RHEL 8 : mysql:8.0 (RHSA-2019:2511)

Medium Nessus Plugin ID 127991

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version:
mysql (8.0.17).

Security Fix(es) :

* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)

* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)

* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)

* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)

* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)

* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)

* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)

* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)

* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)

* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)

* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)

* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)

* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)

* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)

* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)

* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)

* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)

* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)

* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)

* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)

* mysql: Client programs unspecified vulnerability (CVE-2019-2797)

* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)

* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)

* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2019:2511

https://access.redhat.com/security/cve/cve-2019-2420

https://access.redhat.com/security/cve/cve-2019-2434

https://access.redhat.com/security/cve/cve-2019-2436

https://access.redhat.com/security/cve/cve-2019-2455

https://access.redhat.com/security/cve/cve-2019-2481

https://access.redhat.com/security/cve/cve-2019-2482

https://access.redhat.com/security/cve/cve-2019-2486

https://access.redhat.com/security/cve/cve-2019-2494

https://access.redhat.com/security/cve/cve-2019-2495

https://access.redhat.com/security/cve/cve-2019-2502

https://access.redhat.com/security/cve/cve-2019-2503

https://access.redhat.com/security/cve/cve-2019-2507

https://access.redhat.com/security/cve/cve-2019-2510

https://access.redhat.com/security/cve/cve-2019-2528

https://access.redhat.com/security/cve/cve-2019-2529

https://access.redhat.com/security/cve/cve-2019-2530

https://access.redhat.com/security/cve/cve-2019-2531

https://access.redhat.com/security/cve/cve-2019-2532

https://access.redhat.com/security/cve/cve-2019-2533

https://access.redhat.com/security/cve/cve-2019-2534

https://access.redhat.com/security/cve/cve-2019-2535

https://access.redhat.com/security/cve/cve-2019-2536

https://access.redhat.com/security/cve/cve-2019-2537

https://access.redhat.com/security/cve/cve-2019-2539

https://access.redhat.com/security/cve/cve-2019-2580

https://access.redhat.com/security/cve/cve-2019-2581

https://access.redhat.com/security/cve/cve-2019-2584

https://access.redhat.com/security/cve/cve-2019-2585

https://access.redhat.com/security/cve/cve-2019-2587

https://access.redhat.com/security/cve/cve-2019-2589

https://access.redhat.com/security/cve/cve-2019-2592

https://access.redhat.com/security/cve/cve-2019-2593

https://access.redhat.com/security/cve/cve-2019-2596

https://access.redhat.com/security/cve/cve-2019-2606

https://access.redhat.com/security/cve/cve-2019-2607

https://access.redhat.com/security/cve/cve-2019-2614

https://access.redhat.com/security/cve/cve-2019-2617

https://access.redhat.com/security/cve/cve-2019-2620

https://access.redhat.com/security/cve/cve-2019-2623

https://access.redhat.com/security/cve/cve-2019-2624

https://access.redhat.com/security/cve/cve-2019-2625

https://access.redhat.com/security/cve/cve-2019-2626

https://access.redhat.com/security/cve/cve-2019-2627

https://access.redhat.com/security/cve/cve-2019-2628

https://access.redhat.com/security/cve/cve-2019-2630

https://access.redhat.com/security/cve/cve-2019-2631

https://access.redhat.com/security/cve/cve-2019-2634

https://access.redhat.com/security/cve/cve-2019-2635

https://access.redhat.com/security/cve/cve-2019-2636

https://access.redhat.com/security/cve/cve-2019-2644

https://access.redhat.com/security/cve/cve-2019-2681

https://access.redhat.com/security/cve/cve-2019-2683

https://access.redhat.com/security/cve/cve-2019-2685

https://access.redhat.com/security/cve/cve-2019-2686

https://access.redhat.com/security/cve/cve-2019-2687

https://access.redhat.com/security/cve/cve-2019-2688

https://access.redhat.com/security/cve/cve-2019-2689

https://access.redhat.com/security/cve/cve-2019-2691

https://access.redhat.com/security/cve/cve-2019-2693

https://access.redhat.com/security/cve/cve-2019-2694

https://access.redhat.com/security/cve/cve-2019-2695

https://access.redhat.com/security/cve/cve-2019-2737

https://access.redhat.com/security/cve/cve-2019-2738

https://access.redhat.com/security/cve/cve-2019-2739

https://access.redhat.com/security/cve/cve-2019-2740

https://access.redhat.com/security/cve/cve-2019-2752

https://access.redhat.com/security/cve/cve-2019-2755

https://access.redhat.com/security/cve/cve-2019-2757

https://access.redhat.com/security/cve/cve-2019-2758

https://access.redhat.com/security/cve/cve-2019-2774

https://access.redhat.com/security/cve/cve-2019-2778

https://access.redhat.com/security/cve/cve-2019-2780

https://access.redhat.com/security/cve/cve-2019-2784

https://access.redhat.com/security/cve/cve-2019-2785

https://access.redhat.com/security/cve/cve-2019-2789

https://access.redhat.com/security/cve/cve-2019-2795

https://access.redhat.com/security/cve/cve-2019-2796

https://access.redhat.com/security/cve/cve-2019-2797

https://access.redhat.com/security/cve/cve-2019-2798

https://access.redhat.com/security/cve/cve-2019-2800

https://access.redhat.com/security/cve/cve-2019-2801

https://access.redhat.com/security/cve/cve-2019-2802

https://access.redhat.com/security/cve/cve-2019-2803

https://access.redhat.com/security/cve/cve-2019-2805

https://access.redhat.com/security/cve/cve-2019-2808

https://access.redhat.com/security/cve/cve-2019-2810

https://access.redhat.com/security/cve/cve-2019-2811

https://access.redhat.com/security/cve/cve-2019-2812

https://access.redhat.com/security/cve/cve-2019-2814

https://access.redhat.com/security/cve/cve-2019-2815

https://access.redhat.com/security/cve/cve-2019-2819

https://access.redhat.com/security/cve/cve-2019-2826

https://access.redhat.com/security/cve/cve-2019-2830

https://access.redhat.com/security/cve/cve-2019-2834

https://access.redhat.com/security/cve/cve-2019-2879

https://access.redhat.com/security/cve/cve-2019-2948

https://access.redhat.com/security/cve/cve-2019-2950

https://access.redhat.com/security/cve/cve-2019-2969

https://access.redhat.com/security/cve/cve-2019-3003

Plugin Details

Severity: Medium

ID: 127991

File Name: redhat-RHSA-2019-2511.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2019/08/20

Updated: 2020/05/22

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-2819

CVSS v2.0

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mecab, p-cpe:/a:redhat:enterprise_linux:mecab-debugsource, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-common, p-cpe:/a:redhat:enterprise_linux:mysql-debugsource, p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:mysql-libs, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-test, cpe:/a:redhat:enterprise_linux:8::appstream, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/08/15

Vulnerability Publication Date: 2019/01/16

Reference Information

CVE: CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879, CVE-2019-2948, CVE-2019-2950, CVE-2019-2969, CVE-2019-3003

RHSA: 2019:2511