Detections
Analytics
RHEL 7 : rh-mysql80-mysql (RHSA-2021:3811)
high Nessus Plugin ID 154083
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3811 advisory.MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.26).
(BZ#2003105)
Security Fix(es):
* mysql: Server: Stored Procedure multiple vulnerabilities (CVE-2020-14672, CVE-2021-2046, CVE-2021-2072, CVE-2021-2081, CVE-2021-2215, CVE-2021-2217, CVE-2021-2293, CVE-2021-2304, CVE-2021-2424)
* mysql: Server: FTS multiple vulnerabilities (CVE-2020-14765, CVE-2020-14789, CVE-2020-14804)
* mysql: Server: Optimizer multiple vulnerabilities (CVE-2020-14769, CVE-2020-14773, CVE-2020-14777, CVE-2020-14785, CVE-2020-14793, CVE-2020-14794, CVE-2020-14809, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14861, CVE-2020-14866, CVE-2020-14868, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2021, CVE-2021-2024, CVE-2021-2030, CVE-2021-2031, CVE-2021-2036, CVE-2021-2055, CVE-2021-2060, CVE-2021-2065, CVE-2021-2070, CVE-2021-2076, CVE-2021-2164, CVE-2021-2169, CVE-2021-2170, CVE-2021-2193, CVE-2021-2203, CVE-2021-2212, CVE-2021-2213, CVE-2021-2230, CVE-2021-2278, CVE-2021-2298, CVE-2021-2299, CVE-2021-2342, CVE-2021-2357, CVE-2021-2367, CVE-2021-2383, CVE-2021-2384, CVE-2021-2387, CVE-2021-2410, CVE-2021-2412, CVE-2021-2418, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2437, CVE-2021-2441, CVE-2021-2444)
* mysql: InnoDB multiple vulnerabilities (CVE-2020-14775, CVE-2020-14776, CVE-2020-14821, CVE-2020-14829, CVE-2020-14848, CVE-2021-2022, CVE-2021-2028, CVE-2021-2048, CVE-2021-2174, CVE-2021-2180, CVE-2021-2194, CVE-2021-2372, CVE-2021-2374, CVE-2021-2389, CVE-2021-2390, CVE-2021-2429, CVE-2020-14791, CVE-2021-2042)
* mysql: Server: PS multiple vulnerabilities (CVE-2020-14786, CVE-2020-14790, CVE-2020-14844, CVE-2021-2422)
* mysql: Server: Security multiple vulnerabilities (CVE-2020-14800, CVE-2020-14838, CVE-2020-14860)
* mysql: Server: Locking multiple vulnerabilities (CVE-2020-14812, CVE-2021-2058, CVE-2021-2402)
* mysql: Server: DML multiple vulnerabilities (CVE-2020-14814, CVE-2020-14828, CVE-2021-2056, CVE-2021-2087, CVE-2021-2088, CVE-2021-2166, CVE-2021-2172, CVE-2021-2196, CVE-2021-2300, CVE-2021-2305, CVE-2021-2370, CVE-2021-2440)
* mysql: Server: Charsets unspecified vulnerability (CVE-2020-14852)
* mysql: Server: DDL multiple vulnerabilities (CVE-2020-14867, CVE-2021-2061, CVE-2021-2122, CVE-2021-2339, CVE-2021-2352, CVE-2021-2399)
* mysql: Server: X Plugin unspecified vulnerability (CVE-2020-14870)
* mysql: Server: Logging unspecified vulnerability (CVE-2020-14873)
* mysql: Server: Replication multiple vulnerabilities (CVE-2021-2002, CVE-2021-2171, CVE-2021-2178, CVE-2021-2202, CVE-2021-2356, CVE-2021-2385)
* mysql: C API multiple vulnerabilities (CVE-2021-2010, CVE-2021-2011)
* mysql: Server: Components Services unspecified vulnerability (CVE-2021-2038)
* mysql: Server: Options unspecified vulnerability (CVE-2021-2146)
* mysql: Server: Group Replication Plugin multiple vulnerabilities (CVE-2021-2179, CVE-2021-2232)
* mysql: Server: Partition multiple vulnerabilities (CVE-2021-2201, CVE-2021-2208)
* mysql: Server: Information Schema multiple vulnerabilities (CVE-2021-2032, CVE-2021-2226, CVE-2021-2301, CVE-2021-2308)
* mysql: Server: Packaging unspecified vulnerability (CVE-2021-2307)
* mysql: Server: Federated unspecified vulnerability (CVE-2021-2354)
* mysql: Server: GIS unspecified vulnerability (CVE-2021-2417)
* mysql: Server: Memcached unspecified vulnerability (CVE-2021-2340)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Segfault and possible DoS with a crafted query (BZ#2003100)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.redhat.com/show_bug.cgi?id=1951758
https://bugzilla.redhat.com/show_bug.cgi?id=1951759
https://bugzilla.redhat.com/show_bug.cgi?id=1951760
https://bugzilla.redhat.com/show_bug.cgi?id=1951761
https://bugzilla.redhat.com/show_bug.cgi?id=1951762
https://bugzilla.redhat.com/show_bug.cgi?id=1951763
https://bugzilla.redhat.com/show_bug.cgi?id=1951764
https://bugzilla.redhat.com/show_bug.cgi?id=1951765
https://bugzilla.redhat.com/show_bug.cgi?id=1951766
https://bugzilla.redhat.com/show_bug.cgi?id=1951767
https://bugzilla.redhat.com/show_bug.cgi?id=1951768
https://bugzilla.redhat.com/show_bug.cgi?id=1951769
https://bugzilla.redhat.com/show_bug.cgi?id=1951770
https://bugzilla.redhat.com/show_bug.cgi?id=1951771
https://bugzilla.redhat.com/show_bug.cgi?id=1951772
https://bugzilla.redhat.com/show_bug.cgi?id=1951773
https://bugzilla.redhat.com/show_bug.cgi?id=1951774
https://bugzilla.redhat.com/show_bug.cgi?id=1951775
https://bugzilla.redhat.com/show_bug.cgi?id=1951776
https://bugzilla.redhat.com/show_bug.cgi?id=1951777
https://bugzilla.redhat.com/show_bug.cgi?id=1951778
https://bugzilla.redhat.com/show_bug.cgi?id=1951779
https://bugzilla.redhat.com/show_bug.cgi?id=1951780
https://bugzilla.redhat.com/show_bug.cgi?id=1951781
https://bugzilla.redhat.com/show_bug.cgi?id=1951782
https://bugzilla.redhat.com/show_bug.cgi?id=1951783
https://bugzilla.redhat.com/show_bug.cgi?id=1951784
https://bugzilla.redhat.com/show_bug.cgi?id=1951785
https://bugzilla.redhat.com/show_bug.cgi?id=1951786
https://bugzilla.redhat.com/show_bug.cgi?id=1952802
https://bugzilla.redhat.com/show_bug.cgi?id=1992279
https://bugzilla.redhat.com/show_bug.cgi?id=1992280
https://bugzilla.redhat.com/show_bug.cgi?id=1992294
https://bugzilla.redhat.com/show_bug.cgi?id=1992297
https://bugzilla.redhat.com/show_bug.cgi?id=1992298
https://bugzilla.redhat.com/show_bug.cgi?id=1992299
https://bugzilla.redhat.com/show_bug.cgi?id=1992300
https://bugzilla.redhat.com/show_bug.cgi?id=1992301
https://bugzilla.redhat.com/show_bug.cgi?id=1992302
https://bugzilla.redhat.com/show_bug.cgi?id=1992303
https://bugzilla.redhat.com/show_bug.cgi?id=1992304
https://bugzilla.redhat.com/show_bug.cgi?id=1992305
https://bugzilla.redhat.com/show_bug.cgi?id=1992306
https://bugzilla.redhat.com/show_bug.cgi?id=1992307
https://bugzilla.redhat.com/show_bug.cgi?id=1992308
https://bugzilla.redhat.com/show_bug.cgi?id=1992309
https://bugzilla.redhat.com/show_bug.cgi?id=1992310
https://bugzilla.redhat.com/show_bug.cgi?id=1992311
https://bugzilla.redhat.com/show_bug.cgi?id=1992312
https://bugzilla.redhat.com/show_bug.cgi?id=1992313
https://bugzilla.redhat.com/show_bug.cgi?id=1992314
https://bugzilla.redhat.com/show_bug.cgi?id=1992315
https://bugzilla.redhat.com/show_bug.cgi?id=1992316
https://bugzilla.redhat.com/show_bug.cgi?id=1992317
https://bugzilla.redhat.com/show_bug.cgi?id=1992318
https://bugzilla.redhat.com/show_bug.cgi?id=1992319
https://bugzilla.redhat.com/show_bug.cgi?id=1992320
https://bugzilla.redhat.com/show_bug.cgi?id=1992321
https://bugzilla.redhat.com/show_bug.cgi?id=1992322
https://bugzilla.redhat.com/show_bug.cgi?id=1992323
https://bugzilla.redhat.com/show_bug.cgi?id=1992324
https://bugzilla.redhat.com/show_bug.cgi?id=1992325
https://bugzilla.redhat.com/show_bug.cgi?id=1992326
https://bugzilla.redhat.com/show_bug.cgi?id=2003100
https://bugzilla.redhat.com/show_bug.cgi?id=2003105
https://access.redhat.com/security/updates/classification/#moderate
http://www.nessus.org/u?c1a388fe
https://access.redhat.com/errata/RHSA-2021:3811
https://bugzilla.redhat.com/show_bug.cgi?id=1890737
https://bugzilla.redhat.com/show_bug.cgi?id=1890738
https://bugzilla.redhat.com/show_bug.cgi?id=1890739
https://bugzilla.redhat.com/show_bug.cgi?id=1890742
https://bugzilla.redhat.com/show_bug.cgi?id=1890743
https://bugzilla.redhat.com/show_bug.cgi?id=1890744
https://bugzilla.redhat.com/show_bug.cgi?id=1890745
https://bugzilla.redhat.com/show_bug.cgi?id=1890746
https://bugzilla.redhat.com/show_bug.cgi?id=1890747
https://bugzilla.redhat.com/show_bug.cgi?id=1890748
https://bugzilla.redhat.com/show_bug.cgi?id=1890749
https://bugzilla.redhat.com/show_bug.cgi?id=1890750
https://bugzilla.redhat.com/show_bug.cgi?id=1890751
https://bugzilla.redhat.com/show_bug.cgi?id=1890753
https://bugzilla.redhat.com/show_bug.cgi?id=1890754
https://bugzilla.redhat.com/show_bug.cgi?id=1890755
https://bugzilla.redhat.com/show_bug.cgi?id=1890756
https://bugzilla.redhat.com/show_bug.cgi?id=1890757
https://bugzilla.redhat.com/show_bug.cgi?id=1890758
https://bugzilla.redhat.com/show_bug.cgi?id=1890760
https://bugzilla.redhat.com/show_bug.cgi?id=1890761
https://bugzilla.redhat.com/show_bug.cgi?id=1890762
https://bugzilla.redhat.com/show_bug.cgi?id=1890763
https://bugzilla.redhat.com/show_bug.cgi?id=1890764
https://bugzilla.redhat.com/show_bug.cgi?id=1890765
https://bugzilla.redhat.com/show_bug.cgi?id=1890766
https://bugzilla.redhat.com/show_bug.cgi?id=1890767
https://bugzilla.redhat.com/show_bug.cgi?id=1890768
https://bugzilla.redhat.com/show_bug.cgi?id=1890769
https://bugzilla.redhat.com/show_bug.cgi?id=1890770
https://bugzilla.redhat.com/show_bug.cgi?id=1890771
https://bugzilla.redhat.com/show_bug.cgi?id=1890772
https://bugzilla.redhat.com/show_bug.cgi?id=1890773
https://bugzilla.redhat.com/show_bug.cgi?id=1890774
https://bugzilla.redhat.com/show_bug.cgi?id=1890775
https://bugzilla.redhat.com/show_bug.cgi?id=1890776
https://bugzilla.redhat.com/show_bug.cgi?id=1890778
https://bugzilla.redhat.com/show_bug.cgi?id=1890779
https://bugzilla.redhat.com/show_bug.cgi?id=1890781
https://bugzilla.redhat.com/show_bug.cgi?id=1890782
https://bugzilla.redhat.com/show_bug.cgi?id=1890783
https://bugzilla.redhat.com/show_bug.cgi?id=1890784
https://bugzilla.redhat.com/show_bug.cgi?id=1922379
https://bugzilla.redhat.com/show_bug.cgi?id=1922380
https://bugzilla.redhat.com/show_bug.cgi?id=1922383
https://bugzilla.redhat.com/show_bug.cgi?id=1922384
https://bugzilla.redhat.com/show_bug.cgi?id=1922388
https://bugzilla.redhat.com/show_bug.cgi?id=1922389
https://bugzilla.redhat.com/show_bug.cgi?id=1922390
https://bugzilla.redhat.com/show_bug.cgi?id=1922391
https://bugzilla.redhat.com/show_bug.cgi?id=1922392
https://bugzilla.redhat.com/show_bug.cgi?id=1922393
https://bugzilla.redhat.com/show_bug.cgi?id=1922394
https://bugzilla.redhat.com/show_bug.cgi?id=1922395
https://bugzilla.redhat.com/show_bug.cgi?id=1922396
https://bugzilla.redhat.com/show_bug.cgi?id=1922397
https://bugzilla.redhat.com/show_bug.cgi?id=1922398
https://bugzilla.redhat.com/show_bug.cgi?id=1922399
https://bugzilla.redhat.com/show_bug.cgi?id=1922400
https://bugzilla.redhat.com/show_bug.cgi?id=1922401
https://bugzilla.redhat.com/show_bug.cgi?id=1922402
https://bugzilla.redhat.com/show_bug.cgi?id=1922403
https://bugzilla.redhat.com/show_bug.cgi?id=1922404
https://bugzilla.redhat.com/show_bug.cgi?id=1922405
https://bugzilla.redhat.com/show_bug.cgi?id=1922406
https://bugzilla.redhat.com/show_bug.cgi?id=1922407
https://bugzilla.redhat.com/show_bug.cgi?id=1922408
https://bugzilla.redhat.com/show_bug.cgi?id=1922410
https://bugzilla.redhat.com/show_bug.cgi?id=1922411
https://bugzilla.redhat.com/show_bug.cgi?id=1922416
https://bugzilla.redhat.com/show_bug.cgi?id=1922419
https://bugzilla.redhat.com/show_bug.cgi?id=1951751
https://bugzilla.redhat.com/show_bug.cgi?id=1951754
https://bugzilla.redhat.com/show_bug.cgi?id=1951755
Plugin Details
Severity: High
ID: 154083
File Name: redhat-RHSA-2021-3811.nasl
Version: 1.12
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/13/2021
Updated: 11/7/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: High
Base Score: 8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C
CVSS Score Source: CVE-2021-2417
CVSS v3
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2020-14828
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: Exploits are available
Patch Publication Date: 10/12/2021
Vulnerability Publication Date: 10/20/2020
Reference Information
CVE: CVE-2020-14672, CVE-2020-14765, CVE-2020-14769, CVE-2020-14773, CVE-2020-14775, CVE-2020-14776, CVE-2020-14777, CVE-2020-14785, CVE-2020-14786, CVE-2020-14789, CVE-2020-14790, CVE-2020-14791, CVE-2020-14793, CVE-2020-14794, CVE-2020-14800, CVE-2020-14804, CVE-2020-14809, CVE-2020-14812, CVE-2020-14814, CVE-2020-14821, CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14838, CVE-2020-14839, CVE-2020-14844, CVE-2020-14845, CVE-2020-14846, CVE-2020-14848, CVE-2020-14852, CVE-2020-14860, CVE-2020-14861, CVE-2020-14866, CVE-2020-14867, CVE-2020-14868, CVE-2020-14870, CVE-2020-14873, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2002, CVE-2021-2010, CVE-2021-2011, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122, CVE-2021-2146, CVE-2021-2164, CVE-2021-2166, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171, CVE-2021-2172, CVE-2021-2174, CVE-2021-2178, CVE-2021-2179, CVE-2021-2180, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196, CVE-2021-2201, CVE-2021-2202, CVE-2021-2203, CVE-2021-2208, CVE-2021-2212, CVE-2021-2213, CVE-2021-2215, CVE-2021-2217, CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278, CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300, CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307, CVE-2021-2308, CVE-2021-2339, CVE-2021-2340, CVE-2021-2342, CVE-2021-2352, CVE-2021-2354, CVE-2021-2356, CVE-2021-2357, CVE-2021-2367, CVE-2021-2370, CVE-2021-2372, CVE-2021-2374, CVE-2021-2383, CVE-2021-2384, CVE-2021-2385, CVE-2021-2387, CVE-2021-2389, CVE-2021-2390, CVE-2021-2399, CVE-2021-2402, CVE-2021-2410, CVE-2021-2412, CVE-2021-2417, CVE-2021-2418, CVE-2021-2422, CVE-2021-2424, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2429, CVE-2021-2437, CVE-2021-2440, CVE-2021-2441, CVE-2021-2444, CVE-2021-35537, CVE-2021-35629
IAVA: 2020-A-0473-S, 2021-A-0038-S, 2021-A-0193-S, 2021-A-0333-S
RHSA: 2021:3811