Lucene search

K
redhatRedHatRHSA-2023:1102
HistoryMar 07, 2023 - 9:07 a.m.

(RHSA-2023:1102) Moderate: rh-mysql80-mysql security update

2023-03-0709:07:36
access.redhat.com
24
mysql
security fix
server
optimizer
stored procedure
innodb
connection handling
privileges
replication
dml
encryption
gis
thread pooling
cpu oct 2022
cpu jan 2023
cve-2022-21594
cve-2022-21599
cve-2022-21604
cve-2022-21608
cve-2022-21611
cve-2022-21617
cve-2022-21625
cve-2022-21632
cve-2022-21633
cve-2022-21637
cve-2022-21640
cve-2022-39400
cve-2022-39408
cve-2022-39410
cve-2023-21836
cve-2023-21863
cve-2023-21864
cve-2023-21865
cve-2023-21867
cve-2023-21868
cve-2023-21869
cve-2023-21870
cve-2023-21871
cve-2023-21873
cve-2023-21875
cve-2023-21876
cve-2023-21877
cve-2023-21878
cve-2023-21879
cve-2023-21880
cve-2023-21881
cve-2023-21883
cve-2023-21887

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.7%

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.32). (BZ#2142971, BZ#2162319)

Security Fix(es):

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)

  • mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)

  • mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)

  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)

  • mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)

  • mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)

  • mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)

  • mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)

  • mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.7%