AlmaLinuxALSA-2022:6590Moderate: mysql security, bug fix, and enhancement update
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
54.2%
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
The following packages have been upgraded to a later upstream version: mysql (8.0.30). (BZ#2122589)
Security Fix(es):
- mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423)
- mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)
- mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)
- mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)
- mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)
- mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)
- mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)
- mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)
- mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)
- mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)
- mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Default logrotate set to wrong log file (BZ#2122592)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | aarch64 | mysql-server | < 8.0.30-3.el9_0 | mysql-server-8.0.30-3.el9_0.aarch64.rpm |
| almalinux | 9 | aarch64 | mysql | < 8.0.30-3.el9_0 | mysql-8.0.30-3.el9_0.aarch64.rpm |
| almalinux | 9 | aarch64 | mysql-common | < 8.0.30-3.el9_0 | mysql-common-8.0.30-3.el9_0.aarch64.rpm |
| almalinux | 9 | aarch64 | mysql-errmsg | < 8.0.30-3.el9_0 | mysql-errmsg-8.0.30-3.el9_0.aarch64.rpm |
| almalinux | 9 | x86_64 | mysql-server | < 8.0.30-3.el9_0 | mysql-server-8.0.30-3.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | mysql | < 8.0.30-3.el9_0 | mysql-8.0.30-3.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | mysql-errmsg | < 8.0.30-3.el9_0 | mysql-errmsg-8.0.30-3.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | mysql-common | < 8.0.30-3.el9_0 | mysql-common-8.0.30-3.el9_0.x86_64.rpm |
| almalinux | 9 | s390x | mysql | < 8.0.30-3.el9_0 | mysql-8.0.30-3.el9_0.s390x.rpm |
| almalinux | 9 | s390x | mysql-common | < 8.0.30-3.el9_0 | mysql-common-8.0.30-3.el9_0.s390x.rpm |
References
access.redhat.com/errata/RHSA-2022:6590
access.redhat.com/security/cve/CVE-2022-21412
access.redhat.com/security/cve/CVE-2022-21413
access.redhat.com/security/cve/CVE-2022-21414
access.redhat.com/security/cve/CVE-2022-21415
access.redhat.com/security/cve/CVE-2022-21417
access.redhat.com/security/cve/CVE-2022-21418
access.redhat.com/security/cve/CVE-2022-21423
access.redhat.com/security/cve/CVE-2022-21425
access.redhat.com/security/cve/CVE-2022-21427
access.redhat.com/security/cve/CVE-2022-21435
access.redhat.com/security/cve/CVE-2022-21436
access.redhat.com/security/cve/CVE-2022-21437
access.redhat.com/security/cve/CVE-2022-21438
access.redhat.com/security/cve/CVE-2022-21440
access.redhat.com/security/cve/CVE-2022-21444
access.redhat.com/security/cve/CVE-2022-21451
access.redhat.com/security/cve/CVE-2022-21452
access.redhat.com/security/cve/CVE-2022-21454
access.redhat.com/security/cve/CVE-2022-21455
access.redhat.com/security/cve/CVE-2022-21457
access.redhat.com/security/cve/CVE-2022-21459
access.redhat.com/security/cve/CVE-2022-21460
access.redhat.com/security/cve/CVE-2022-21462
access.redhat.com/security/cve/CVE-2022-21478
access.redhat.com/security/cve/CVE-2022-21479
access.redhat.com/security/cve/CVE-2022-21509
access.redhat.com/security/cve/CVE-2022-21515
access.redhat.com/security/cve/CVE-2022-21517
access.redhat.com/security/cve/CVE-2022-21522
access.redhat.com/security/cve/CVE-2022-21525
access.redhat.com/security/cve/CVE-2022-21526
access.redhat.com/security/cve/CVE-2022-21527
access.redhat.com/security/cve/CVE-2022-21528
access.redhat.com/security/cve/CVE-2022-21529
access.redhat.com/security/cve/CVE-2022-21530
access.redhat.com/security/cve/CVE-2022-21531
access.redhat.com/security/cve/CVE-2022-21534
access.redhat.com/security/cve/CVE-2022-21537
access.redhat.com/security/cve/CVE-2022-21538
access.redhat.com/security/cve/CVE-2022-21539
access.redhat.com/security/cve/CVE-2022-21547
access.redhat.com/security/cve/CVE-2022-21553
access.redhat.com/security/cve/CVE-2022-21556
access.redhat.com/security/cve/CVE-2022-21569
bugzilla.redhat.com/2082636
bugzilla.redhat.com/2082637
bugzilla.redhat.com/2082638
bugzilla.redhat.com/2082639
bugzilla.redhat.com/2082640
bugzilla.redhat.com/2082641
bugzilla.redhat.com/2082642
bugzilla.redhat.com/2082643
bugzilla.redhat.com/2082644
bugzilla.redhat.com/2082645
bugzilla.redhat.com/2082646
bugzilla.redhat.com/2082647
bugzilla.redhat.com/2082648
bugzilla.redhat.com/2082649
bugzilla.redhat.com/2082650
bugzilla.redhat.com/2082651
bugzilla.redhat.com/2082652
bugzilla.redhat.com/2082653
bugzilla.redhat.com/2082654
bugzilla.redhat.com/2082655
bugzilla.redhat.com/2082656
bugzilla.redhat.com/2082657
bugzilla.redhat.com/2082658
bugzilla.redhat.com/2082659
bugzilla.redhat.com/2115282
bugzilla.redhat.com/2115283
bugzilla.redhat.com/2115284
bugzilla.redhat.com/2115285
bugzilla.redhat.com/2115286
bugzilla.redhat.com/2115287
bugzilla.redhat.com/2115288
bugzilla.redhat.com/2115289
bugzilla.redhat.com/2115290
bugzilla.redhat.com/2115291
bugzilla.redhat.com/2115292
bugzilla.redhat.com/2115293
bugzilla.redhat.com/2115294
bugzilla.redhat.com/2115295
bugzilla.redhat.com/2115296
bugzilla.redhat.com/2115297
bugzilla.redhat.com/2115298
bugzilla.redhat.com/2115299
bugzilla.redhat.com/2115300
bugzilla.redhat.com/2115301
errata.almalinux.org/9/ALSA-2022-6590.html
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
54.2%