RLSA-2025:1673

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2025:1673
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2025:1673.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2025:1673
Related
Published
2025-02-26T19:09:52.852483Z
Modified
2025-02-26T19:12:48.866511Z
Summary
Important: mysql:8.0 security update
Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

  • openssl: SSLselectnext_proto buffer overread (CVE-2024-5535)

  • krb5: GSS message token handling (CVE-2024-37371)

  • curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)

  • mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)

  • mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)

  • mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)

  • mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)

  • mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)

  • mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)

  • mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)

  • mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)

  • mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)

  • mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)

  • mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)

  • mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)

  • mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)

  • mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)

  • curl: curl netrc password leak (CVE-2024-11053)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)

  • mysql: MySQL Server Options Vulnerability (CVE-2025-21520)

  • mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)

  • mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)

  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)

  • mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)

  • mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)

  • mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)

  • mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)

  • mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)

  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)

  • mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)

  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)

  • mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)

  • mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)

  • mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)

  • mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)

  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)

  • mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)

  • mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)

  • mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)

  • mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / mecab

Package

Name
mecab
Purl
pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.996-2.module+el8.10.0+1676+9b4b6e24

Rocky Linux:8 / mecab-ipadic

Package

Name
mecab-ipadic
Purl
pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83

Rocky Linux:8 / mysql

Package

Name
mysql
Purl
pkg:rpm/rocky-linux/mysql?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:8.0.41-1.module+el8.10.0+1937+28fbbc83.0.1