ALSA-2024:0894

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

• mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
• mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
• mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
• mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
• mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
• mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
• mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
• mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
• mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
• mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
• mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
• mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
• mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
• mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
• mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
• mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
• mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
• mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
• mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
• mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
• mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
• mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
• mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
• mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
• mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
• mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
• zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
• mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
• mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
• mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)