Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)

high Nessus Plugin ID 127983

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2511 advisory.

mecab [0.996-1.9]
- Release bump for rebuilding on new arches Related: #1518842

[0.996-1.8]
- skip %verify of /etc/opt/rh/rh-mysql57/mecabrc Resolves: #1382315

[0.996-1.7]
- Prefix library major number with SCL name in soname

[0.996-1.6]
- Require runtime package from the scl

[0.996-1.5]
- Convert to SCL package

[0.996-1.4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[0.996-1.3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[0.996-1.2]
- Rebuilt for GCC 5 C++11 ABI change

[0.996-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[0.996-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

mecab-ipadic [2.7.0.20070801-16.0.1]
- Rename the LICENSE.Fedora to LICENSE.oracle

[2.7.0.20070801-16]
- Rename the LICENSE.fedora to LICENSE.rhel

[2.7.0.20070801-15]
- Release bump for rebuilding on new arches Related: #1518842

[2.7.0.20070801-14.1]
- Require runtime package from the scl

[2.7.0.20070801-13.1]
- Convert to SCL package

[2.7.0.20070801-12.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[2.7.0.20070801-11.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[2.7.0.20070801-10.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[2.7.0.20070801-9.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[2.7.0.20070801-8.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

[2.7.0.20070801-7.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[2.7.0.20070801-6.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[2.7.0.20070801-5.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[2.7.0.20070801-4.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Wed Jan 13 2010 Mamoru Tasaka <[email protected]>
- Fix URL for Source2

[2.7.0.20070801-3]
- F-12: Mass rebuild

[2.7.0.20070801-2]
- F-11: Mass rebuild

[2.7.0.20070801.dist.1]
- License update

[2.7.0.20070801]
- New release 2.7.0-20070801

[2.7.0.20070610]
- New release 2.7.0-20070610

[2.7.0.20060707-2]
- Fix typo

[2.7.0.20060707-1]
- Initial packaging, based on mecab-jumandic spec file

mysql [8.0.17-3]
- Use RELRO hardening on all binaries
- Resolves: #1734420

[8.0.17-2]
- Use RELRO hardening on all binaries
- Resolves: #1734420

[8.0.17-1]
- Rebase to 8.0.17
- Resolves: #1732042
- CVEs fixed:
CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741 CVE-2019-2743 CVE-2019-2746 CVE-2019-2747 CVE-2019-2752 CVE-2019-2755 CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780 CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795 CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801 CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810 CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819 CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2019-2511.html

Plugin Details

Severity: High

ID: 127983

File Name: oraclelinux_ELSA-2019-2511.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/20/2019

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2019-2819

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-2800

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:mysql-libs, p-cpe:/a:oracle:linux:mysql-devel, p-cpe:/a:oracle:linux:mysql-errmsg, p-cpe:/a:oracle:linux:mysql-test, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:mecab-ipadic-eucjp, p-cpe:/a:oracle:linux:mysql-server, p-cpe:/a:oracle:linux:mysql-common, p-cpe:/a:oracle:linux:mecab-ipadic, p-cpe:/a:oracle:linux:mysql, p-cpe:/a:oracle:linux:mecab

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/19/2019

Vulnerability Publication Date: 1/16/2019

Reference Information

CVE: CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879

RHSA: 2019:2511