Lucene search

AlmaLinuxALSA-2023:2621

HistoryMay 09, 2023 - 12:00 a.m.

Important: mysql security update

2023-05-0900:00:00

errata.almalinux.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.7%

JSON

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177731, BZ#2177732)

Security Fix(es):

mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)
mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)
mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)
mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)
mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)
mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)
mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)
mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)
mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)
mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)
mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)
mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)
mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)
mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)
mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)
mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917)
mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9aarch64mysql< 8.0.32-1.el9_2mysql-8.0.32-1.el9_2.aarch64.rpm
almalinux9aarch64mysql-common< 8.0.32-1.el9_2mysql-common-8.0.32-1.el9_2.aarch64.rpm
almalinux9aarch64mysql-errmsg< 8.0.32-1.el9_2mysql-errmsg-8.0.32-1.el9_2.aarch64.rpm
almalinux9aarch64mysql-server< 8.0.32-1.el9_2mysql-server-8.0.32-1.el9_2.aarch64.rpm
almalinux9ppc64lemysql-common< 8.0.32-1.el9_2mysql-common-8.0.32-1.el9_2.ppc64le.rpm
almalinux9ppc64lemysql< 8.0.32-1.el9_2mysql-8.0.32-1.el9_2.ppc64le.rpm
almalinux9ppc64lemysql-server< 8.0.32-1.el9_2mysql-server-8.0.32-1.el9_2.ppc64le.rpm
almalinux9ppc64lemysql-errmsg< 8.0.32-1.el9_2mysql-errmsg-8.0.32-1.el9_2.ppc64le.rpm
almalinux9x86_64mysql-errmsg< 8.0.32-1.el9_2mysql-errmsg-8.0.32-1.el9_2.x86_64.rpm
almalinux9x86_64mysql-common< 8.0.32-1.el9_2mysql-common-8.0.32-1.el9_2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	aarch64	mysql	< 8.0.32-1.el9_2	mysql-8.0.32-1.el9_2.aarch64.rpm
almalinux	9	aarch64	mysql-common	< 8.0.32-1.el9_2	mysql-common-8.0.32-1.el9_2.aarch64.rpm
almalinux	9	aarch64	mysql-errmsg	< 8.0.32-1.el9_2	mysql-errmsg-8.0.32-1.el9_2.aarch64.rpm
almalinux	9	aarch64	mysql-server	< 8.0.32-1.el9_2	mysql-server-8.0.32-1.el9_2.aarch64.rpm
almalinux	9	ppc64le	mysql-common	< 8.0.32-1.el9_2	mysql-common-8.0.32-1.el9_2.ppc64le.rpm
almalinux	9	ppc64le	mysql	< 8.0.32-1.el9_2	mysql-8.0.32-1.el9_2.ppc64le.rpm
almalinux	9	ppc64le	mysql-server	< 8.0.32-1.el9_2	mysql-server-8.0.32-1.el9_2.ppc64le.rpm
almalinux	9	ppc64le	mysql-errmsg	< 8.0.32-1.el9_2	mysql-errmsg-8.0.32-1.el9_2.ppc64le.rpm
almalinux	9	x86_64	mysql-errmsg	< 8.0.32-1.el9_2	mysql-errmsg-8.0.32-1.el9_2.x86_64.rpm
almalinux	9	x86_64	mysql-common	< 8.0.32-1.el9_2	mysql-common-8.0.32-1.el9_2.x86_64.rpm

Rows per page:

1-10 of 281

References

access.redhat.com/errata/RHSA-2023:2621

access.redhat.com/security/cve/CVE-2022-21594

access.redhat.com/security/cve/CVE-2022-21599

access.redhat.com/security/cve/CVE-2022-21604

access.redhat.com/security/cve/CVE-2022-21608

access.redhat.com/security/cve/CVE-2022-21611

access.redhat.com/security/cve/CVE-2022-21617

access.redhat.com/security/cve/CVE-2022-21625

access.redhat.com/security/cve/CVE-2022-21632

access.redhat.com/security/cve/CVE-2022-21633

access.redhat.com/security/cve/CVE-2022-21637

access.redhat.com/security/cve/CVE-2022-21640

access.redhat.com/security/cve/CVE-2022-39400

access.redhat.com/security/cve/CVE-2022-39408

access.redhat.com/security/cve/CVE-2022-39410

access.redhat.com/security/cve/CVE-2023-21836

access.redhat.com/security/cve/CVE-2023-21863

access.redhat.com/security/cve/CVE-2023-21864

access.redhat.com/security/cve/CVE-2023-21865

access.redhat.com/security/cve/CVE-2023-21867

access.redhat.com/security/cve/CVE-2023-21868

access.redhat.com/security/cve/CVE-2023-21869

access.redhat.com/security/cve/CVE-2023-21870

access.redhat.com/security/cve/CVE-2023-21871

access.redhat.com/security/cve/CVE-2023-21873

access.redhat.com/security/cve/CVE-2023-21874

access.redhat.com/security/cve/CVE-2023-21875

access.redhat.com/security/cve/CVE-2023-21876

access.redhat.com/security/cve/CVE-2023-21877

access.redhat.com/security/cve/CVE-2023-21878

access.redhat.com/security/cve/CVE-2023-21879

access.redhat.com/security/cve/CVE-2023-21880

access.redhat.com/security/cve/CVE-2023-21881

access.redhat.com/security/cve/CVE-2023-21882

access.redhat.com/security/cve/CVE-2023-21883

access.redhat.com/security/cve/CVE-2023-21887

access.redhat.com/security/cve/CVE-2023-21912

access.redhat.com/security/cve/CVE-2023-21917

bugzilla.redhat.com/2142861

bugzilla.redhat.com/2142863

bugzilla.redhat.com/2142865

bugzilla.redhat.com/2142868

bugzilla.redhat.com/2142869

bugzilla.redhat.com/2142870

bugzilla.redhat.com/2142871

bugzilla.redhat.com/2142872

bugzilla.redhat.com/2142873

bugzilla.redhat.com/2142875

bugzilla.redhat.com/2142877

bugzilla.redhat.com/2142879

bugzilla.redhat.com/2142880

bugzilla.redhat.com/2142881

bugzilla.redhat.com/2162268

bugzilla.redhat.com/2162270

bugzilla.redhat.com/2162271

bugzilla.redhat.com/2162272

bugzilla.redhat.com/2162274

bugzilla.redhat.com/2162275

bugzilla.redhat.com/2162276

bugzilla.redhat.com/2162277

bugzilla.redhat.com/2162278

bugzilla.redhat.com/2162280

bugzilla.redhat.com/2162281

bugzilla.redhat.com/2162282

bugzilla.redhat.com/2162283

bugzilla.redhat.com/2162284

bugzilla.redhat.com/2162285

bugzilla.redhat.com/2162286

bugzilla.redhat.com/2162287

bugzilla.redhat.com/2162288

bugzilla.redhat.com/2162289

bugzilla.redhat.com/2162290

bugzilla.redhat.com/2162291

bugzilla.redhat.com/2188110

bugzilla.redhat.com/2188112

errata.almalinux.org/9/ALSA-2023-2621.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for ALSA-2023:2621