ALSA-2024:0894

Source
https://errata.almalinux.org/8/ALSA-2024-0894.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0894.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:0894
Related
Published
2024-02-20T00:00:00Z
Modified
2024-02-28T16:26:23Z
Summary
Moderate: mysql:8.0 security update
Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
  • mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
  • mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
  • mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
  • mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
  • mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
  • mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
  • mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
  • mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
  • mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
  • mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
  • mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
  • mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
  • mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
  • mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
  • mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
  • mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
  • mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
  • mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
  • zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
  • mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
  • mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)
References

Affected packages

AlmaLinux:8 / mecab

Package

Name
mecab

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.996-2.module_el8.6.0+3340+d764b636

AlmaLinux:8 / mecab-devel

Package

Name
mecab-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.996-2.module_el8.6.0+3340+d764b636

AlmaLinux:8 / mecab-ipadic

Package

Name
mecab-ipadic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0.20070801-16.module_el8.6.0+3340+d764b636

AlmaLinux:8 / mecab-ipadic-EUCJP

Package

Name
mecab-ipadic-EUCJP

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0.20070801-16.module_el8.6.0+3340+d764b636

AlmaLinux:8 / mysql

Package

Name
mysql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11

AlmaLinux:8 / mysql-common

Package

Name
mysql-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11

AlmaLinux:8 / mysql-devel

Package

Name
mysql-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11

AlmaLinux:8 / mysql-errmsg

Package

Name
mysql-errmsg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11

AlmaLinux:8 / mysql-libs

Package

Name
mysql-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11

AlmaLinux:8 / mysql-server

Package

Name
mysql-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11

AlmaLinux:8 / mysql-test

Package

Name
mysql-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.36-1.module_el8.9.0+3735+82bd6c11