n[ 18 ] CVE-2015-2567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2567\n[ 19 ] CVE-2015-2568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2568\n[ 20 ] CVE-2015-2571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2571\n[ 21 ] CVE-2015-2573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2573\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2575-1\nApril 21, 2015\n\nmysql-5.5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in MySQL. \n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n mysql-server-5.5 5.5.43-0ubuntu0.14.10.1\n\nUbuntu 14.04 LTS:\n mysql-server-5.5 5.5.43-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n mysql-server-5.5 5.5.43-0ubuntu0.12.04.1\n\nIn general, a standard system update will make all the necessary changes. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\n\n3. 5 client):\n\nSource:\nmysql55-mysql-5.5.45-1.el5.src.rpm\n\ni386:\nmysql55-mysql-5.5.45-1.el5.i386.rpm\nmysql55-mysql-bench-5.5.45-1.el5.i386.rpm\nmysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm\nmysql55-mysql-libs-5.5.45-1.el5.i386.rpm\nmysql55-mysql-server-5.5.45-1.el5.i386.rpm\nmysql55-mysql-test-5.5.45-1.el5.i386.rpm\n\nx86_64:\nmysql55-mysql-5.5.45-1.el5.x86_64.rpm\nmysql55-mysql-bench-5.5.45-1.el5.x86_64.rpm\nmysql55-mysql-debuginfo-5.5.45-1.el5.x86_64.rpm\nmysql55-mysql-libs-5.5.45-1.el5.x86_64.rpm\nmysql55-mysql-server-5.5.45-1.el5.x86_64.rpm\nmysql55-mysql-test-5.5.45-1.el5.x86_64.rpm\n\nRHEL Desktop Workstation (v. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVSKcbmqjQ0CJFipgRAjfdAJ4xRHxcEqpcBCUF+uVUXGIDpKpluACg1g2v\niipB5199xtKopQzhD/EIn1Y=\n=fJFa\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/mariadb-5.5.43-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.18-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.18-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.1 package:\n17905b4257617eb8b1dc8dd128959b02 mariadb-5.5.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89560390c29526d793ccbbf18807c09f mariadb-5.5.43-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n6ff4004dedd522fcd7de14a7b4d8f3be ap/mariadb-10.0.18-i586-1.txz\n\nSlackware x86_64 -current package:\n91b13958f3ab6bc8fe2b89d2b06d98dd ap/mariadb-10.0.18-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg mariadb-5.5.43-i486-1_slack14.1.txz\n\nThen, restart the database server:\n# sh /etc/rc.d/rc.mysqld restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: mariadb55-mariadb security update\nAdvisory ID: RHSA-2015:1647-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1647.html\nIssue date: 2015-08-20\nCVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 \n CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 \n CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 \n CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 \n CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 \n CVE-2015-4757 \n=====================================================================\n\n1. Summary:\n\nUpdated mariadb55-mariadb packages that fix several security issues are now\navailable for Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. \n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server. \nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes. \n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015)\n1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)\n1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015)\n1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)\n1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)\n1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)\n1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)\n1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)\n1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)\n1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)\n1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015)\n1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)\n1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015)\n1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015)\n1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)\n1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el6.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el6.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el6.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el6.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el7.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el7.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nmariadb55-mariadb-5.5.44-1.el7.src.rpm\n\nx86_64:\nmariadb55-mariadb-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm\nmariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0433\nhttps://access.redhat.com/security/cve/CVE-2015-0441\nhttps://access.redhat.com/security/cve/CVE-2015-0499\nhttps://access.redhat.com/security/cve/CVE-2015-0501\nhttps://access.redhat.com/security/cve/CVE-2015-0505\nhttps://access.redhat.com/security/cve/CVE-2015-2568\nhttps://access.redhat.com/security/cve/CVE-2015-2571\nhttps://access.redhat.com/security/cve/CVE-2015-2573\nhttps://access.redhat.com/security/cve/CVE-2015-2582\nhttps://access.redhat.com/security/cve/CVE-2015-2620\nhttps://access.redhat.com/security/cve/CVE-2015-2643\nhttps://access.redhat.com/security/cve/CVE-2015-2648\nhttps://access.redhat.com/security/cve/CVE-2015-3152\nhttps://access.redhat.com/security/cve/CVE-2015-4737\nhttps://access.redhat.com/security/cve/CVE-2015-4752\nhttps://access.redhat.com/security/cve/CVE-2015-4757\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttps://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV1ZuWXlSAg2UNWIIRAp7oAJ9wnlqK62pAVkcjAYyIc52rAMg20gCcD8Jj\nUaj+QJE4oDvI6BEK64IyZGM=\n=VrDe\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0501"
},
{
"db": "BID",
"id": "74070"
},
{
"db": "VULHUB",
"id": "VHN-78447"
},
{
"db": "PACKETSTORM",
"id": "132747"
},
{
"db": "PACKETSTORM",
"id": "132633"
},
{
"db": "PACKETSTORM",
"id": "131533"
},
{
"db": "PACKETSTORM",
"id": "133090"
},
{
"db": "PACKETSTORM",
"id": "131760"
},
{
"db": "PACKETSTORM",
"id": "131866"
},
{
"db": "PACKETSTORM",
"id": "131862"
},
{
"db": "PACKETSTORM",
"id": "133233"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0501",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1032121",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10698",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201504-343",
"trust": 0.7
},
{
"db": "BID",
"id": "74070",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78447",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133233",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78447"
},
{
"db": "BID",
"id": "74070"
},
{
"db": "PACKETSTORM",
"id": "132747"
},
{
"db": "PACKETSTORM",
"id": "132633"
},
{
"db": "PACKETSTORM",
"id": "131533"
},
{
"db": "PACKETSTORM",
"id": "133090"
},
{
"db": "PACKETSTORM",
"id": "131760"
},
{
"db": "PACKETSTORM",
"id": "131866"
},
{
"db": "PACKETSTORM",
"id": "131862"
},
{
"db": "PACKETSTORM",
"id": "133233"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"id": "VAR-201504-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78447"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:24:33.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle MySQL Server Server:Compiling Subcomponent denial of service vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89452"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.8,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1628.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1647.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2575-1"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2015/dsa-3229"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2015/dsa-3311"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:227"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1629.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1665.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032121"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2571"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0501"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0505"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0499"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2573"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0441"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2568"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0433"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#appendixmsql"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0499"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0501"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0505"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2571"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2568"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4752"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4757"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2648"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2643"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0501"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2573"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0433"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4737"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2643"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4757"
},
{
"trust": 0.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#appendixmsql"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4737"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2582"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0441"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0499"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2582"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2648"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0505"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2571"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4752"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2568"
},
{
"trust": 0.2,
"url": "http://slackware.com"
},
{
"trust": 0.2,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2573"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0433"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0441"
},
{
"trust": 0.2,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698"
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/"
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/"
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0511"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0405"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2568"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0405"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0439"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0508"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0500"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.43-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.43-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.43-0ubuntu0.14.10.1"
},
{
"trust": 0.1,
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html"
},
{
"trust": 0.1,
"url": "https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#appendixmsql"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0411"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0381"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0432"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0381"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3152"
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78447"
},
{
"db": "PACKETSTORM",
"id": "132747"
},
{
"db": "PACKETSTORM",
"id": "132633"
},
{
"db": "PACKETSTORM",
"id": "131533"
},
{
"db": "PACKETSTORM",
"id": "133090"
},
{
"db": "PACKETSTORM",
"id": "131760"
},
{
"db": "PACKETSTORM",
"id": "131866"
},
{
"db": "PACKETSTORM",
"id": "131862"
},
{
"db": "PACKETSTORM",
"id": "133233"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78447"
},
{
"db": "BID",
"id": "74070"
},
{
"db": "PACKETSTORM",
"id": "132747"
},
{
"db": "PACKETSTORM",
"id": "132633"
},
{
"db": "PACKETSTORM",
"id": "131533"
},
{
"db": "PACKETSTORM",
"id": "133090"
},
{
"db": "PACKETSTORM",
"id": "131760"
},
{
"db": "PACKETSTORM",
"id": "131866"
},
{
"db": "PACKETSTORM",
"id": "131862"
},
{
"db": "PACKETSTORM",
"id": "133233"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-78447"
},
{
"date": "2015-04-14T00:00:00",
"db": "BID",
"id": "74070"
},
{
"date": "2015-07-20T15:47:18",
"db": "PACKETSTORM",
"id": "132747"
},
{
"date": "2015-07-10T15:42:44",
"db": "PACKETSTORM",
"id": "132633"
},
{
"date": "2015-04-21T16:01:15",
"db": "PACKETSTORM",
"id": "131533"
},
{
"date": "2015-08-17T15:38:25",
"db": "PACKETSTORM",
"id": "133090"
},
{
"date": "2015-05-05T19:26:36",
"db": "PACKETSTORM",
"id": "131760"
},
{
"date": "2015-05-13T01:22:21",
"db": "PACKETSTORM",
"id": "131866"
},
{
"date": "2015-05-12T16:04:45",
"db": "PACKETSTORM",
"id": "131862"
},
{
"date": "2015-08-21T16:58:26",
"db": "PACKETSTORM",
"id": "133233"
},
{
"date": "2015-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"date": "2015-04-16T16:59:50.653000",
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-78447"
},
{
"date": "2015-11-03T18:41:00",
"db": "BID",
"id": "74070"
},
{
"date": "2022-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-343"
},
{
"date": "2022-07-19T17:01:31.627000",
"db": "NVD",
"id": "CVE-2015-0501"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle MySQL Server Server:Compiling Subcomponent Denial of Service Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-343"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "74070"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.