USN-4651-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-4651-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4651-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4651-1

Published

2020-11-30T12:40:14Z

Modified

2026-04-22T10:10:11.813022Z

Summary

mysql-8.0 vulnerabilities

Details

Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations.

This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access.

References

Affected packages

Ubuntu:20.04:LTS / mysql-8.0

Package

Name: mysql-8.0
Purl: pkg:deb/ubuntu/mysql-8.0@8.0.22-0ubuntu0.20.04.3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.22-0ubuntu0.20.04.3

Affected versions

8.*

8.0.17-0ubuntu2

8.0.17-0ubuntu3

8.0.18-0ubuntu3

8.0.18-0ubuntu4

8.0.18-0ubuntu5

8.0.19-0ubuntu2

8.0.19-0ubuntu3

8.0.19-0ubuntu4

8.0.19-0ubuntu5

8.0.20-0ubuntu0.20.04.1

8.0.21-0ubuntu0.20.04.3

8.0.21-0ubuntu0.20.04.4

8.0.22-0ubuntu0.20.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmysqlclient21",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-client",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-client-8.0",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-client-core-8.0",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-router",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-server",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-server-8.0",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-server-core-8.0",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-source-8.0",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-testsuite",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        },
        {
            "binary_name": "mysql-testsuite-8.0",
            "binary_version": "8.0.22-0ubuntu0.20.04.3"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4651-1.json"

cves_map

{
    "ecosystem": "Ubuntu:20.04:LTS",
    "cves": []
}