RHEL 7:rh-mysql80-mysql (RHSA-2024:2619)
high Nessus Plugin ID 194842
語系:
概要
遠端 Red Hat 主機缺少一個或多個 rh-mysql80-mysql 的安全性更新。說明
遠端 Redhat Enterprise Linux 7 主機上安裝的套件受到 RHSA-2024:2619 公告中提及的多個弱點影響。- zstd:mysql:util.c 中發生緩衝區滿溢 (CVE-2022-4899)
- mysql:InnoDB 不明弱點 (2022 年 4 月 CPU) (CVE-2023-21911)
- mysql: Server:DDL 不明弱點 (2023 年 4 月 CPU) (CVE-2023-21919、CVE-2023-21929、CVE-2023-21933)
- mysql: Server:Optimizer 不明弱點 (2023 年 4 月 CPU) (CVE-2023-21920、CVE-2023-21935、CVE-2023-21945、CVE-2023-21946、CVE-2023-21976、CVE-2023-21977、CVE-2023-21982)
- mysql: Server: Components Services 不明弱點 (2023 年 4 月 CPU) (CVE-2023-21940、CVE-2023-21947、CVE-2023-21962)
- mysql: Server:Partition 不明弱點 (2023 年 4 月 CPU) (CVE-2023-21953、CVE-2023-21955)
- mysql: Server:JSON 不明弱點 (2023 年 4 月 CPU) (CVE-2023-21966)
- mysql: Server:DML 不明弱點 (2023 年 4 月 CPU) (CVE-2023-21972)
- mysql:用戶端程式不明弱點 (2023 年 4 月 CPU) (CVE-2023-21980)
- mysql: Server:Replication 不明弱點 (2023 年 7 月 CPU) (CVE-2023-22005、CVE-2023-22007、CVE-2023-22057)
- mysql:InnoDB 不明弱點 (2023 年 7 月 CPU) (CVE-2023-22008、CVE-2023-22033)
- mysql: Server:Optimizer 不明弱點 (2023 年 10 月 CPU) (CVE-2023-22032、CVE-2023-22059、CVE-2023-22064、CVE-2023-22065、CVE-2023-22070、CVE-2023-22078、CVE-2023-22079、CVE-2023-22092、CVE-2023-22103、CVE-2023-22110、CVE-2023-22112)
- mysql: Server: Security:Privileges 不明弱點 (2023 年 7 月 CPU) (CVE-2023-22038)
- mysql: Server:Optimizer 不明弱點 (2023 年 7 月 CPU) (CVE-2023-22046、CVE-2023-22054、CVE-2023-22056)
- mysql: Server:Pluggable Auth 不明弱點 (2023 年 7 月 CPU) (CVE-2023-22048)
- mysql:用戶端程式不明弱點 (2023 年 7 月 CPU) (CVE-2023-22053)
- mysql: Server:DDL 不明弱點 (2023 年 7 月 CPU) (CVE-2023-22058)
- mysql:InnoDB 不明弱點 (2023 年 10 月 CPU) (CVE-2023-22066、CVE-2023-22068、CVE-2023-22084、CVE-2023-22097、CVE-2023-22104、CVE-2023-22114)
- mysql: Server:UDF 不明弱點 (2023 年 10 月 CPU) (CVE-2023-22111)
- mysql: Server: Security:Encryption 不明弱點 (2023 年 10 月 CPU) (CVE-2023-22113)
- mysql: Server:DML 不明弱點 (2023 年 10 月 CPU) (CVE-2023-22115)
- mysql: Server:RAPID 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20960)
- mysql: Server:Optimizer 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20961、CVE-2024-20962、CVE-2024-20965、CVE-2024-20966、CVE-2024-20970、CVE-2024-20971、CVE-2024-20972、CVE-2024-20973、CVE-2024-20974、CVE-2024-20976、CVE-2024-20977、CVE-2024-20978、CVE-2024-20982)
- mysql: Server: Security:Encryption 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20963)
- mysql: Server: Security:Privileges不明弱點 (2024 年 1 月 CPU) (CVE-2024-20964)
- mysql: Server:Replication 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20967)
- mysql: Server:Options 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20968)
- mysql: Server:DDL 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20969、CVE-2024-20981)
- mysql: Server:DML 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20983)
- mysql: Server: Security:Firewall 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20984)
- mysql: Server:UDF 不明弱點 (2024 年 1 月 CPU) (CVE-2024-20985)
- mysql: Server:Optimizer 不明弱點 (2024 年 4 月 CPU) (CVE-2024-20993、CVE-2024-21055、CVE-2024-21057)
- mysql: Server:DML 不明弱點 (2024 年 4 月 CPU) (CVE-2024-21015、CVE-2024-21049、CVE-2024-21050、CVE-2024-21051、CVE-2024-21052、CVE-2024-21053、CVE-2024-21056)
- mysql: Server:Audit Plug-in 不明弱點 (2024 年 4 月 CPU) (CVE-2024-21061)
請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
根據 RHSA-2024:2619 中的指引更新 RHEL rh-mysql80-mysql 套件。另請參閱
https://access.redhat.com/security/cve/CVE-2023-21920
https://access.redhat.com/security/cve/CVE-2023-21929
https://access.redhat.com/security/cve/CVE-2023-21933
https://access.redhat.com/security/cve/CVE-2023-21935
https://access.redhat.com/security/cve/CVE-2023-21940
https://access.redhat.com/security/cve/CVE-2023-21945
https://access.redhat.com/security/cve/CVE-2023-21946
https://access.redhat.com/security/cve/CVE-2023-21947
https://access.redhat.com/security/cve/CVE-2023-21953
https://access.redhat.com/security/cve/CVE-2023-21955
https://access.redhat.com/security/cve/CVE-2023-21962
https://access.redhat.com/security/cve/CVE-2023-22084
https://access.redhat.com/security/cve/CVE-2023-22092
https://access.redhat.com/security/cve/CVE-2023-22097
https://access.redhat.com/security/cve/CVE-2023-22103
https://access.redhat.com/security/cve/CVE-2023-22104
https://access.redhat.com/security/cve/CVE-2023-22110
https://access.redhat.com/security/cve/CVE-2023-22111
https://access.redhat.com/security/cve/CVE-2023-22112
https://access.redhat.com/security/cve/CVE-2023-22113
https://access.redhat.com/security/cve/CVE-2023-22114
https://access.redhat.com/security/cve/CVE-2023-22115
https://access.redhat.com/security/cve/CVE-2024-20960
https://access.redhat.com/security/cve/CVE-2024-20961
https://access.redhat.com/security/cve/CVE-2024-20962
https://access.redhat.com/security/cve/CVE-2024-20963
https://access.redhat.com/security/cve/CVE-2024-20964
https://access.redhat.com/security/cve/CVE-2024-20965
https://access.redhat.com/security/cve/CVE-2024-20966
https://access.redhat.com/security/cve/CVE-2024-20967
https://access.redhat.com/security/cve/CVE-2024-20968
https://access.redhat.com/security/cve/CVE-2024-20969
https://access.redhat.com/security/cve/CVE-2024-20970
https://access.redhat.com/security/cve/CVE-2024-20971
https://access.redhat.com/security/cve/CVE-2024-20972
https://access.redhat.com/security/cve/CVE-2024-20973
https://access.redhat.com/security/cve/CVE-2024-20974
https://access.redhat.com/security/cve/CVE-2024-20976
https://access.redhat.com/security/cve/CVE-2024-20977
https://access.redhat.com/security/cve/CVE-2024-20978
https://access.redhat.com/errata/RHSA-2024:2619
https://access.redhat.com/security/cve/CVE-2022-4899
https://access.redhat.com/security/cve/CVE-2023-21911
https://access.redhat.com/security/cve/CVE-2023-21919
https://access.redhat.com/security/cve/CVE-2023-21966
https://access.redhat.com/security/cve/CVE-2023-21972
https://access.redhat.com/security/cve/CVE-2023-21976
https://access.redhat.com/security/cve/CVE-2023-21977
https://access.redhat.com/security/cve/CVE-2023-21980
https://access.redhat.com/security/cve/CVE-2023-21982
https://access.redhat.com/security/cve/CVE-2023-22005
https://access.redhat.com/security/cve/CVE-2023-22007
https://access.redhat.com/security/cve/CVE-2023-22008
https://access.redhat.com/security/cve/CVE-2023-22032
https://access.redhat.com/security/cve/CVE-2023-22033
https://access.redhat.com/security/cve/CVE-2023-22038
https://access.redhat.com/security/cve/CVE-2023-22046
https://access.redhat.com/security/cve/CVE-2023-22048
https://access.redhat.com/security/cve/CVE-2023-22053
https://access.redhat.com/security/cve/CVE-2023-22054
https://access.redhat.com/security/cve/CVE-2023-22056
https://access.redhat.com/security/cve/CVE-2023-22057
https://access.redhat.com/security/cve/CVE-2023-22058
https://access.redhat.com/security/cve/CVE-2023-22059
https://access.redhat.com/security/cve/CVE-2023-22064
https://access.redhat.com/security/cve/CVE-2023-22065
https://access.redhat.com/security/cve/CVE-2023-22066
https://access.redhat.com/security/cve/CVE-2023-22068
https://access.redhat.com/security/cve/CVE-2023-22070
https://access.redhat.com/security/cve/CVE-2023-22078
https://access.redhat.com/security/cve/CVE-2023-22079
https://access.redhat.com/security/cve/CVE-2024-20981
https://access.redhat.com/security/cve/CVE-2024-20982
https://access.redhat.com/security/cve/CVE-2024-20983
https://access.redhat.com/security/cve/CVE-2024-20984
https://access.redhat.com/security/cve/CVE-2024-20985
https://access.redhat.com/security/cve/CVE-2024-20993
https://access.redhat.com/security/cve/CVE-2024-21015
https://access.redhat.com/security/cve/CVE-2024-21049
https://access.redhat.com/security/cve/CVE-2024-21050
https://access.redhat.com/security/cve/CVE-2024-21051
https://access.redhat.com/security/cve/CVE-2024-21052
https://access.redhat.com/security/cve/CVE-2024-21053
https://access.redhat.com/security/cve/CVE-2024-21055
https://access.redhat.com/security/cve/CVE-2024-21056
Plugin 詳細資訊
嚴重性: High
ID: 194842
檔案名稱: redhat-RHSA-2024-2619.nasl
版本: 1.1
類型: local
代理程式: unix
已發布: 2024/4/30
已更新: 2024/5/2
支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
風險資訊
VPR
風險因素: Medium
分數: 5.9
CVSS v2
風險因素: High
基本分數: 7.1
時間分數: 5.3
媒介: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2023-21980
CVSS v3
風險因素: High
基本分數: 7.1
時間分數: 6.2
媒介: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2024/4/30
弱點發布日期: 2023/3/31
參考資訊
CVE: CVE-2022-4899, CVE-2023-21911, CVE-2023-21919, CVE-2023-21920, CVE-2023-21929, CVE-2023-21933, CVE-2023-21935, CVE-2023-21940, CVE-2023-21945, CVE-2023-21946, CVE-2023-21947, CVE-2023-21953, CVE-2023-21955, CVE-2023-21962, CVE-2023-21966, CVE-2023-21972, CVE-2023-21976, CVE-2023-21977, CVE-2023-21980, CVE-2023-21982, CVE-2023-22005, CVE-2023-22007, CVE-2023-22008, CVE-2023-22032, CVE-2023-22033, CVE-2023-22038, CVE-2023-22046, CVE-2023-22048, CVE-2023-22053, CVE-2023-22054, CVE-2023-22056, CVE-2023-22057, CVE-2023-22058, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22066, CVE-2023-22068, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22084, CVE-2023-22092, CVE-2023-22097, CVE-2023-22103, CVE-2023-22104, CVE-2023-22110, CVE-2023-22111, CVE-2023-22112, CVE-2023-22113, CVE-2023-22114, CVE-2023-22115, CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963, CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967, CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981, CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985, CVE-2024-20993, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21055, CVE-2024-21056, CVE-2024-21057, CVE-2024-21061