RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)

high Nessus Plugin ID 194842

Synopsis

The remote Red Hat host is missing one or more security updates for rh-mysql80-mysql.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version:
rh-mysql80-mysql (8.0.36)

Security fixes:

* mysql: Client programs unspecified vulnerability (CVE-2023-21980, CVE-2023-22053)

* mysql: InnoDB unspecified vulnerability (CVE-2023-21911, CVE-2023-22008, CVE-2023-22033, CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)

* mysql: Server : Security : Firewall unspecified vulnerability (CVE-2024-20984)

* mysql: Server: Audit Plug-in unspecified vulnerability (CVE-2024-21061)

* mysql: Server: Components Services unspecified vulnerability (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)

* mysql: Server: DDL unspecified vulnerability (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933, CVE-2023-22058, CVE-2024-20969, CVE-2024-20981)

* mysql: Server: DML unspecified vulnerability (CVE-2023-21972, CVE-2023-22115, CVE-2024-20983, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21056)

* mysql: Server: JSON unspecified vulnerability (CVE-2023-21966)

* mysql: Server: Optimizer unspecified vulnerability (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982, CVE-2023-22032, CVE-2023-22046, CVE-2023-22054, CVE-2023-22056, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112, CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982, CVE-2024-20993, CVE-2024-21055, CVE-2024-21057)

* mysql: Server: Options unspecified vulnerability (CVE-2024-20968)

* mysql: Server: Partition unspecified vulnerability (CVE-2023-21953, CVE-2023-21955)

* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2023-22048)

* mysql: Server: RAPID unspecified vulnerability (CVE-2024-20960)

* mysql: Server: Replication unspecified vulnerability (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057, CVE-2024-20967)

* mysql: Server: Security: Encryption unspecified vulnerability (CVE-2023-22113, CVE-2024-20963)

* mysql: Server: Security: Privileges unspecified vulnerability (CVE-2023-22038, CVE-2024-20964)

* mysql: Server: UDF unspecified vulnerability (CVE-2023-22111, CVE-2024-20985)

* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rh-mysql80-mysql package based on the guidance in RHSA-2024:2619.

See Also

http://www.nessus.org/u?43f8267c

https://access.redhat.com/errata/RHSA-2024:2619

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2179864

https://bugzilla.redhat.com/show_bug.cgi?id=2188109

https://bugzilla.redhat.com/show_bug.cgi?id=2188113

https://bugzilla.redhat.com/show_bug.cgi?id=2188115

https://bugzilla.redhat.com/show_bug.cgi?id=2188116

https://bugzilla.redhat.com/show_bug.cgi?id=2188117

https://bugzilla.redhat.com/show_bug.cgi?id=2188118

https://bugzilla.redhat.com/show_bug.cgi?id=2188119

https://bugzilla.redhat.com/show_bug.cgi?id=2188120

https://bugzilla.redhat.com/show_bug.cgi?id=2188121

https://bugzilla.redhat.com/show_bug.cgi?id=2188122

https://bugzilla.redhat.com/show_bug.cgi?id=2188123

https://bugzilla.redhat.com/show_bug.cgi?id=2188124

https://bugzilla.redhat.com/show_bug.cgi?id=2188125

https://bugzilla.redhat.com/show_bug.cgi?id=2188127

https://bugzilla.redhat.com/show_bug.cgi?id=2188128

https://bugzilla.redhat.com/show_bug.cgi?id=2188129

https://bugzilla.redhat.com/show_bug.cgi?id=2258773

https://bugzilla.redhat.com/show_bug.cgi?id=2258774

https://bugzilla.redhat.com/show_bug.cgi?id=2258775

https://bugzilla.redhat.com/show_bug.cgi?id=2258776

https://bugzilla.redhat.com/show_bug.cgi?id=2258777

https://bugzilla.redhat.com/show_bug.cgi?id=2258778

https://bugzilla.redhat.com/show_bug.cgi?id=2258779

https://bugzilla.redhat.com/show_bug.cgi?id=2258780

https://bugzilla.redhat.com/show_bug.cgi?id=2258781

https://bugzilla.redhat.com/show_bug.cgi?id=2258782

https://bugzilla.redhat.com/show_bug.cgi?id=2258783

https://bugzilla.redhat.com/show_bug.cgi?id=2258784

https://bugzilla.redhat.com/show_bug.cgi?id=2258785

https://bugzilla.redhat.com/show_bug.cgi?id=2258787

https://bugzilla.redhat.com/show_bug.cgi?id=2258788

https://bugzilla.redhat.com/show_bug.cgi?id=2258789

https://bugzilla.redhat.com/show_bug.cgi?id=2258790

https://bugzilla.redhat.com/show_bug.cgi?id=2258791

https://bugzilla.redhat.com/show_bug.cgi?id=2258792

https://bugzilla.redhat.com/show_bug.cgi?id=2258793

https://bugzilla.redhat.com/show_bug.cgi?id=2258794

https://bugzilla.redhat.com/show_bug.cgi?id=2275428

https://bugzilla.redhat.com/show_bug.cgi?id=2275435

https://bugzilla.redhat.com/show_bug.cgi?id=2275437

https://bugzilla.redhat.com/show_bug.cgi?id=2275438

https://bugzilla.redhat.com/show_bug.cgi?id=2275439

https://bugzilla.redhat.com/show_bug.cgi?id=2275440

https://bugzilla.redhat.com/show_bug.cgi?id=2275441

https://bugzilla.redhat.com/show_bug.cgi?id=2275444

https://bugzilla.redhat.com/show_bug.cgi?id=2275445

https://bugzilla.redhat.com/show_bug.cgi?id=2275446

https://bugzilla.redhat.com/show_bug.cgi?id=2275448

https://bugzilla.redhat.com/show_bug.cgi?id=2188130

https://bugzilla.redhat.com/show_bug.cgi?id=2188131

https://bugzilla.redhat.com/show_bug.cgi?id=2188132

https://bugzilla.redhat.com/show_bug.cgi?id=2224211

https://bugzilla.redhat.com/show_bug.cgi?id=2224212

https://bugzilla.redhat.com/show_bug.cgi?id=2224213

https://bugzilla.redhat.com/show_bug.cgi?id=2224214

https://bugzilla.redhat.com/show_bug.cgi?id=2224215

https://bugzilla.redhat.com/show_bug.cgi?id=2224216

https://bugzilla.redhat.com/show_bug.cgi?id=2224217

https://bugzilla.redhat.com/show_bug.cgi?id=2224218

https://bugzilla.redhat.com/show_bug.cgi?id=2224219

https://bugzilla.redhat.com/show_bug.cgi?id=2224220

https://bugzilla.redhat.com/show_bug.cgi?id=2224221

https://bugzilla.redhat.com/show_bug.cgi?id=2224222

https://bugzilla.redhat.com/show_bug.cgi?id=2245014

https://bugzilla.redhat.com/show_bug.cgi?id=2245015

https://bugzilla.redhat.com/show_bug.cgi?id=2245016

https://bugzilla.redhat.com/show_bug.cgi?id=2245017

https://bugzilla.redhat.com/show_bug.cgi?id=2245018

https://bugzilla.redhat.com/show_bug.cgi?id=2245019

https://bugzilla.redhat.com/show_bug.cgi?id=2245020

https://bugzilla.redhat.com/show_bug.cgi?id=2245021

https://bugzilla.redhat.com/show_bug.cgi?id=2245022

https://bugzilla.redhat.com/show_bug.cgi?id=2245023

https://bugzilla.redhat.com/show_bug.cgi?id=2245024

https://bugzilla.redhat.com/show_bug.cgi?id=2245026

https://bugzilla.redhat.com/show_bug.cgi?id=2245027

https://bugzilla.redhat.com/show_bug.cgi?id=2245028

https://bugzilla.redhat.com/show_bug.cgi?id=2245029

https://bugzilla.redhat.com/show_bug.cgi?id=2245030

https://bugzilla.redhat.com/show_bug.cgi?id=2245031

https://bugzilla.redhat.com/show_bug.cgi?id=2245032

https://bugzilla.redhat.com/show_bug.cgi?id=2245033

https://bugzilla.redhat.com/show_bug.cgi?id=2245034

https://bugzilla.redhat.com/show_bug.cgi?id=2258771

https://bugzilla.redhat.com/show_bug.cgi?id=2258772

Plugin Details

Severity: High

ID: 194842

File Name: redhat-RHSA-2024-2619.nasl

Version: 1.4

Type: local

Agent: unix

Published: 4/30/2024

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-21980

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2024

Vulnerability Publication Date: 3/31/2023

Reference Information

CVE: CVE-2022-4899, CVE-2023-21911, CVE-2023-21919, CVE-2023-21920, CVE-2023-21929, CVE-2023-21933, CVE-2023-21935, CVE-2023-21940, CVE-2023-21945, CVE-2023-21946, CVE-2023-21947, CVE-2023-21953, CVE-2023-21955, CVE-2023-21962, CVE-2023-21966, CVE-2023-21972, CVE-2023-21976, CVE-2023-21977, CVE-2023-21980, CVE-2023-21982, CVE-2023-22005, CVE-2023-22007, CVE-2023-22008, CVE-2023-22032, CVE-2023-22033, CVE-2023-22038, CVE-2023-22046, CVE-2023-22048, CVE-2023-22053, CVE-2023-22054, CVE-2023-22056, CVE-2023-22057, CVE-2023-22058, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22066, CVE-2023-22068, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22084, CVE-2023-22092, CVE-2023-22097, CVE-2023-22103, CVE-2023-22104, CVE-2023-22110, CVE-2023-22111, CVE-2023-22112, CVE-2023-22113, CVE-2023-22114, CVE-2023-22115, CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963, CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967, CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981, CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985, CVE-2024-20993, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21055, CVE-2024-21056, CVE-2024-21057, CVE-2024-21061

CWE: 400

RHSA: 2024:2619