Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-C611359AE1.NASLHistoryAug 23, 2024 - 12:00 a.m.
Fedora 39 : community-mysql (2024-c611359ae1)
2024-08-2300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
fedora 39
community-mysql
vulnerabilities
fedora-2024-c611359ae1
mysql 8.0.39
release notes
tenable
nessus
security advisory
remote host
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
7.6
Confidence
Low
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c611359ae1 advisory.
**MySQL 8.0.39**
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-39.html
Tenable has extracted the preceding description block directly from the Fedora security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-c611359ae1
#
include('compat.inc');
if (description)
{
script_id(206146);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/23");
script_cve_id(
"CVE-2024-20960",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-20967",
"CVE-2024-20969",
"CVE-2024-20970",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973"
);
script_xref(name:"FEDORA", value:"2024-c611359ae1");
script_name(english:"Fedora 39 : community-mysql (2024-c611359ae1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-c611359ae1 advisory.
**MySQL 8.0.39**
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-39.html
Tenable has extracted the preceding description block directly from the Fedora security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-c611359ae1");
script_set_attribute(attribute:"solution", value:
"Update the affected community-mysql package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20969");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/16");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:39");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^39([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 39', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'community-mysql-8.0.39-1.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'community-mysql');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20973
bodhi.fedoraproject.org/updates/FEDORA-2024-c611359ae1
Related
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-c611359ae1)
2024-08-23 00:00:00
Ubuntu: Security Advisory (USN-6615-1)
2024-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: community-mysql-8.0.39-1.fc39
2024-08-23 01:24:55
nessus
nessus
Photon OS 4.0: Mysql PHSA-2024-4.0-0555
2024-07-23 00:00:00
Photon OS 3.0: Mysql PHSA-2024-3.0-0716
2024-07-24 00:00:00
Photon OS 5.0: Mysql PHSA-2024-5.0-0194
2024-07-24 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2024-01-30 00:00:00
f5
f5
K000138460: Multiple MySQL vulnerabilities
2024-02-02 00:00:00
K000138704 : Multiple MySQL vulnerabilities
2024-02-23 00:00:00
osv
osv
mysql-8.0 vulnerabilities
2024-01-30 12:38:24
CVE-2024-20973
2024-01-16 22:15:44
CVE-2024-20972
2024-02-17 02:15:50
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0194
2024-01-22 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0555
2024-01-23 00:00:00
Moderate Photon OS Security Update - PHSA-2024-3.0-0716
2024-01-21 00:00:00
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2024-20973 affecting package mysql for versions less than 8.0.36-1
2024-07-10 19:52:59
CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1
2024-07-10 19:52:59
CVE-2024-20965 affecting package mysql for versions less than 8.0.36-1
2024-07-10 19:52:59
cve
cve
ubuntucve
ubuntucve
redhatcve
redhatcve
nvd
nvd
debiancve
debiancve
prion
prion
Code injection
2024-02-17 02:15:00
Code injection
2024-01-16 22:15:00
Design/Logic Flaw
2024-02-17 02:15:00
vulnrichment
vulnrichment
cvelist
cvelist
cnvd
cnvd
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11153)
2024-02-22 00:00:00
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11158)
2024-02-22 00:00:00
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11122)
2024-02-22 00:00:00
oraclelinux
oraclelinux
mysql:8.0 security update
2024-02-21 00:00:00
mysql security update
2024-03-06 00:00:00
almalinux
almalinux
Moderate: mysql:8.0 security update
2024-02-20 00:00:00
Moderate: mysql security update
2024-03-05 00:00:00
redhat
redhat
(RHSA-2024:0894) Moderate: mysql:8.0 security update
2024-02-20 11:21:25
(RHSA-2024:1141) Moderate: mysql security update
2024-03-05 15:32:23
(RHSA-2024:2619) Moderate: rh-mysql80-mysql security update
2024-04-30 16:31:20
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
7.6
Confidence
Low
Related for FEDORA_2024-C611359AE1.NASL