Rapid7 Vulnerability & Exploit Database

RHSA-2015:1665: mariadb security update

Back to Search

RHSA-2015:1665: mariadb security update

Severity
6
CVSS
(AV:N/AC:M/Au:M/C:N/I:N/A:C)
Published
04/16/2015
Created
07/25/2018
Added
09/07/2015
Modified
03/21/2018

Description

MariaDB is a multi-user, multi-threaded SQL database server that is binarycompatible with MySQL.It was found that the MySQL client library permitted but did not require aclient to use SSL/TLS when establishing a secure connection to a MySQLserver using the "--ssl" option. A man-in-the-middle attacker could usethis flaw to strip the SSL/TLS protection from a connection between aclient and a server. (CVE-2015-3152)This update fixes several vulnerabilities in the MariaDB database server.Information about these flaws can be found on the Oracle Critical PatchUpdate Advisory page, listed in the References section. (CVE-2015-0501,CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)These updated packages upgrade MariaDB to version 5.5.44. Refer to theMariaDB Release Notes listed in the References section for a complete listof changes.All MariaDB users should upgrade to these updated packages, which correctthese issues. After installing this update, the MariaDB server daemon(mysqld) will be restarted automatically.

Solution(s)

  • redhat-upgrade-mariadb
  • redhat-upgrade-mariadb-bench
  • redhat-upgrade-mariadb-debuginfo
  • redhat-upgrade-mariadb-devel
  • redhat-upgrade-mariadb-embedded
  • redhat-upgrade-mariadb-embedded-devel
  • redhat-upgrade-mariadb-libs
  • redhat-upgrade-mariadb-server
  • redhat-upgrade-mariadb-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;