ALSA-2025:1673

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/8/ALSA-2025-1673.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:1673.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2025:1673
Related
Published
2025-02-19T00:00:00Z
Modified
2025-02-20T11:16:10Z
Summary
Important: mysql:8.0 security update
Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

  • openssl: SSLselectnext_proto buffer overread (CVE-2024-5535)
  • krb5: GSS message token handling (CVE-2024-37371)
  • curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
  • mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
  • mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
  • mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
  • mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
  • mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
  • mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
  • mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
  • mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
  • mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
  • mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
  • mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
  • mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
  • mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
  • mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
  • curl: curl netrc password leak (CVE-2024-11053)
  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
  • mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
  • mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
  • mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
  • mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
  • mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
  • mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
  • mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
  • mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
  • mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
  • mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
  • mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
  • mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
  • mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
  • mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
  • mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
  • mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / mecab

Package

Name
mecab
Purl
pkg:rpm/almalinux/mecab

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.996-2.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mecab

Package

Name
mecab
Purl
pkg:rpm/almalinux/mecab

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.996-2.module_el8.6.0+3340+d764b636

AlmaLinux:8 / mecab-devel

Package

Name
mecab-devel
Purl
pkg:rpm/almalinux/mecab-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.996-2.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mecab-devel

Package

Name
mecab-devel
Purl
pkg:rpm/almalinux/mecab-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.996-2.module_el8.6.0+3340+d764b636

AlmaLinux:8 / mecab-ipadic

Package

Name
mecab-ipadic
Purl
pkg:rpm/almalinux/mecab-ipadic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0.20070801-17.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mecab-ipadic-EUCJP

Package

Name
mecab-ipadic-EUCJP
Purl
pkg:rpm/almalinux/mecab-ipadic-EUCJP

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0.20070801-17.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql

Package

Name
mysql
Purl
pkg:rpm/almalinux/mysql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql-common

Package

Name
mysql-common
Purl
pkg:rpm/almalinux/mysql-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql-devel

Package

Name
mysql-devel
Purl
pkg:rpm/almalinux/mysql-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql-errmsg

Package

Name
mysql-errmsg
Purl
pkg:rpm/almalinux/mysql-errmsg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql-libs

Package

Name
mysql-libs
Purl
pkg:rpm/almalinux/mysql-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql-server

Package

Name
mysql-server
Purl
pkg:rpm/almalinux/mysql-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607

AlmaLinux:8 / mysql-test

Package

Name
mysql-test
Purl
pkg:rpm/almalinux/mysql-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.41-1.module_el8.10.0+3965+b415b607