RHEL 8 : mysql:8.0 (RHSA-2019:2511)

high Nessus Plugin ID 127991

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for mysql:8.0.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2511 advisory.

- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530)

- mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2434, CVE-2019-2455)

- mysql: Server: Replication unspecified vulnerability (CPU Jan 2019) (CVE-2019-2436, CVE-2019-2531, CVE-2019-2534)

- mysql: Server: PS unspecified vulnerability (CPU Jan 2019) (CVE-2019-2482)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019) (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533)

- mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537)

- mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2502, CVE-2019-2510)

- mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)

- mysql: Server: Partition unspecified vulnerability (CPU Jan 2019) (CVE-2019-2528)

- mysql: Server: Options unspecified vulnerability (CPU Jan 2019) (CVE-2019-2535)

- mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019) (CVE-2019-2536)

- mysql: Server: Connection unspecified vulnerability (CPU Jan 2019) (CVE-2019-2539)

- mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628)

- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019) (CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627)

- mysql: Server: Partition unspecified vulnerability (CPU Apr 2019) (CVE-2019-2587)

- mysql: Server: PS unspecified vulnerability (CPU Apr 2019) (CVE-2019-2592)

- mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635)

- mysql: Server: Options unspecified vulnerability (CPU Apr 2019) (CVE-2019-2623, CVE-2019-2683)

- mysql: Server: DDL unspecified vulnerability (CPU Apr 2019) (CVE-2019-2626, CVE-2019-2644)

- mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2019) (CVE-2019-2631)

- mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2019) (CVE-2019-2636)

- mysql: Server: Security: Roles unspecified vulnerability (CPU Apr 2019) (CVE-2019-2691)

- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

- mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019) (CVE-2019-2738)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739, CVE-2019-2778, CVE-2019-2789, CVE-2019-2811)

- mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

- mysql: Server: Options unspecified vulnerability (CPU Jul 2019) (CVE-2019-2752)

- mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2755, CVE-2019-2800)

- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019) (CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)

- mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2814, CVE-2019-2879)

- mysql: Server: Components / Services unspecified vulnerability (CPU Jul 2019) (CVE-2019-2780)

- mysql: Server: DML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2784)

- mysql: Server: Charsets unspecified vulnerability (CPU Jul 2019) (CVE-2019-2795)

- mysql: Client programs unspecified vulnerability (CPU Jul 2019) (CVE-2019-2797)

- mysql: Server: FTS unspecified vulnerability (CPU Jul 2019) (CVE-2019-2801)

- mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

- mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019) (CVE-2019-2819)

- mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2019) (CVE-2019-2826)

- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2948, CVE-2019-2950)

- mysql: Client programs unspecified vulnerability (CPU Oct 2019) (CVE-2019-2969)

- mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-3003)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21589)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL mysql:8.0 package based on the guidance in RHSA-2019:2511.

Plugin Details

Severity: High

ID: 127991

File Name: redhat-RHSA-2019-2511.nasl

Version: 1.11

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 8/20/2019

Updated: 4/28/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2019-2819

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-2800

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mecab, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-common, p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:mysql-libs, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-test, cpe:/o:redhat:enterprise_linux:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/15/2019

Vulnerability Publication Date: 1/16/2019

Reference Information

CVE: CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879, CVE-2019-2948, CVE-2019-2950, CVE-2019-2969, CVE-2019-3003, CVE-2022-21589

RHSA: 2019:2511

Detections

Analytics