RHEL 8 : mysql:8.0 (RHSA-2022:7119)

high Nessus Plugin ID 166543

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7119 advisory.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version: mysql (8.0.30).

Security Fix(es):

* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)

* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)

* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)

* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)

* mysql: C API unspecified vulnerability (CVE-2021-35597)

* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)

* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)

* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)

* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)

* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)

* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)

* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)

* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)

* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)

* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)

* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)

* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)

* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)

* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)

* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)

* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)

* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)

* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)

* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [rhel-8] (BZ#2110940)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=2016117

https://bugzilla.redhat.com/show_bug.cgi?id=2016118

https://bugzilla.redhat.com/show_bug.cgi?id=2016119

https://bugzilla.redhat.com/show_bug.cgi?id=2016120

http://www.nessus.org/u?73a6bf0e

https://access.redhat.com/errata/RHSA-2022:7119

https://bugzilla.redhat.com/show_bug.cgi?id=2016089

https://bugzilla.redhat.com/show_bug.cgi?id=2016090

https://bugzilla.redhat.com/show_bug.cgi?id=2016091

https://bugzilla.redhat.com/show_bug.cgi?id=2016093

https://bugzilla.redhat.com/show_bug.cgi?id=2016121

https://bugzilla.redhat.com/show_bug.cgi?id=2016122

https://bugzilla.redhat.com/show_bug.cgi?id=2016124

https://bugzilla.redhat.com/show_bug.cgi?id=2016126

https://bugzilla.redhat.com/show_bug.cgi?id=2016127

https://bugzilla.redhat.com/show_bug.cgi?id=2016128

https://bugzilla.redhat.com/show_bug.cgi?id=2016129

https://bugzilla.redhat.com/show_bug.cgi?id=2016130

https://bugzilla.redhat.com/show_bug.cgi?id=2016131

https://bugzilla.redhat.com/show_bug.cgi?id=2016132

https://bugzilla.redhat.com/show_bug.cgi?id=2016133

https://bugzilla.redhat.com/show_bug.cgi?id=2016134

https://bugzilla.redhat.com/show_bug.cgi?id=2016135

https://bugzilla.redhat.com/show_bug.cgi?id=2016137

https://bugzilla.redhat.com/show_bug.cgi?id=2016138

https://bugzilla.redhat.com/show_bug.cgi?id=2043620

https://bugzilla.redhat.com/show_bug.cgi?id=2043621

https://bugzilla.redhat.com/show_bug.cgi?id=2043622

https://bugzilla.redhat.com/show_bug.cgi?id=2043623

https://bugzilla.redhat.com/show_bug.cgi?id=2043624

https://bugzilla.redhat.com/show_bug.cgi?id=2043625

https://bugzilla.redhat.com/show_bug.cgi?id=2043626

https://bugzilla.redhat.com/show_bug.cgi?id=2043627

https://bugzilla.redhat.com/show_bug.cgi?id=2043628

https://bugzilla.redhat.com/show_bug.cgi?id=2043629

https://bugzilla.redhat.com/show_bug.cgi?id=2043630

https://bugzilla.redhat.com/show_bug.cgi?id=2043631

https://bugzilla.redhat.com/show_bug.cgi?id=2043632

https://bugzilla.redhat.com/show_bug.cgi?id=2043633

https://bugzilla.redhat.com/show_bug.cgi?id=2043634

https://bugzilla.redhat.com/show_bug.cgi?id=2016094

https://bugzilla.redhat.com/show_bug.cgi?id=2016095

https://bugzilla.redhat.com/show_bug.cgi?id=2016097

https://bugzilla.redhat.com/show_bug.cgi?id=2016098

https://bugzilla.redhat.com/show_bug.cgi?id=2016099

https://bugzilla.redhat.com/show_bug.cgi?id=2016100

https://bugzilla.redhat.com/show_bug.cgi?id=2016101

https://bugzilla.redhat.com/show_bug.cgi?id=2016104

https://bugzilla.redhat.com/show_bug.cgi?id=2016105

https://bugzilla.redhat.com/show_bug.cgi?id=2016106

https://bugzilla.redhat.com/show_bug.cgi?id=2016107

https://bugzilla.redhat.com/show_bug.cgi?id=2016108

https://bugzilla.redhat.com/show_bug.cgi?id=2016109

https://bugzilla.redhat.com/show_bug.cgi?id=2016110

https://bugzilla.redhat.com/show_bug.cgi?id=2016111

https://bugzilla.redhat.com/show_bug.cgi?id=2016112

https://bugzilla.redhat.com/show_bug.cgi?id=2016113

https://bugzilla.redhat.com/show_bug.cgi?id=2016114

https://bugzilla.redhat.com/show_bug.cgi?id=2043635

https://bugzilla.redhat.com/show_bug.cgi?id=2043636

https://bugzilla.redhat.com/show_bug.cgi?id=2043637

https://bugzilla.redhat.com/show_bug.cgi?id=2043638

https://bugzilla.redhat.com/show_bug.cgi?id=2043639

https://bugzilla.redhat.com/show_bug.cgi?id=2043640

https://bugzilla.redhat.com/show_bug.cgi?id=2043641

https://bugzilla.redhat.com/show_bug.cgi?id=2043642

https://bugzilla.redhat.com/show_bug.cgi?id=2043643

https://bugzilla.redhat.com/show_bug.cgi?id=2043644

https://bugzilla.redhat.com/show_bug.cgi?id=2043645

https://bugzilla.redhat.com/show_bug.cgi?id=2043646

https://bugzilla.redhat.com/show_bug.cgi?id=2043647

https://bugzilla.redhat.com/show_bug.cgi?id=2043648

https://bugzilla.redhat.com/show_bug.cgi?id=2082636

https://bugzilla.redhat.com/show_bug.cgi?id=2082637

https://bugzilla.redhat.com/show_bug.cgi?id=2082638

https://bugzilla.redhat.com/show_bug.cgi?id=2082639

https://bugzilla.redhat.com/show_bug.cgi?id=2082640

https://bugzilla.redhat.com/show_bug.cgi?id=2082641

https://bugzilla.redhat.com/show_bug.cgi?id=2082642

https://bugzilla.redhat.com/show_bug.cgi?id=2082643

https://bugzilla.redhat.com/show_bug.cgi?id=2082644

https://bugzilla.redhat.com/show_bug.cgi?id=2082645

https://bugzilla.redhat.com/show_bug.cgi?id=2082646

https://bugzilla.redhat.com/show_bug.cgi?id=2082647

https://bugzilla.redhat.com/show_bug.cgi?id=2082648

https://bugzilla.redhat.com/show_bug.cgi?id=2082649

https://bugzilla.redhat.com/show_bug.cgi?id=2082650

https://bugzilla.redhat.com/show_bug.cgi?id=2082651

https://bugzilla.redhat.com/show_bug.cgi?id=2082652

https://bugzilla.redhat.com/show_bug.cgi?id=2082653

https://bugzilla.redhat.com/show_bug.cgi?id=2082654

https://bugzilla.redhat.com/show_bug.cgi?id=2082655

https://bugzilla.redhat.com/show_bug.cgi?id=2082656

https://bugzilla.redhat.com/show_bug.cgi?id=2082657

https://bugzilla.redhat.com/show_bug.cgi?id=2082658

https://bugzilla.redhat.com/show_bug.cgi?id=2082659

https://bugzilla.redhat.com/show_bug.cgi?id=2110940

https://bugzilla.redhat.com/show_bug.cgi?id=2115283

https://bugzilla.redhat.com/show_bug.cgi?id=2115284

https://bugzilla.redhat.com/show_bug.cgi?id=2115285

https://bugzilla.redhat.com/show_bug.cgi?id=2115286

https://bugzilla.redhat.com/show_bug.cgi?id=2115287

https://bugzilla.redhat.com/show_bug.cgi?id=2115288

https://bugzilla.redhat.com/show_bug.cgi?id=2115289

https://bugzilla.redhat.com/show_bug.cgi?id=2115290

https://bugzilla.redhat.com/show_bug.cgi?id=2115291

https://bugzilla.redhat.com/show_bug.cgi?id=2115292

https://bugzilla.redhat.com/show_bug.cgi?id=2115293

https://bugzilla.redhat.com/show_bug.cgi?id=2115294

https://bugzilla.redhat.com/show_bug.cgi?id=2115295

https://bugzilla.redhat.com/show_bug.cgi?id=2115296

https://bugzilla.redhat.com/show_bug.cgi?id=2115297

https://bugzilla.redhat.com/show_bug.cgi?id=2115298

https://bugzilla.redhat.com/show_bug.cgi?id=2115299

https://bugzilla.redhat.com/show_bug.cgi?id=2115301

https://bugzilla.redhat.com/show_bug.cgi?id=2122604

https://access.redhat.com/security/updates/classification/#moderate

Plugin Details

Severity: High

ID: 166543

File Name: redhat-RHSA-2022-7119.nasl

Version: 1.9

Type: local

Agent: unix

Published: 10/26/2022

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2022-21368

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-21600

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:mecab, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic, p-cpe:/a:redhat:enterprise_linux:mysql-common, cpe:/o:redhat:rhel_eus:8.6, p-cpe:/a:redhat:enterprise_linux:mysql-test, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp, p-cpe:/a:redhat:enterprise_linux:mysql-libs, cpe:/o:redhat:enterprise_linux:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/25/2022

Vulnerability Publication Date: 10/19/2021

Reference Information

CVE: CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35591, CVE-2021-35596, CVE-2021-35597, CVE-2021-35602, CVE-2021-35604, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610, CVE-2021-35612, CVE-2021-35622, CVE-2021-35623, CVE-2021-35624, CVE-2021-35625, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35630, CVE-2021-35631, CVE-2021-35632, CVE-2021-35633, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35637, CVE-2021-35638, CVE-2021-35639, CVE-2021-35640, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2021-35648, CVE-2022-21245, CVE-2022-21249, CVE-2022-21253, CVE-2022-21254, CVE-2022-21256, CVE-2022-21264, CVE-2022-21265, CVE-2022-21270, CVE-2022-21278, CVE-2022-21297, CVE-2022-21301, CVE-2022-21302, CVE-2022-21303, CVE-2022-21304, CVE-2022-21339, CVE-2022-21342, CVE-2022-21344, CVE-2022-21348, CVE-2022-21351, CVE-2022-21352, CVE-2022-21358, CVE-2022-21362, CVE-2022-21367, CVE-2022-21368, CVE-2022-21370, CVE-2022-21372, CVE-2022-21374, CVE-2022-21378, CVE-2022-21379, CVE-2022-21412, CVE-2022-21413, CVE-2022-21414, CVE-2022-21415, CVE-2022-21417, CVE-2022-21418, CVE-2022-21423, CVE-2022-21425, CVE-2022-21427, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21444, CVE-2022-21451, CVE-2022-21452, CVE-2022-21454, CVE-2022-21455, CVE-2022-21457, CVE-2022-21459, CVE-2022-21460, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21515, CVE-2022-21517, CVE-2022-21522, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21534, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539, CVE-2022-21547, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569, CVE-2022-21592, CVE-2022-21595, CVE-2022-21600, CVE-2022-21605, CVE-2022-21607, CVE-2022-21635, CVE-2022-21638, CVE-2022-21641, CVE-2023-21866, CVE-2023-21872, CVE-2023-21950

IAVA: 2021-A-0487-S, 2022-A-0030-S, 2022-A-0168-S, 2022-A-0291-S

RHSA: 2022:7119