RHEL 8 : mysql:8.0 (RHSA-2019:2511)

Medium Nessus Plugin ID 127991

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.2

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version:
mysql (8.0.17).

Security Fix(es) :

* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)

* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)

* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)

* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)

* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)

* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)

* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)

* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)

* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)

* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)

* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)

* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)

* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)

* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)

* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)

* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)

* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)

* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)

* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)

* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)

* mysql: Client programs unspecified vulnerability (CVE-2019-2797)

* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)

* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)

* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2019:2511

https://access.redhat.com/security/cve/cve-2019-2420

https://access.redhat.com/security/cve/cve-2019-2434

https://access.redhat.com/security/cve/cve-2019-2436

https://access.redhat.com/security/cve/cve-2019-2455

https://access.redhat.com/security/cve/cve-2019-2481

https://access.redhat.com/security/cve/cve-2019-2482

https://access.redhat.com/security/cve/cve-2019-2486

https://access.redhat.com/security/cve/cve-2019-2494

https://access.redhat.com/security/cve/cve-2019-2495

https://access.redhat.com/security/cve/cve-2019-2502

https://access.redhat.com/security/cve/cve-2019-2503

https://access.redhat.com/security/cve/cve-2019-2507

https://access.redhat.com/security/cve/cve-2019-2510

https://access.redhat.com/security/cve/cve-2019-2528

https://access.redhat.com/security/cve/cve-2019-2529

https://access.redhat.com/security/cve/cve-2019-2530

https://access.redhat.com/security/cve/cve-2019-2531

https://access.redhat.com/security/cve/cve-2019-2532

https://access.redhat.com/security/cve/cve-2019-2533

https://access.redhat.com/security/cve/cve-2019-2534

https://access.redhat.com/security/cve/cve-2019-2535

https://access.redhat.com/security/cve/cve-2019-2536

https://access.redhat.com/security/cve/cve-2019-2537

https://access.redhat.com/security/cve/cve-2019-2539

https://access.redhat.com/security/cve/cve-2019-2580

https://access.redhat.com/security/cve/cve-2019-2581

https://access.redhat.com/security/cve/cve-2019-2584

https://access.redhat.com/security/cve/cve-2019-2585

https://access.redhat.com/security/cve/cve-2019-2587

https://access.redhat.com/security/cve/cve-2019-2589

https://access.redhat.com/security/cve/cve-2019-2592

https://access.redhat.com/security/cve/cve-2019-2593

https://access.redhat.com/security/cve/cve-2019-2596

https://access.redhat.com/security/cve/cve-2019-2606

https://access.redhat.com/security/cve/cve-2019-2607

https://access.redhat.com/security/cve/cve-2019-2614

https://access.redhat.com/security/cve/cve-2019-2617

https://access.redhat.com/security/cve/cve-2019-2620

https://access.redhat.com/security/cve/cve-2019-2623

https://access.redhat.com/security/cve/cve-2019-2624

https://access.redhat.com/security/cve/cve-2019-2625

https://access.redhat.com/security/cve/cve-2019-2626

https://access.redhat.com/security/cve/cve-2019-2627

https://access.redhat.com/security/cve/cve-2019-2628

https://access.redhat.com/security/cve/cve-2019-2630

https://access.redhat.com/security/cve/cve-2019-2631

https://access.redhat.com/security/cve/cve-2019-2634

https://access.redhat.com/security/cve/cve-2019-2635

https://access.redhat.com/security/cve/cve-2019-2636

https://access.redhat.com/security/cve/cve-2019-2644

https://access.redhat.com/security/cve/cve-2019-2681

https://access.redhat.com/security/cve/cve-2019-2683

https://access.redhat.com/security/cve/cve-2019-2685

https://access.redhat.com/security/cve/cve-2019-2686

https://access.redhat.com/security/cve/cve-2019-2687

https://access.redhat.com/security/cve/cve-2019-2688

https://access.redhat.com/security/cve/cve-2019-2689

https://access.redhat.com/security/cve/cve-2019-2691

https://access.redhat.com/security/cve/cve-2019-2693

https://access.redhat.com/security/cve/cve-2019-2694

https://access.redhat.com/security/cve/cve-2019-2695

https://access.redhat.com/security/cve/cve-2019-2737

https://access.redhat.com/security/cve/cve-2019-2738

https://access.redhat.com/security/cve/cve-2019-2739

https://access.redhat.com/security/cve/cve-2019-2740

https://access.redhat.com/security/cve/cve-2019-2752

https://access.redhat.com/security/cve/cve-2019-2755

https://access.redhat.com/security/cve/cve-2019-2757

https://access.redhat.com/security/cve/cve-2019-2758

https://access.redhat.com/security/cve/cve-2019-2774

https://access.redhat.com/security/cve/cve-2019-2778

https://access.redhat.com/security/cve/cve-2019-2780

https://access.redhat.com/security/cve/cve-2019-2784

https://access.redhat.com/security/cve/cve-2019-2785

https://access.redhat.com/security/cve/cve-2019-2789

https://access.redhat.com/security/cve/cve-2019-2795

https://access.redhat.com/security/cve/cve-2019-2796

https://access.redhat.com/security/cve/cve-2019-2797

https://access.redhat.com/security/cve/cve-2019-2798

https://access.redhat.com/security/cve/cve-2019-2800

https://access.redhat.com/security/cve/cve-2019-2801

https://access.redhat.com/security/cve/cve-2019-2802

https://access.redhat.com/security/cve/cve-2019-2803

https://access.redhat.com/security/cve/cve-2019-2805

https://access.redhat.com/security/cve/cve-2019-2808

https://access.redhat.com/security/cve/cve-2019-2810

https://access.redhat.com/security/cve/cve-2019-2811

https://access.redhat.com/security/cve/cve-2019-2812

https://access.redhat.com/security/cve/cve-2019-2814

https://access.redhat.com/security/cve/cve-2019-2815

https://access.redhat.com/security/cve/cve-2019-2819

https://access.redhat.com/security/cve/cve-2019-2826

https://access.redhat.com/security/cve/cve-2019-2830

https://access.redhat.com/security/cve/cve-2019-2834

https://access.redhat.com/security/cve/cve-2019-2879

https://access.redhat.com/security/cve/cve-2019-2948

https://access.redhat.com/security/cve/cve-2019-2950

https://access.redhat.com/security/cve/cve-2019-2969

https://access.redhat.com/security/cve/cve-2019-3003

Plugin Details

Severity: Medium

ID: 127991

File Name: redhat-RHSA-2019-2511.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2019/08/20

Updated: 2020/05/22

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.2

CVSS Score Source: CVE-2019-2819

CVSS v2.0

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mecab, p-cpe:/a:redhat:enterprise_linux:mecab-debugsource, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-common, p-cpe:/a:redhat:enterprise_linux:mysql-debugsource, p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:mysql-libs, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-test, cpe:/a:redhat:enterprise_linux:8::appstream, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/08/15

Vulnerability Publication Date: 2019/01/16

Reference Information

CVE: CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879, CVE-2019-2948, CVE-2019-2950, CVE-2019-2969, CVE-2019-3003

RHSA: 2019:2511