Bug #9980
closed
Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL
Added by Sean McBride over 4 years ago.
Updated over 3 years ago.
Affected Version:
2.4.4-p3
Affected Architecture:
All
Description
5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a bunch of stuff, including:
Message from mysql56-client-5.6.41:
- * * * * * * * * * * * * * * * * * * * * * * *
Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:
http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html
Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.
- * * * * * * * * * * * * * * * * * * * * * * *
That's rather disconcerting. :(
Hopefully the usage of mysql isn't actually vulnerable, but this CVE was fixed back in 2015, surely by now it should be using a newer MySQL anyway!
The MySQL dependency is actually being pulled in by Barnyard2 and not Suricata itself. So long as you do not configure Barnyard2, MySQL will not be loaded by Suricata. Barnyard2 is quite old and does not seem to be actively maintained any longer. I am pretty sure a newer version of the MySQL client will break the Barnyard2 binary's MySQL database code.
Suricata upstream is planning to deprecate creation of Unified2 binary log files, and when they do I will likely pull Barnyard2 support out of the Suricata package. The logging method of choice for Suricata upstream is EVE JSON.
Thanks for the fast response!
I don't use Barnyard2, so that's good news for me.
But for others... is this therefore a bug of the FreeBSD barnyard2 package? Or...
- Target version deleted (
2.4.5)
- Status changed from New to Closed
no such message on pfSense 2.4.5-p1/2.5 with suricata-5.0.3/suricata-4.1.8
Also available in: Atom
PDF