Project

General

Profile

Bug #9980

Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL

Added by Sean McBride 4 months ago. Updated 3 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
12/17/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4-p3
Affected Architecture:
All

Description

5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a bunch of stuff, including:

Message from mysql56-client-5.6.41:

  • * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.

  • * * * * * * * * * * * * * * * * * * * * * * *

That's rather disconcerting. :(

Hopefully the usage of mysql isn't actually vulnerable, but this CVE was fixed back in 2015, surely by now it should be using a newer MySQL anyway!

History

#1 Updated by Bill Meeks 4 months ago

The MySQL dependency is actually being pulled in by Barnyard2 and not Suricata itself. So long as you do not configure Barnyard2, MySQL will not be loaded by Suricata. Barnyard2 is quite old and does not seem to be actively maintained any longer. I am pretty sure a newer version of the MySQL client will break the Barnyard2 binary's MySQL database code.

Suricata upstream is planning to deprecate creation of Unified2 binary log files, and when they do I will likely pull Barnyard2 support out of the Suricata package. The logging method of choice for Suricata upstream is EVE JSON.

#2 Updated by Sean McBride 4 months ago

Thanks for the fast response!

I don't use Barnyard2, so that's good news for me.

But for others... is this therefore a bug of the FreeBSD barnyard2 package? Or...

#3 Updated by Jim Pingle 3 months ago

  • Target version deleted (2.4.5)

Also available in: Atom PDF