RHEL 7:rh-mariadb105-mariadb (RHSA-2022: 1007)

medium Nessus 插件 ID 159169

简介

远程 Red Hat 主机缺少一个或多个安全更新。

描述

远程 Redhat Enterprise Linux 7 主机上安装的程序包受到 RHSA-2022: 1007 公告中提及的多个漏洞影响。

- mysql:Server: DML 不明漏洞(2021 年 4 月 CPU)(CVE-2021-2154、CVE-2021-2166)

- mysql:InnoDB 不明漏洞(2021 年 7 月 CPU)(CVE-2021-2372、CVE-2021-2389)

- mysql:InnoDB 不明漏洞(2021 年 10 月 CPU)(CVE-2021-35604)

- mariadb:在子查询中使用外部引用执行 ORDER BY 时,造成 get_sort_by_table() 崩溃问题 (CVE-2021-46657)

- mariadb:save_window_function_values 在 IN 子查询期间触发中止 (CVE-2021-46658)

- mariadb:通过某些具有嵌套子查询的 UPDATE 查询,造成 set_var.cc 崩溃问题 (CVE-2021-46662)

- mariadb:不正确地处理从 HAVING 子句到 WHERE 子句的下推时,造成崩溃问题 (CVE-2021-46666)

- mariadb:sql_lex.cc 整数中存在可造成崩溃的整数溢出漏洞 (CVE-2021-46667)

- mysql:InnoDB 不明漏洞 (2022 年 4 月 CPU)(CVE-2022-21451)

- mariadb:Used_tables_and_const_cache: : used_tables_and_const_cache_join 中发生崩溃 (CVE-2022-27385)

- mariadb:由于 ds_xbstream.cc 中未释放的锁定而导致不当锁定问题 (CVE-2022-31621)

- mariadb:由于 plugin/server_audit/server_audit.c 中未释放的锁定导致不当锁定问题,进而造成 DoS (CVE-2022-31624)

请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。

解决方案

更新受影响的程序包。

另见

https://access.redhat.com/security/cve/CVE-2021-2154

https://access.redhat.com/security/cve/CVE-2021-2166

https://access.redhat.com/security/cve/CVE-2021-2372

https://access.redhat.com/security/cve/CVE-2021-2389

https://access.redhat.com/security/cve/CVE-2021-35604

https://access.redhat.com/security/cve/CVE-2021-46657

https://access.redhat.com/security/cve/CVE-2021-46658

https://access.redhat.com/security/cve/CVE-2021-46662

https://access.redhat.com/security/cve/CVE-2021-46666

https://access.redhat.com/security/cve/CVE-2021-46667

https://access.redhat.com/security/cve/CVE-2022-21451

https://access.redhat.com/security/cve/CVE-2022-27385

https://access.redhat.com/security/cve/CVE-2022-31621

https://access.redhat.com/security/cve/CVE-2022-31624

https://access.redhat.com/errata/RHSA-2022:1007

https://bugzilla.redhat.com/1951752

https://bugzilla.redhat.com/1951755

https://bugzilla.redhat.com/1992303

https://bugzilla.redhat.com/1992309

https://bugzilla.redhat.com/2016101

https://bugzilla.redhat.com/2049294

https://bugzilla.redhat.com/2049305

https://bugzilla.redhat.com/2050019

https://bugzilla.redhat.com/2050028

https://bugzilla.redhat.com/2050030

https://bugzilla.redhat.com/2075001

https://bugzilla.redhat.com/2082651

https://bugzilla.redhat.com/2092353

https://bugzilla.redhat.com/2092362

插件详情

严重性: Medium

ID: 159169

文件名: redhat-RHSA-2022-1007.nasl

版本: 1.10

类型: local

代理: unix

发布时间: 2022/3/23

最近更新时间: 2023/11/3

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 4.4

CVSS v2

风险因素: Medium

基本分数: 5.5

时间分数: 4.5

矢量: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 分数来源: CVE-2021-35604

CVSS v3

风险因素: Medium

基本分数: 5.5

时间分数: 5.1

矢量: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

时间矢量: CVSS:3.0/E:F/RL:O/RC:C

漏洞信息

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-galera, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test

必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可利用: true

易利用性: Exploits are available

补丁发布日期: 2022/3/22

漏洞发布日期: 2021/4/20

参考资料信息

CVE: CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667

CWE: 190, 20, 404, 667, 89

IAVA: 2021-A-0193-S, 2021-A-0333-S, 2021-A-0487-S

RHSA: 2022:1007