Issued:
2024-04-30
Updated:
2024-04-30

RHSA-2024:2619 - Moderate: rh-mysql80-mysql security update

Synopsis

Moderate: rh-mysql80-mysql security update

Type/Severity

Security Advisory Moderate

Topic

An update for rh-mysql80-mysql is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.36)

Security fixes:

  • mysql: Client programs unspecified vulnerability (CVE-2023-21980, CVE-2023-22053)

  • mysql: InnoDB unspecified vulnerability (CVE-2023-21911, CVE-2023-22008, CVE-2023-22033, CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)

  • mysql: Server : Security : Firewall unspecified vulnerability (CVE-2024-20984)

  • mysql: Server: Audit Plug-in unspecified vulnerability (CVE-2024-21061)

  • mysql: Server: Components Services unspecified vulnerability (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)

  • mysql: Server: DDL unspecified vulnerability (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933, CVE-2023-22058, CVE-2024-20969, CVE-2024-20981)

  • mysql: Server: DML unspecified vulnerability (CVE-2023-21972, CVE-2023-22115, CVE-2024-20983, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21056)

  • mysql: Server: JSON unspecified vulnerability (CVE-2023-21966)

  • mysql: Server: Optimizer unspecified vulnerability (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982, CVE-2023-22032, CVE-2023-22046, CVE-2023-22054, CVE-2023-22056, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112, CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982, CVE-2024-20993, CVE-2024-21055, CVE-2024-21057)

  • mysql: Server: Options unspecified vulnerability (CVE-2024-20968)

  • mysql: Server: Partition unspecified vulnerability (CVE-2023-21953, CVE-2023-21955)

  • mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2023-22048)

  • mysql: Server: RAPID unspecified vulnerability (CVE-2024-20960)

  • mysql: Server: Replication unspecified vulnerability (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057, CVE-2024-20967)

  • mysql: Server: Security: Encryption unspecified vulnerability (CVE-2023-22113, CVE-2024-20963)

  • mysql: Server: Security: Privileges unspecified vulnerability (CVE-2023-22038, CVE-2024-20964)

  • mysql: Server: UDF unspecified vulnerability (CVE-2023-22111, CVE-2024-20985)

  • zstd: mysql: buffer overrun in util.c (CVE-2022-4899)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

ProductVersionArch
Red Hat Software Collections (for RHEL Workstation)1x86_64
Red Hat Software Collections (for RHEL Server)1x86_64
Red Hat Software Collections (for RHEL Server for System Z)1s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE)1ppc64le

Updated Packages

  • rh-mysql80-mysql-test-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-config-syspaths-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-common-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-common-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-icu-data-files-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-syspaths-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-devel-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-debuginfo-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-icu-data-files-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-server-syspaths-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-devel-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-debuginfo-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-debuginfo-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-config-syspaths-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-devel-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-server-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-server-syspaths-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-test-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-errmsg-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-syspaths-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-errmsg-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-icu-data-files-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-config-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-syspaths-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-config-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-server-8.0.36-1.el7.ppc64le.rpm
  • rh-mysql80-mysql-server-syspaths-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-server-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-common-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-config-syspaths-8.0.36-1.el7.s390x.rpm
  • rh-mysql80-mysql-8.0.36-1.el7.src.rpm
  • rh-mysql80-mysql-config-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-test-8.0.36-1.el7.x86_64.rpm
  • rh-mysql80-mysql-errmsg-8.0.36-1.el7.ppc64le.rpm

Fixes

CVEs

References

Additional information