Fedora 27 : community-mysql (2017-9e28c78e07)

high Nessus Plugin ID 105938

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

A quarter year regular dose of fixed CVE's.
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html

.

rhbz#1497694 :

Fix owner and perms on log file in post script

CVE fixes: rhbz#1503701

CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384

Others :

Move all test binaries to -test package Dont ship unneeded man pages on systemd platforms Remove mysql_config_editor from -devel package, shipped in client

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected community-mysql package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e28c78e07

Plugin Details

Severity: High

ID: 105938

File Name: fedora_2017-9e28c78e07.nasl

Version: 1.5

Type: local

Agent: unix

Published: 1/15/2018

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:community-mysql, cpe:/o:fedoraproject:fedora:27

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 11/11/2017

Vulnerability Publication Date: 10/19/2017

Reference Information

CVE: CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384