RHEL 8 : mysql:8.0 (RHSA-2019:2511)
medium Nessus Plugin ID 127991
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
mysql (8.0.17).
Security Fix(es) :
* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)
* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)
* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)
* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)
* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)
* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)
* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)
* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)
* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)
* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)
* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)
* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)
* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)
* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)
* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)
* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)
* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)
* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)
* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)
* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)
* mysql: Client programs unspecified vulnerability (CVE-2019-2797)
* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)
* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)
* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Update the affected packages.See Also
https://access.redhat.com/errata/RHSA-2019:2511
https://access.redhat.com/security/cve/cve-2019-2420
https://access.redhat.com/security/cve/cve-2019-2434
https://access.redhat.com/security/cve/cve-2019-2436
https://access.redhat.com/security/cve/cve-2019-2455
https://access.redhat.com/security/cve/cve-2019-2481
https://access.redhat.com/security/cve/cve-2019-2482
https://access.redhat.com/security/cve/cve-2019-2486
https://access.redhat.com/security/cve/cve-2019-2494
https://access.redhat.com/security/cve/cve-2019-2495
https://access.redhat.com/security/cve/cve-2019-2502
https://access.redhat.com/security/cve/cve-2019-2503
https://access.redhat.com/security/cve/cve-2019-2507
https://access.redhat.com/security/cve/cve-2019-2510
https://access.redhat.com/security/cve/cve-2019-2528
https://access.redhat.com/security/cve/cve-2019-2529
https://access.redhat.com/security/cve/cve-2019-2530
https://access.redhat.com/security/cve/cve-2019-2531
https://access.redhat.com/security/cve/cve-2019-2532
https://access.redhat.com/security/cve/cve-2019-2533
https://access.redhat.com/security/cve/cve-2019-2534
https://access.redhat.com/security/cve/cve-2019-2535
https://access.redhat.com/security/cve/cve-2019-2536
https://access.redhat.com/security/cve/cve-2019-2537
https://access.redhat.com/security/cve/cve-2019-2539
https://access.redhat.com/security/cve/cve-2019-2580
https://access.redhat.com/security/cve/cve-2019-2581
https://access.redhat.com/security/cve/cve-2019-2584
https://access.redhat.com/security/cve/cve-2019-2585
https://access.redhat.com/security/cve/cve-2019-2587
https://access.redhat.com/security/cve/cve-2019-2589
https://access.redhat.com/security/cve/cve-2019-2592
https://access.redhat.com/security/cve/cve-2019-2593
https://access.redhat.com/security/cve/cve-2019-2596
https://access.redhat.com/security/cve/cve-2019-2606
https://access.redhat.com/security/cve/cve-2019-2607
https://access.redhat.com/security/cve/cve-2019-2614
https://access.redhat.com/security/cve/cve-2019-2617
https://access.redhat.com/security/cve/cve-2019-2620
https://access.redhat.com/security/cve/cve-2019-2623
https://access.redhat.com/security/cve/cve-2019-2624
https://access.redhat.com/security/cve/cve-2019-2625
https://access.redhat.com/security/cve/cve-2019-2626
https://access.redhat.com/security/cve/cve-2019-2627
https://access.redhat.com/security/cve/cve-2019-2628
https://access.redhat.com/security/cve/cve-2019-2630
https://access.redhat.com/security/cve/cve-2019-2631
https://access.redhat.com/security/cve/cve-2019-2634
https://access.redhat.com/security/cve/cve-2019-2635
https://access.redhat.com/security/cve/cve-2019-2636
https://access.redhat.com/security/cve/cve-2019-2644
https://access.redhat.com/security/cve/cve-2019-2681
https://access.redhat.com/security/cve/cve-2019-2683
https://access.redhat.com/security/cve/cve-2019-2685
https://access.redhat.com/security/cve/cve-2019-2686
https://access.redhat.com/security/cve/cve-2019-2687
https://access.redhat.com/security/cve/cve-2019-2688
https://access.redhat.com/security/cve/cve-2019-2689
https://access.redhat.com/security/cve/cve-2019-2691
https://access.redhat.com/security/cve/cve-2019-2693
https://access.redhat.com/security/cve/cve-2019-2694
https://access.redhat.com/security/cve/cve-2019-2695
https://access.redhat.com/security/cve/cve-2019-2737
https://access.redhat.com/security/cve/cve-2019-2738
https://access.redhat.com/security/cve/cve-2019-2739
https://access.redhat.com/security/cve/cve-2019-2740
https://access.redhat.com/security/cve/cve-2019-2752
https://access.redhat.com/security/cve/cve-2019-2755
https://access.redhat.com/security/cve/cve-2019-2757
https://access.redhat.com/security/cve/cve-2019-2758
https://access.redhat.com/security/cve/cve-2019-2774
https://access.redhat.com/security/cve/cve-2019-2778
https://access.redhat.com/security/cve/cve-2019-2780
https://access.redhat.com/security/cve/cve-2019-2784
https://access.redhat.com/security/cve/cve-2019-2785
https://access.redhat.com/security/cve/cve-2019-2789
https://access.redhat.com/security/cve/cve-2019-2795
https://access.redhat.com/security/cve/cve-2019-2796
https://access.redhat.com/security/cve/cve-2019-2797
https://access.redhat.com/security/cve/cve-2019-2798
https://access.redhat.com/security/cve/cve-2019-2800
https://access.redhat.com/security/cve/cve-2019-2801
https://access.redhat.com/security/cve/cve-2019-2802
https://access.redhat.com/security/cve/cve-2019-2803
https://access.redhat.com/security/cve/cve-2019-2805
https://access.redhat.com/security/cve/cve-2019-2808
https://access.redhat.com/security/cve/cve-2019-2810
https://access.redhat.com/security/cve/cve-2019-2811
https://access.redhat.com/security/cve/cve-2019-2812
https://access.redhat.com/security/cve/cve-2019-2814
https://access.redhat.com/security/cve/cve-2019-2815
https://access.redhat.com/security/cve/cve-2019-2819
https://access.redhat.com/security/cve/cve-2019-2826
https://access.redhat.com/security/cve/cve-2019-2830
https://access.redhat.com/security/cve/cve-2019-2834
https://access.redhat.com/security/cve/cve-2019-2879
https://access.redhat.com/security/cve/cve-2019-2948
https://access.redhat.com/security/cve/cve-2019-2950
Plugin Details
Severity: Medium
ID: 127991
File Name: redhat-RHSA-2019-2511.nasl
Version: 1.9
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 8/20/2019
Updated: 3/24/2021
Dependencies: ssh_get_info.nasl
Risk Information
CVSS Score Source: CVE-2019-2819
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.1
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.8
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:mecab, p-cpe:/a:redhat:enterprise_linux:mecab-debugsource, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-common, p-cpe:/a:redhat:enterprise_linux:mysql-debugsource, p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:mysql-libs, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-test, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 8/15/2019
Vulnerability Publication Date: 1/16/2019
Reference Information
CVE: CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879, CVE-2019-2948, CVE-2019-2950, CVE-2019-2969, CVE-2019-3003
RHSA: 2019:2511