Bug #9980
closedFresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL
0%
Description
5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a bunch of stuff, including:
Message from mysql56-client-5.6.41:
- * * * * * * * * * * * * * * * * * * * * * * *
Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:
http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html
Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.
- * * * * * * * * * * * * * * * * * * * * * * *
That's rather disconcerting. :(
Hopefully the usage of mysql isn't actually vulnerable, but this CVE was fixed back in 2015, surely by now it should be using a newer MySQL anyway!
Updated by Bill Meeks over 4 years ago
The MySQL dependency is actually being pulled in by Barnyard2 and not Suricata itself. So long as you do not configure Barnyard2, MySQL will not be loaded by Suricata. Barnyard2 is quite old and does not seem to be actively maintained any longer. I am pretty sure a newer version of the MySQL client will break the Barnyard2 binary's MySQL database code.
Suricata upstream is planning to deprecate creation of Unified2 binary log files, and when they do I will likely pull Barnyard2 support out of the Suricata package. The logging method of choice for Suricata upstream is EVE JSON.
Updated by Sean McBride over 4 years ago
Thanks for the fast response!
I don't use Barnyard2, so that's good news for me.
But for others... is this therefore a bug of the FreeBSD barnyard2 package? Or...
Updated by Viktor Gurov over 3 years ago
- Status changed from New to Closed
no such message on pfSense 2.4.5-p1/2.5 with suricata-5.0.3/suricata-4.1.8