Project

General

Profile

Actions
Copy link

Bug #9980

closed

Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL

Added by Sean McBride over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
12/17/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4-p3
Affected Plus Version:
Affected Architecture:
All

Description

5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a bunch of stuff, including:

Message from mysql56-client-5.6.41:

  • * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.

  • * * * * * * * * * * * * * * * * * * * * * * *

That's rather disconcerting. :(

Hopefully the usage of mysql isn't actually vulnerable, but this CVE was fixed back in 2015, surely by now it should be using a newer MySQL anyway!

Actions
Copy link

Also available in: Atom PDF