Red Hat: RHSA-2023-3087 Important: MySQL 8.0 Security Issues Fixed

red hat

May 16, 2023

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

Summary

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
The following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177734, BZ#2177735, BZ#2177736)
Security Fix(es):
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)
* mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)
* mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)
* mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)
* mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917)
* mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* RHEL8 AppStream and Devel channels missing mecab-devel rpm (BZ#2180411)

Topics Covered

security advisory security issue red hat critical bug fix mysql important

References

https://access.redhat.com/security/cve/CVE-2022-21594 https://access.redhat.com/security/cve/CVE-2022-21599 https://access.redhat.com/security/cve/CVE-2022-21604 https://access.redhat.com/security/cve/CVE-2022-21608 https://access.redhat.com/security/cve/CVE-2022-21611 https://access.redhat.com/security/cve/CVE-2022-21617 https://access.redhat.com/security/cve/CVE-2022-21625 https://access.redhat.com/security/cve/CVE-2022-21632 https://access.redhat.com/security/cve/CVE-2022-21633 https://access.redhat.com/security/cve/CVE-2022-21637 https://access.redhat.com/security/cve/CVE-2022-21640 https://access.redhat.com/security/cve/CVE-2022-39400 https://access.redhat.com/security/cve/CVE-2022-39408 https://access.redhat.com/security/cve/CVE-2022-39410 https://access.redhat.com/security/cve/CVE-2023-21836 https://access.redhat.com/security/cve/CVE-2023-21863 https://access.redhat.com/security/cve/CVE-2023-21864 https://access.redhat.com/security/cve/CVE-2023-21865 https://access.redhat.com/security/cve/CVE-2023-21867 https://access.redhat.com/security/cve/CVE-2023-21868 https://access.redhat.com/security/cve/CVE-2023-21869 https://access.redhat.com/security/cve/CVE-2023-21870 https://access.redhat.com/security/cve/CVE-2023-21871 Read the Full Advisory

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: mecab-0.996-2.module+el8.8.0+18436+8918dd75.src.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.src.rpm mysql-8.0.32-1.module+el8.8.0+18446+fca6280e.src.rpm
aarch64: mecab-0.996-2.module+el8.8.0+18436+8918dd75.aarch64.rpm mecab-debuginfo-0.996-2.module+el8.8.0+18436+8918dd75.aarch64.rpm mecab-debugsource-0.996-2.module+el8.8.0+18436+8918dd75.aarch64.rpm mecab-devel-0.996-2.module+el8.8.0+18436+8918dd75.aarch64.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.aarch64.rpm mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.aarch64.rpm mysql-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-common-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-debuginfo-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-debugsource-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-devel-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-devel-debuginfo-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-errmsg-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-libs-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm mysql-libs-debuginfo-8.0.32-1.module+el8.8.0+18446+fca6280e.aarch64.rpm

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2023:3087-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2023:3087

Issue date: 2023-05-16

Topic

An update for the mysql:8.0 module is now available for Red Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics Covered

security advisory security issue red hat critical bug fix mysql important

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2142861 - CVE-2022-21594 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2142863 - CVE-2022-21599 mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022)

2142865 - CVE-2022-21604 mysql: InnoDB unspecified vulnerability (CPU Oct 2022)

2142868 - CVE-2022-21608 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2142869 - CVE-2022-21611 mysql: InnoDB unspecified vulnerability (CPU Oct 2022)

2142870 - CVE-2022-21617 mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022)

2142871 - CVE-2022-21625 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2142872 - CVE-2022-21632 mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022)

2142873 - CVE-2022-21633 mysql: Server: Replication unspecified vulnerability (CPU Oct 2022)

2142875 - CVE-2022-21637 mysql: InnoDB unspecified vulnerability (CPU Oct 2022)

2142877 - CVE-2022-21640 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2142879 - CVE-2022-39400 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2142880 - CVE-2022-39408 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2142881 - CVE-2022-39410 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

2162268 - CVE-2023-21836 mysql: Server: DML unspecified vulnerability (CPU Jan 2023)

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat: RHSA-2023-3087 Important: MySQL 8.0 Security Issues Fixed

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat: RHSA-2023-3087 Important: MySQL 8.0 Security Issues Fixed

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!