maria-discuss team mailing list archive
-
maria-discuss team
-
Mailing list archive
-
Message #02630
security scans: 5.5.5-10.0.19 should be 5.5.43-10.0.19
-
To:
Mailing-List mariadb <maria-discuss@xxxxxxxxxxxxxxxxxxx>
-
From:
Reindl Harald <h.reindl@xxxxxxxxxxxxx>
-
Date:
Mon, 01 Jun 2015 11:27:24 +0200
-
Openpgp:
id=13540402D67A7F71C6E974EA866063CF7F780279; url=https://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
-
Organization:
the lounge interactive design
-
User-agent:
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
[harry@rh:~]$ telnet localhost 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
]
5.5.5-10.0.19-MariaDB
the 5.5.5 srting leads in false positives for security scans and while i
reported that to OpenVAS the correct soultion would be updating the
5.5.5 string to the latest 5.5x release instead "Fix" each scanner out there
Medium (CVSS: 4.0)
NVT: MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation
Security Bypass Vuln... (OID: 1.3.6.1.4.1.25623.1.0.804037)
Solution
Upgrade to MariaDB version 5.2.14, 5.3.12, 5.5.29 or later, For
updates refer to https://mariadb.org
Medium (CVSS: 5.0)
NVT: MariaDB Denial Of Service Vulnerability (Windows) (OID:
1.3.6.1.4.1.25623.1.0.804035)
Solution
Upgrade to MariaDB 5.1.68, 5.2.15, 5.3.13, 5.5.30 or later, For
updates refer to https://mariadb.org
Product detection result: cpe:/a:mariadb:mariadb:5.5.5- by MySQL/MariaDB
Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups
