Detections
Analytics
RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)
high Nessus Plugin ID 194842
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for rh-mysql80-mysql.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory.MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
rh-mysql80-mysql (8.0.36)
Security fixes:
* mysql: Client programs unspecified vulnerability (CVE-2023-21980, CVE-2023-22053)
* mysql: InnoDB unspecified vulnerability (CVE-2023-21911, CVE-2023-22008, CVE-2023-22033, CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server : Security : Firewall unspecified vulnerability (CVE-2024-20984)
* mysql: Server: Audit Plug-in unspecified vulnerability (CVE-2024-21061)
* mysql: Server: Components Services unspecified vulnerability (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
* mysql: Server: DDL unspecified vulnerability (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933, CVE-2023-22058, CVE-2024-20969, CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CVE-2023-21972, CVE-2023-22115, CVE-2024-20983, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21056)
* mysql: Server: JSON unspecified vulnerability (CVE-2023-21966)
* mysql: Server: Optimizer unspecified vulnerability (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982, CVE-2023-22032, CVE-2023-22046, CVE-2023-22054, CVE-2023-22056, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112, CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982, CVE-2024-20993, CVE-2024-21055, CVE-2024-21057)
* mysql: Server: Options unspecified vulnerability (CVE-2024-20968)
* mysql: Server: Partition unspecified vulnerability (CVE-2023-21953, CVE-2023-21955)
* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2023-22048)
* mysql: Server: RAPID unspecified vulnerability (CVE-2024-20960)
* mysql: Server: Replication unspecified vulnerability (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057, CVE-2024-20967)
* mysql: Server: Security: Encryption unspecified vulnerability (CVE-2023-22113, CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CVE-2023-22038, CVE-2024-20964)
* mysql: Server: UDF unspecified vulnerability (CVE-2023-22111, CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL rh-mysql80-mysql package based on the guidance in RHSA-2024:2619.See Also
http://www.nessus.org/u?33e871df
https://access.redhat.com/errata/RHSA-2024:2619
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2179864
https://bugzilla.redhat.com/show_bug.cgi?id=2188109
https://bugzilla.redhat.com/show_bug.cgi?id=2188113
https://bugzilla.redhat.com/show_bug.cgi?id=2188115
https://bugzilla.redhat.com/show_bug.cgi?id=2188116
https://bugzilla.redhat.com/show_bug.cgi?id=2188117
https://bugzilla.redhat.com/show_bug.cgi?id=2188118
https://bugzilla.redhat.com/show_bug.cgi?id=2188119
https://bugzilla.redhat.com/show_bug.cgi?id=2188120
https://bugzilla.redhat.com/show_bug.cgi?id=2188121
https://bugzilla.redhat.com/show_bug.cgi?id=2188122
https://bugzilla.redhat.com/show_bug.cgi?id=2188123
https://bugzilla.redhat.com/show_bug.cgi?id=2188124
https://bugzilla.redhat.com/show_bug.cgi?id=2188125
https://bugzilla.redhat.com/show_bug.cgi?id=2188127
https://bugzilla.redhat.com/show_bug.cgi?id=2188128
https://bugzilla.redhat.com/show_bug.cgi?id=2188129
https://bugzilla.redhat.com/show_bug.cgi?id=2188130
https://bugzilla.redhat.com/show_bug.cgi?id=2188131
https://bugzilla.redhat.com/show_bug.cgi?id=2188132
https://bugzilla.redhat.com/show_bug.cgi?id=2224211
https://bugzilla.redhat.com/show_bug.cgi?id=2224212
https://bugzilla.redhat.com/show_bug.cgi?id=2224213
https://bugzilla.redhat.com/show_bug.cgi?id=2224214
https://bugzilla.redhat.com/show_bug.cgi?id=2224215
https://bugzilla.redhat.com/show_bug.cgi?id=2224216
https://bugzilla.redhat.com/show_bug.cgi?id=2224217
https://bugzilla.redhat.com/show_bug.cgi?id=2224218
https://bugzilla.redhat.com/show_bug.cgi?id=2224219
https://bugzilla.redhat.com/show_bug.cgi?id=2224220
https://bugzilla.redhat.com/show_bug.cgi?id=2224221
https://bugzilla.redhat.com/show_bug.cgi?id=2224222
https://bugzilla.redhat.com/show_bug.cgi?id=2245014
https://bugzilla.redhat.com/show_bug.cgi?id=2245015
https://bugzilla.redhat.com/show_bug.cgi?id=2245016
https://bugzilla.redhat.com/show_bug.cgi?id=2245017
https://bugzilla.redhat.com/show_bug.cgi?id=2245018
https://bugzilla.redhat.com/show_bug.cgi?id=2245019
https://bugzilla.redhat.com/show_bug.cgi?id=2245020
https://bugzilla.redhat.com/show_bug.cgi?id=2245021
https://bugzilla.redhat.com/show_bug.cgi?id=2245022
https://bugzilla.redhat.com/show_bug.cgi?id=2245023
https://bugzilla.redhat.com/show_bug.cgi?id=2245024
https://bugzilla.redhat.com/show_bug.cgi?id=2245026
https://bugzilla.redhat.com/show_bug.cgi?id=2245027
https://bugzilla.redhat.com/show_bug.cgi?id=2245028
https://bugzilla.redhat.com/show_bug.cgi?id=2245029
https://bugzilla.redhat.com/show_bug.cgi?id=2245030
https://bugzilla.redhat.com/show_bug.cgi?id=2245031
https://bugzilla.redhat.com/show_bug.cgi?id=2245032
https://bugzilla.redhat.com/show_bug.cgi?id=2245033
https://bugzilla.redhat.com/show_bug.cgi?id=2245034
https://bugzilla.redhat.com/show_bug.cgi?id=2258771
https://bugzilla.redhat.com/show_bug.cgi?id=2258772
https://bugzilla.redhat.com/show_bug.cgi?id=2258773
https://bugzilla.redhat.com/show_bug.cgi?id=2258774
https://bugzilla.redhat.com/show_bug.cgi?id=2258775
https://bugzilla.redhat.com/show_bug.cgi?id=2258776
https://bugzilla.redhat.com/show_bug.cgi?id=2258777
https://bugzilla.redhat.com/show_bug.cgi?id=2258778
https://bugzilla.redhat.com/show_bug.cgi?id=2258779
https://bugzilla.redhat.com/show_bug.cgi?id=2258780
https://bugzilla.redhat.com/show_bug.cgi?id=2258781
https://bugzilla.redhat.com/show_bug.cgi?id=2258782
https://bugzilla.redhat.com/show_bug.cgi?id=2258783
https://bugzilla.redhat.com/show_bug.cgi?id=2258784
https://bugzilla.redhat.com/show_bug.cgi?id=2258785
https://bugzilla.redhat.com/show_bug.cgi?id=2258787
https://bugzilla.redhat.com/show_bug.cgi?id=2258788
https://bugzilla.redhat.com/show_bug.cgi?id=2258789
https://bugzilla.redhat.com/show_bug.cgi?id=2258790
https://bugzilla.redhat.com/show_bug.cgi?id=2258791
https://bugzilla.redhat.com/show_bug.cgi?id=2258792
https://bugzilla.redhat.com/show_bug.cgi?id=2258793
https://bugzilla.redhat.com/show_bug.cgi?id=2258794
https://bugzilla.redhat.com/show_bug.cgi?id=2275428
https://bugzilla.redhat.com/show_bug.cgi?id=2275435
https://bugzilla.redhat.com/show_bug.cgi?id=2275437
https://bugzilla.redhat.com/show_bug.cgi?id=2275438
https://bugzilla.redhat.com/show_bug.cgi?id=2275439
https://bugzilla.redhat.com/show_bug.cgi?id=2275440
https://bugzilla.redhat.com/show_bug.cgi?id=2275441
https://bugzilla.redhat.com/show_bug.cgi?id=2275444
https://bugzilla.redhat.com/show_bug.cgi?id=2275445
Plugin Details
Severity: High
ID: 194842
File Name: redhat-RHSA-2024-2619.nasl
Version: 1.2
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/30/2024
Updated: 6/4/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2023-21980
CVSS v3
Risk Factor: High
Base Score: 7.1
Temporal Score: 6.2
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/30/2024
Vulnerability Publication Date: 3/31/2023
Reference Information
CVE: CVE-2022-4899, CVE-2023-21911, CVE-2023-21919, CVE-2023-21920, CVE-2023-21929, CVE-2023-21933, CVE-2023-21935, CVE-2023-21940, CVE-2023-21945, CVE-2023-21946, CVE-2023-21947, CVE-2023-21953, CVE-2023-21955, CVE-2023-21962, CVE-2023-21966, CVE-2023-21972, CVE-2023-21976, CVE-2023-21977, CVE-2023-21980, CVE-2023-21982, CVE-2023-22005, CVE-2023-22007, CVE-2023-22008, CVE-2023-22032, CVE-2023-22033, CVE-2023-22038, CVE-2023-22046, CVE-2023-22048, CVE-2023-22053, CVE-2023-22054, CVE-2023-22056, CVE-2023-22057, CVE-2023-22058, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22066, CVE-2023-22068, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22084, CVE-2023-22092, CVE-2023-22097, CVE-2023-22103, CVE-2023-22104, CVE-2023-22110, CVE-2023-22111, CVE-2023-22112, CVE-2023-22113, CVE-2023-22114, CVE-2023-22115, CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963, CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967, CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981, CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985, CVE-2024-20993, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21055, CVE-2024-21056, CVE-2024-21057, CVE-2024-21061