Check: MADB-10-009200
MariaDB Enterprise 10.x STIG:
MADB-10-009200
(in versions v2 r2 through v1 r2)
Title
When updates are applied to the MariaDB software, any software components that have been replaced or made unnecessary must be removed. (Cat II impact)
Discussion
Previous versions of MariaDB components that are not removed from the information system after updates have been installed may be exploited by adversaries. MariaDB may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules. A transition period may be necessary when both the old and the new software are required. This should be taken into account in the planning.
Check Content
If updating through a repository using yum, apt, etc., all MariaDB packages should be updated/upgraded at the same time. Use the package manager to verify no outdated packages remain. Example: $ sudo yum list installed | grep -i mariadb If older packages remain, this is a finding.
Fix Text
If after the upgrade outdated packages remain, update them if needed or remove. Example: $ sudo yum remove package_name
Additional Identifiers
Rule ID: SV-253744r961677_rule
Vulnerability ID: V-253744
Group Title: SRG-APP-000454-DB-000389
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002617 |
Remove previous versions of organization-defined software components after updated versions have been installed. |
Controls
Number | Title |
---|---|
SI-2(6) |
Removal of Previous Versions of Software / Firmware |