- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202105-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: MySQL: Multiple vulnerabilities
      Date: May 26, 2021
      Bugs: #699876, #708090, #717628, #732974, #766339, #789243
        ID: 202105-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL, the worst of which
could result in the arbitrary execution of code.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server.

Affected packages
=================

     -------------------------------------------------------------------
      Package              /     Vulnerable     /            Unaffected
     -------------------------------------------------------------------
   1  dev-db/mysql                 < 8.0.24              >= 5.7.34:5.7
                                                             >= 8.0.24
   2  dev-db/mysql-connector-c
                                   < 8.0.24                  >= 8.0.24
     -------------------------------------------------------------------
      2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
======

An attacker could possibly execute arbitrary code with the privileges
of the process, escalate privileges, gain access to critical data or
complete access to all MySQL server accessible data, or cause a Denial
of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.34"

All mysql users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=dev-db/mysql-8.0.24"

References
==========

[   1 ] CVE-2019-2938
         https://nvd.nist.gov/vuln/detail/CVE-2019-2938
[   2 ] CVE-2019-2974
         https://nvd.nist.gov/vuln/detail/CVE-2019-2974
[   3 ] CVE-2020-14539
         https://nvd.nist.gov/vuln/detail/CVE-2020-14539
[   4 ] CVE-2020-14540
         https://nvd.nist.gov/vuln/detail/CVE-2020-14540
[   5 ] CVE-2020-14547
         https://nvd.nist.gov/vuln/detail/CVE-2020-14547
[   6 ] CVE-2020-14550
         https://nvd.nist.gov/vuln/detail/CVE-2020-14550
[   7 ] CVE-2020-14553
         https://nvd.nist.gov/vuln/detail/CVE-2020-14553
[   8 ] CVE-2020-14559
         https://nvd.nist.gov/vuln/detail/CVE-2020-14559
[   9 ] CVE-2020-14564
         https://nvd.nist.gov/vuln/detail/CVE-2020-14564
[  10 ] CVE-2020-14567
         https://nvd.nist.gov/vuln/detail/CVE-2020-14567
[  11 ] CVE-2020-14568
         https://nvd.nist.gov/vuln/detail/CVE-2020-14568
[  12 ] CVE-2020-14575
         https://nvd.nist.gov/vuln/detail/CVE-2020-14575
[  13 ] CVE-2020-14576
         https://nvd.nist.gov/vuln/detail/CVE-2020-14576
[  14 ] CVE-2020-14586
         https://nvd.nist.gov/vuln/detail/CVE-2020-14586
[  15 ] CVE-2020-14591
         https://nvd.nist.gov/vuln/detail/CVE-2020-14591
[  16 ] CVE-2020-14597
         https://nvd.nist.gov/vuln/detail/CVE-2020-14597
[  17 ] CVE-2020-14614
         https://nvd.nist.gov/vuln/detail/CVE-2020-14614
[  18 ] CVE-2020-14619
         https://nvd.nist.gov/vuln/detail/CVE-2020-14619
[  19 ] CVE-2020-14620
         https://nvd.nist.gov/vuln/detail/CVE-2020-14620
[  20 ] CVE-2020-14623
         https://nvd.nist.gov/vuln/detail/CVE-2020-14623
[  21 ] CVE-2020-14624
         https://nvd.nist.gov/vuln/detail/CVE-2020-14624
[  22 ] CVE-2020-14626
         https://nvd.nist.gov/vuln/detail/CVE-2020-14626
[  23 ] CVE-2020-14631
         https://nvd.nist.gov/vuln/detail/CVE-2020-14631
[  24 ] CVE-2020-14632
         https://nvd.nist.gov/vuln/detail/CVE-2020-14632
[  25 ] CVE-2020-14633
         https://nvd.nist.gov/vuln/detail/CVE-2020-14633
[  26 ] CVE-2020-14634
         https://nvd.nist.gov/vuln/detail/CVE-2020-14634
[  27 ] CVE-2020-14641
         https://nvd.nist.gov/vuln/detail/CVE-2020-14641
[  28 ] CVE-2020-14643
         https://nvd.nist.gov/vuln/detail/CVE-2020-14643
[  29 ] CVE-2020-14651
         https://nvd.nist.gov/vuln/detail/CVE-2020-14651
[  30 ] CVE-2020-14654
         https://nvd.nist.gov/vuln/detail/CVE-2020-14654
[  31 ] CVE-2020-14656
         https://nvd.nist.gov/vuln/detail/CVE-2020-14656
[  32 ] CVE-2020-14663
         https://nvd.nist.gov/vuln/detail/CVE-2020-14663
[  33 ] CVE-2020-14672
         https://nvd.nist.gov/vuln/detail/CVE-2020-14672
[  34 ] CVE-2020-14678
         https://nvd.nist.gov/vuln/detail/CVE-2020-14678
[  35 ] CVE-2020-14680
         https://nvd.nist.gov/vuln/detail/CVE-2020-14680
[  36 ] CVE-2020-14697
         https://nvd.nist.gov/vuln/detail/CVE-2020-14697
[  37 ] CVE-2020-14702
         https://nvd.nist.gov/vuln/detail/CVE-2020-14702
[  38 ] CVE-2020-14725
         https://nvd.nist.gov/vuln/detail/CVE-2020-14725
[  39 ] CVE-2020-14760
         https://nvd.nist.gov/vuln/detail/CVE-2020-14760
[  40 ] CVE-2020-14765
         https://nvd.nist.gov/vuln/detail/CVE-2020-14765
[  41 ] CVE-2020-14769
         https://nvd.nist.gov/vuln/detail/CVE-2020-14769
[  42 ] CVE-2020-14771
         https://nvd.nist.gov/vuln/detail/CVE-2020-14771
[  43 ] CVE-2020-14773
         https://nvd.nist.gov/vuln/detail/CVE-2020-14773
[  44 ] CVE-2020-14775
         https://nvd.nist.gov/vuln/detail/CVE-2020-14775
[  45 ] CVE-2020-14776
         https://nvd.nist.gov/vuln/detail/CVE-2020-14776
[  46 ] CVE-2020-14777
         https://nvd.nist.gov/vuln/detail/CVE-2020-14777
[  47 ] CVE-2020-14785
         https://nvd.nist.gov/vuln/detail/CVE-2020-14785
[  48 ] CVE-2020-14786
         https://nvd.nist.gov/vuln/detail/CVE-2020-14786
[  49 ] CVE-2020-14789
         https://nvd.nist.gov/vuln/detail/CVE-2020-14789
[  50 ] CVE-2020-14790
         https://nvd.nist.gov/vuln/detail/CVE-2020-14790
[  51 ] CVE-2020-14791
         https://nvd.nist.gov/vuln/detail/CVE-2020-14791
[  52 ] CVE-2020-14793
         https://nvd.nist.gov/vuln/detail/CVE-2020-14793
[  53 ] CVE-2020-14794
         https://nvd.nist.gov/vuln/detail/CVE-2020-14794
[  54 ] CVE-2020-14799
         https://nvd.nist.gov/vuln/detail/CVE-2020-14799
[  55 ] CVE-2020-14800
         https://nvd.nist.gov/vuln/detail/CVE-2020-14800
[  56 ] CVE-2020-14804
         https://nvd.nist.gov/vuln/detail/CVE-2020-14804
[  57 ] CVE-2020-14809
         https://nvd.nist.gov/vuln/detail/CVE-2020-14809
[  58 ] CVE-2020-14812
         https://nvd.nist.gov/vuln/detail/CVE-2020-14812
[  59 ] CVE-2020-14814
         https://nvd.nist.gov/vuln/detail/CVE-2020-14814
[  60 ] CVE-2020-14821
         https://nvd.nist.gov/vuln/detail/CVE-2020-14821
[  61 ] CVE-2020-14827
         https://nvd.nist.gov/vuln/detail/CVE-2020-14827
[  62 ] CVE-2020-14828
         https://nvd.nist.gov/vuln/detail/CVE-2020-14828
[  63 ] CVE-2020-14829
         https://nvd.nist.gov/vuln/detail/CVE-2020-14829
[  64 ] CVE-2020-14830
         https://nvd.nist.gov/vuln/detail/CVE-2020-14830
[  65 ] CVE-2020-14836
         https://nvd.nist.gov/vuln/detail/CVE-2020-14836
[  66 ] CVE-2020-14837
         https://nvd.nist.gov/vuln/detail/CVE-2020-14837
[  67 ] CVE-2020-14838
         https://nvd.nist.gov/vuln/detail/CVE-2020-14838
[  68 ] CVE-2020-14839
         https://nvd.nist.gov/vuln/detail/CVE-2020-14839
[  69 ] CVE-2020-14844
         https://nvd.nist.gov/vuln/detail/CVE-2020-14844
[  70 ] CVE-2020-14845
         https://nvd.nist.gov/vuln/detail/CVE-2020-14845
[  71 ] CVE-2020-14846
         https://nvd.nist.gov/vuln/detail/CVE-2020-14846
[  72 ] CVE-2020-14848
         https://nvd.nist.gov/vuln/detail/CVE-2020-14848
[  73 ] CVE-2020-14852
         https://nvd.nist.gov/vuln/detail/CVE-2020-14852
[  74 ] CVE-2020-14853
         https://nvd.nist.gov/vuln/detail/CVE-2020-14853
[  75 ] CVE-2020-14860
         https://nvd.nist.gov/vuln/detail/CVE-2020-14860
[  76 ] CVE-2020-14861
         https://nvd.nist.gov/vuln/detail/CVE-2020-14861
[  77 ] CVE-2020-14866
         https://nvd.nist.gov/vuln/detail/CVE-2020-14866
[  78 ] CVE-2020-14867
         https://nvd.nist.gov/vuln/detail/CVE-2020-14867
[  79 ] CVE-2020-14868
         https://nvd.nist.gov/vuln/detail/CVE-2020-14868
[  80 ] CVE-2020-14869
         https://nvd.nist.gov/vuln/detail/CVE-2020-14869
[  81 ] CVE-2020-14870
         https://nvd.nist.gov/vuln/detail/CVE-2020-14870
[  82 ] CVE-2020-14873
         https://nvd.nist.gov/vuln/detail/CVE-2020-14873
[  83 ] CVE-2020-14878
         https://nvd.nist.gov/vuln/detail/CVE-2020-14878
[  84 ] CVE-2020-14888
         https://nvd.nist.gov/vuln/detail/CVE-2020-14888
[  85 ] CVE-2020-14891
         https://nvd.nist.gov/vuln/detail/CVE-2020-14891
[  86 ] CVE-2020-14893
         https://nvd.nist.gov/vuln/detail/CVE-2020-14893
[  87 ] CVE-2020-2570
         https://nvd.nist.gov/vuln/detail/CVE-2020-2570
[  88 ] CVE-2020-2572
         https://nvd.nist.gov/vuln/detail/CVE-2020-2572
[  89 ] CVE-2020-2573
         https://nvd.nist.gov/vuln/detail/CVE-2020-2573
[  90 ] CVE-2020-2574
         https://nvd.nist.gov/vuln/detail/CVE-2020-2574
[  91 ] CVE-2020-2577
         https://nvd.nist.gov/vuln/detail/CVE-2020-2577
[  92 ] CVE-2020-2579
         https://nvd.nist.gov/vuln/detail/CVE-2020-2579
[  93 ] CVE-2020-2580
         https://nvd.nist.gov/vuln/detail/CVE-2020-2580
[  94 ] CVE-2020-2584
         https://nvd.nist.gov/vuln/detail/CVE-2020-2584
[  95 ] CVE-2020-2588
         https://nvd.nist.gov/vuln/detail/CVE-2020-2588
[  96 ] CVE-2020-2589
         https://nvd.nist.gov/vuln/detail/CVE-2020-2589
[  97 ] CVE-2020-2627
         https://nvd.nist.gov/vuln/detail/CVE-2020-2627
[  98 ] CVE-2020-2660
         https://nvd.nist.gov/vuln/detail/CVE-2020-2660
[  99 ] CVE-2020-2679
         https://nvd.nist.gov/vuln/detail/CVE-2020-2679
[ 100 ] CVE-2020-2686
         https://nvd.nist.gov/vuln/detail/CVE-2020-2686
[ 101 ] CVE-2020-2694
         https://nvd.nist.gov/vuln/detail/CVE-2020-2694
[ 102 ] CVE-2020-2752
         https://nvd.nist.gov/vuln/detail/CVE-2020-2752
[ 103 ] CVE-2020-2759
         https://nvd.nist.gov/vuln/detail/CVE-2020-2759
[ 104 ] CVE-2020-2760
         https://nvd.nist.gov/vuln/detail/CVE-2020-2760
[ 105 ] CVE-2020-2761
         https://nvd.nist.gov/vuln/detail/CVE-2020-2761
[ 106 ] CVE-2020-2762
         https://nvd.nist.gov/vuln/detail/CVE-2020-2762
[ 107 ] CVE-2020-2763
         https://nvd.nist.gov/vuln/detail/CVE-2020-2763
[ 108 ] CVE-2020-2765
         https://nvd.nist.gov/vuln/detail/CVE-2020-2765
[ 109 ] CVE-2020-2768
         https://nvd.nist.gov/vuln/detail/CVE-2020-2768
[ 110 ] CVE-2020-2770
         https://nvd.nist.gov/vuln/detail/CVE-2020-2770
[ 111 ] CVE-2020-2774
         https://nvd.nist.gov/vuln/detail/CVE-2020-2774
[ 112 ] CVE-2020-2779
         https://nvd.nist.gov/vuln/detail/CVE-2020-2779
[ 113 ] CVE-2020-2780
         https://nvd.nist.gov/vuln/detail/CVE-2020-2780
[ 114 ] CVE-2020-2790
         https://nvd.nist.gov/vuln/detail/CVE-2020-2790
[ 115 ] CVE-2020-2804
         https://nvd.nist.gov/vuln/detail/CVE-2020-2804
[ 116 ] CVE-2020-2806
         https://nvd.nist.gov/vuln/detail/CVE-2020-2806
[ 117 ] CVE-2020-2812
         https://nvd.nist.gov/vuln/detail/CVE-2020-2812
[ 118 ] CVE-2020-2814
         https://nvd.nist.gov/vuln/detail/CVE-2020-2814
[ 119 ] CVE-2020-2853
         https://nvd.nist.gov/vuln/detail/CVE-2020-2853
[ 120 ] CVE-2020-2875
         https://nvd.nist.gov/vuln/detail/CVE-2020-2875
[ 121 ] CVE-2020-2892
         https://nvd.nist.gov/vuln/detail/CVE-2020-2892
[ 122 ] CVE-2020-2893
         https://nvd.nist.gov/vuln/detail/CVE-2020-2893
[ 123 ] CVE-2020-2895
         https://nvd.nist.gov/vuln/detail/CVE-2020-2895
[ 124 ] CVE-2020-2896
         https://nvd.nist.gov/vuln/detail/CVE-2020-2896
[ 125 ] CVE-2020-2897
         https://nvd.nist.gov/vuln/detail/CVE-2020-2897
[ 126 ] CVE-2020-2898
         https://nvd.nist.gov/vuln/detail/CVE-2020-2898
[ 127 ] CVE-2020-2901
         https://nvd.nist.gov/vuln/detail/CVE-2020-2901
[ 128 ] CVE-2020-2903
         https://nvd.nist.gov/vuln/detail/CVE-2020-2903
[ 129 ] CVE-2020-2904
         https://nvd.nist.gov/vuln/detail/CVE-2020-2904
[ 130 ] CVE-2020-2921
         https://nvd.nist.gov/vuln/detail/CVE-2020-2921
[ 131 ] CVE-2020-2922
         https://nvd.nist.gov/vuln/detail/CVE-2020-2922
[ 132 ] CVE-2020-2923
         https://nvd.nist.gov/vuln/detail/CVE-2020-2923
[ 133 ] CVE-2020-2924
         https://nvd.nist.gov/vuln/detail/CVE-2020-2924
[ 134 ] CVE-2020-2925
         https://nvd.nist.gov/vuln/detail/CVE-2020-2925
[ 135 ] CVE-2020-2926
         https://nvd.nist.gov/vuln/detail/CVE-2020-2926
[ 136 ] CVE-2020-2928
         https://nvd.nist.gov/vuln/detail/CVE-2020-2928
[ 137 ] CVE-2020-2930
         https://nvd.nist.gov/vuln/detail/CVE-2020-2930
[ 138 ] CVE-2020-2933
         https://nvd.nist.gov/vuln/detail/CVE-2020-2933
[ 139 ] CVE-2020-2934
         https://nvd.nist.gov/vuln/detail/CVE-2020-2934
[ 140 ] CVE-2021-1998
         https://nvd.nist.gov/vuln/detail/CVE-2021-1998
[ 141 ] CVE-2021-2001
         https://nvd.nist.gov/vuln/detail/CVE-2021-2001
[ 142 ] CVE-2021-2002
         https://nvd.nist.gov/vuln/detail/CVE-2021-2002
[ 143 ] CVE-2021-2006
         https://nvd.nist.gov/vuln/detail/CVE-2021-2006
[ 144 ] CVE-2021-2007
         https://nvd.nist.gov/vuln/detail/CVE-2021-2007
[ 145 ] CVE-2021-2009
         https://nvd.nist.gov/vuln/detail/CVE-2021-2009
[ 146 ] CVE-2021-2010
         https://nvd.nist.gov/vuln/detail/CVE-2021-2010
[ 147 ] CVE-2021-2011
         https://nvd.nist.gov/vuln/detail/CVE-2021-2011
[ 148 ] CVE-2021-2012
         https://nvd.nist.gov/vuln/detail/CVE-2021-2012
[ 149 ] CVE-2021-2014
         https://nvd.nist.gov/vuln/detail/CVE-2021-2014
[ 150 ] CVE-2021-2016
         https://nvd.nist.gov/vuln/detail/CVE-2021-2016
[ 151 ] CVE-2021-2019
         https://nvd.nist.gov/vuln/detail/CVE-2021-2019
[ 152 ] CVE-2021-2020
         https://nvd.nist.gov/vuln/detail/CVE-2021-2020
[ 153 ] CVE-2021-2021
         https://nvd.nist.gov/vuln/detail/CVE-2021-2021
[ 154 ] CVE-2021-2022
         https://nvd.nist.gov/vuln/detail/CVE-2021-2022
[ 155 ] CVE-2021-2024
         https://nvd.nist.gov/vuln/detail/CVE-2021-2024
[ 156 ] CVE-2021-2028
         https://nvd.nist.gov/vuln/detail/CVE-2021-2028
[ 157 ] CVE-2021-2030
         https://nvd.nist.gov/vuln/detail/CVE-2021-2030
[ 158 ] CVE-2021-2031
         https://nvd.nist.gov/vuln/detail/CVE-2021-2031
[ 159 ] CVE-2021-2032
         https://nvd.nist.gov/vuln/detail/CVE-2021-2032
[ 160 ] CVE-2021-2036
         https://nvd.nist.gov/vuln/detail/CVE-2021-2036
[ 161 ] CVE-2021-2038
         https://nvd.nist.gov/vuln/detail/CVE-2021-2038
[ 162 ] CVE-2021-2042
         https://nvd.nist.gov/vuln/detail/CVE-2021-2042
[ 163 ] CVE-2021-2046
         https://nvd.nist.gov/vuln/detail/CVE-2021-2046
[ 164 ] CVE-2021-2048
         https://nvd.nist.gov/vuln/detail/CVE-2021-2048
[ 165 ] CVE-2021-2055
         https://nvd.nist.gov/vuln/detail/CVE-2021-2055
[ 166 ] CVE-2021-2056
         https://nvd.nist.gov/vuln/detail/CVE-2021-2056
[ 167 ] CVE-2021-2058
         https://nvd.nist.gov/vuln/detail/CVE-2021-2058
[ 168 ] CVE-2021-2060
         https://nvd.nist.gov/vuln/detail/CVE-2021-2060
[ 169 ] CVE-2021-2061
         https://nvd.nist.gov/vuln/detail/CVE-2021-2061
[ 170 ] CVE-2021-2065
         https://nvd.nist.gov/vuln/detail/CVE-2021-2065
[ 171 ] CVE-2021-2070
         https://nvd.nist.gov/vuln/detail/CVE-2021-2070
[ 172 ] CVE-2021-2072
         https://nvd.nist.gov/vuln/detail/CVE-2021-2072
[ 173 ] CVE-2021-2076
         https://nvd.nist.gov/vuln/detail/CVE-2021-2076
[ 174 ] CVE-2021-2081
         https://nvd.nist.gov/vuln/detail/CVE-2021-2081
[ 175 ] CVE-2021-2087
         https://nvd.nist.gov/vuln/detail/CVE-2021-2087
[ 176 ] CVE-2021-2088
         https://nvd.nist.gov/vuln/detail/CVE-2021-2088
[ 177 ] CVE-2021-2122
         https://nvd.nist.gov/vuln/detail/CVE-2021-2122
[ 178 ] CVE-2021-2154
         https://nvd.nist.gov/vuln/detail/CVE-2021-2154
[ 179 ] CVE-2021-2166
         https://nvd.nist.gov/vuln/detail/CVE-2021-2166
[ 180 ] CVE-2021-2180
         https://nvd.nist.gov/vuln/detail/CVE-2021-2180

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/202105-27

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5