Lucene search

K
redhatRedHatRHSA-2024:2619
HistoryApr 30, 2024 - 4:31 p.m.

(RHSA-2024:2619) Moderate: rh-mysql80-mysql security update

2024-04-3016:31:20
access.redhat.com
17
security update
rh-mysql80-mysql
vulnerabilities
buffer overrun
unspecified vulnerability
mysql server
zstd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.004

Percentile

73.8%

MySQL is a multi-user, multi-threaded SQL database server. It consists of the
MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version:
rh-mysql80-mysql (8.0.36)

Security fixes:

  • mysql: Client programs unspecified vulnerability (CVE-2023-21980, CVE-2023-22053)

  • mysql: InnoDB unspecified vulnerability (CVE-2023-21911, CVE-2023-22008, CVE-2023-22033, CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)

  • mysql: Server : Security : Firewall unspecified vulnerability (CVE-2024-20984)

  • mysql: Server: Audit Plug-in unspecified vulnerability (CVE-2024-21061)

  • mysql: Server: Components Services unspecified vulnerability (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)

  • mysql: Server: DDL unspecified vulnerability (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933, CVE-2023-22058, CVE-2024-20969, CVE-2024-20981)

  • mysql: Server: DML unspecified vulnerability (CVE-2023-21972, CVE-2023-22115, CVE-2024-20983, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21056)

  • mysql: Server: JSON unspecified vulnerability (CVE-2023-21966)

  • mysql: Server: Optimizer unspecified vulnerability (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982, CVE-2023-22032, CVE-2023-22046, CVE-2023-22054, CVE-2023-22056, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112, CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982, CVE-2024-20993, CVE-2024-21055, CVE-2024-21057)

  • mysql: Server: Options unspecified vulnerability (CVE-2024-20968)

  • mysql: Server: Partition unspecified vulnerability (CVE-2023-21953, CVE-2023-21955)

  • mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2023-22048)

  • mysql: Server: RAPID unspecified vulnerability (CVE-2024-20960)

  • mysql: Server: Replication unspecified vulnerability (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057, CVE-2024-20967)

  • mysql: Server: Security: Encryption unspecified vulnerability (CVE-2023-22113, CVE-2024-20963)

  • mysql: Server: Security: Privileges unspecified vulnerability (CVE-2023-22038, CVE-2024-20964)

  • mysql: Server: UDF unspecified vulnerability (CVE-2023-22111, CVE-2024-20985)

  • zstd: mysql: buffer overrun in util.c (CVE-2022-4899)

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.004

Percentile

73.8%