CentOS 8 : mysql:8.0 (CESA-2019:2511)

high Nessus Plugin ID 145612

Synopsis

The remote CentOS host is missing one or more security updates.

Description

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2511 advisory.

- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530)

- mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2434, CVE-2019-2455)

- mysql: Server: Replication unspecified vulnerability (CPU Jan 2019) (CVE-2019-2436, CVE-2019-2531, CVE-2019-2534)

- mysql: Server: PS unspecified vulnerability (CPU Jan 2019) (CVE-2019-2482)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019) (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533)

- mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537)

- mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2502, CVE-2019-2510)

- mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)

- mysql: Server: Partition unspecified vulnerability (CPU Jan 2019) (CVE-2019-2528)

- mysql: Server: Options unspecified vulnerability (CPU Jan 2019) (CVE-2019-2535)

- mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019) (CVE-2019-2536)

- mysql: Server: Connection unspecified vulnerability (CPU Jan 2019) (CVE-2019-2539)

- mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628)

- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019) (CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627)

- mysql: Server: Partition unspecified vulnerability (CPU Apr 2019) (CVE-2019-2587)

- mysql: Server: PS unspecified vulnerability (CPU Apr 2019) (CVE-2019-2592)

- mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635)

- mysql: Server: Options unspecified vulnerability (CPU Apr 2019) (CVE-2019-2623, CVE-2019-2683)

- mysql: Server: DDL unspecified vulnerability (CPU Apr 2019) (CVE-2019-2626, CVE-2019-2644)

- mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2019) (CVE-2019-2631)

- mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2019) (CVE-2019-2636)

- mysql: Server: Security: Roles unspecified vulnerability (CPU Apr 2019) (CVE-2019-2691)

- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

- mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019) (CVE-2019-2738)

- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739, CVE-2019-2778, CVE-2019-2789, CVE-2019-2811)

- mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

- mysql: Server: Options unspecified vulnerability (CPU Jul 2019) (CVE-2019-2752)

- mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2755, CVE-2019-2800)

- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019) (CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)

- mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2814, CVE-2019-2879)

- mysql: Server: Components / Services unspecified vulnerability (CPU Jul 2019) (CVE-2019-2780)

- mysql: Server: DML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2784)

- mysql: Server: Charsets unspecified vulnerability (CPU Jul 2019) (CVE-2019-2795)

- mysql: Client programs unspecified vulnerability (CPU Jul 2019) (CVE-2019-2797)

- mysql: Server: FTS unspecified vulnerability (CPU Jul 2019) (CVE-2019-2801)

- mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

- mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019) (CVE-2019-2819)

- mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2019) (CVE-2019-2826)

- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2948, CVE-2019-2950)

- mysql: Client programs unspecified vulnerability (CPU Oct 2019) (CVE-2019-2969)

- mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-3003)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2019:2511

Plugin Details

Severity: High

ID: 145612

File Name: centos8_RHSA-2019-2511.nasl

Version: 1.5

Type: local

Agent: unix

Published: 1/29/2021

Updated: 5/11/2022

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2019-2819

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-2800

Vulnerability Information

CPE: cpe:/o:centos:centos:8, p-cpe:/a:centos:centos:mecab, p-cpe:/a:centos:centos:mecab-ipadic, p-cpe:/a:centos:centos:mecab-ipadic-EUCJP, p-cpe:/a:centos:centos:mysql, p-cpe:/a:centos:centos:mysql-common, p-cpe:/a:centos:centos:mysql-devel, p-cpe:/a:centos:centos:mysql-errmsg, p-cpe:/a:centos:centos:mysql-libs, p-cpe:/a:centos:centos:mysql-server, p-cpe:/a:centos:centos:mysql-test

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/15/2019

Vulnerability Publication Date: 1/15/2019

Reference Information

CVE: CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879, CVE-2019-2948, CVE-2019-2950, CVE-2019-2969, CVE-2019-3003

BID: 106619, 106622, 106625, 106626, 106627, 106628, 107913, 107924, 107927, 107928, 109243, 109247, 109259, 109260

RHSA: 2019:2511