RHEL 8:mariadb:10.5 (RHSA-2022: 1557)

medium Nessus 插件 ID 160228

简介

远程 Red Hat 主机缺少一个或多个安全更新。

描述

远程 Redhat Enterprise Linux 8 主机上安装的多个程序包受到 RHSA-2022: 1557 公告中提及的多个漏洞影响。

- mysql:Server: DML 不明漏洞(2021 年 4 月 CPU)(CVE-2021-2154、CVE-2021-2166)

- mysql:InnoDB 不明漏洞(2021 年 7 月 CPU)(CVE-2021-2372、CVE-2021-2389)

- mysql:InnoDB 不明漏洞(2021 年 10 月 CPU)(CVE-2021-35604)

- mariadb:在子查询中使用外部引用执行 ORDER BY 时,造成 get_sort_by_table() 崩溃问题 (CVE-2021-46657)

- mariadb:save_window_function_values 在 IN 子查询期间触发中止 (CVE-2021-46658)

- mariadb:通过某些具有嵌套子查询的 UPDATE 查询,造成 set_var.cc 崩溃问题 (CVE-2021-46662)

- mariadb:不正确地处理从 HAVING 子句到 WHERE 子句的下推时,造成崩溃问题 (CVE-2021-46666)

- mariadb:sql_lex.cc 整数中存在可造成崩溃的整数溢出漏洞 (CVE-2021-46667)

- mysql:InnoDB 不明漏洞 (2022 年 4 月 CPU)(CVE-2022-21451)

- mariadb:Used_tables_and_const_cache: : used_tables_and_const_cache_join 中发生崩溃 (CVE-2022-27385)

- mariadb:由于 ds_xbstream.cc 中未释放的锁定而导致不当锁定问题 (CVE-2022-31621)

- mariadb:由于 plugin/server_audit/server_audit.c 中未释放的锁定导致不当锁定问题,进而造成 DoS (CVE-2022-31624)

请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。

解决方案

更新受影响的程序包。

另见

https://access.redhat.com/security/cve/CVE-2021-2154

https://access.redhat.com/security/cve/CVE-2021-2166

https://access.redhat.com/security/cve/CVE-2021-2372

https://access.redhat.com/security/cve/CVE-2021-2389

https://access.redhat.com/security/cve/CVE-2021-35604

https://access.redhat.com/security/cve/CVE-2021-46657

https://access.redhat.com/security/cve/CVE-2021-46658

https://access.redhat.com/security/cve/CVE-2021-46662

https://access.redhat.com/security/cve/CVE-2021-46666

https://access.redhat.com/security/cve/CVE-2021-46667

https://access.redhat.com/security/cve/CVE-2022-21451

https://access.redhat.com/security/cve/CVE-2022-27385

https://access.redhat.com/security/cve/CVE-2022-31621

https://access.redhat.com/security/cve/CVE-2022-31624

https://access.redhat.com/errata/RHSA-2022:1557

https://bugzilla.redhat.com/1951752

https://bugzilla.redhat.com/1951755

https://bugzilla.redhat.com/1992303

https://bugzilla.redhat.com/1992309

https://bugzilla.redhat.com/2016101

https://bugzilla.redhat.com/2049294

https://bugzilla.redhat.com/2049305

https://bugzilla.redhat.com/2050019

https://bugzilla.redhat.com/2050028

https://bugzilla.redhat.com/2050030

https://bugzilla.redhat.com/2075001

https://bugzilla.redhat.com/2082651

https://bugzilla.redhat.com/2092353

https://bugzilla.redhat.com/2092362

插件详情

严重性: Medium

ID: 160228

文件名: redhat-RHSA-2022-1557.nasl

版本: 1.10

类型: local

代理: unix

发布时间: 2022/4/27

最近更新时间: 2023/11/1

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 4.4

CVSS v2

风险因素: Medium

基本分数: 5.5

时间分数: 4.5

矢量: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 分数来源: CVE-2021-35604

CVSS v3

风险因素: Medium

基本分数: 5.5

时间分数: 5.1

矢量: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

时间矢量: CVSS:3.0/E:F/RL:O/RC:C

漏洞信息

CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.6, cpe:/o:redhat:rhel_e4s:8.6, cpe:/o:redhat:rhel_eus:8.6, cpe:/o:redhat:rhel_tus:8.6, p-cpe:/a:redhat:enterprise_linux:judy, p-cpe:/a:redhat:enterprise_linux:galera, p-cpe:/a:redhat:enterprise_linux:mariadb, p-cpe:/a:redhat:enterprise_linux:mariadb-backup, p-cpe:/a:redhat:enterprise_linux:mariadb-common, p-cpe:/a:redhat:enterprise_linux:mariadb-devel, p-cpe:/a:redhat:enterprise_linux:mariadb-embedded, p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel, p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg, p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server, p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine, p-cpe:/a:redhat:enterprise_linux:mariadb-pam, p-cpe:/a:redhat:enterprise_linux:mariadb-server, p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera, p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils, p-cpe:/a:redhat:enterprise_linux:mariadb-test

必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可利用: true

易利用性: Exploits are available

补丁发布日期: 2022/4/26

漏洞发布日期: 2021/4/20

参考资料信息

CVE: CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667, CVE-2022-21451, CVE-2022-27385, CVE-2022-31621, CVE-2022-31624

CWE: 190, 20, 404, 667, 89

IAVA: 2021-A-0193-S, 2021-A-0333-S, 2021-A-0487-S

RHSA: 2022:1557