Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:6590

Опубликовано: 20 сент. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: mysql security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version: mysql (8.0.30). (BZ#2122589)

Security Fix(es):

  • mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)

  • mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)

  • mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423)

  • mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)

  • mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)

  • mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)

  • mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)

  • mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)

  • mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)

  • mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)

  • mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)

  • mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)

  • mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)

  • mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)

  • mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Default logrotate set to wrong log file (BZ#2122592)

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
mysqlx86_643.el9_0mysql-8.0.30-3.el9_0.x86_64.rpm
mysql-commonx86_643.el9_0mysql-common-8.0.30-3.el9_0.x86_64.rpm
mysql-errmsgx86_643.el9_0mysql-errmsg-8.0.30-3.el9_0.x86_64.rpm
mysql-serverx86_643.el9_0mysql-server-8.0.30-3.el9_0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-21412
CVE-2022-21413
CVE-2022-21414
CVE-2022-21415
CVE-2022-21417
CVE-2022-21418
CVE-2022-21423
CVE-2022-21425
CVE-2022-21427
CVE-2022-21435
CVE-2022-21436
CVE-2022-21437
CVE-2022-21438
CVE-2022-21440
CVE-2022-21444
CVE-2022-21451
CVE-2022-21452
CVE-2022-21454
CVE-2022-21455
CVE-2022-21457
CVE-2022-21459
CVE-2022-21460
CVE-2022-21462
CVE-2022-21478
CVE-2022-21479
CVE-2022-21509
CVE-2022-21515
CVE-2022-21517
CVE-2022-21522
CVE-2022-21525
CVE-2022-21526
CVE-2022-21527
CVE-2022-21528
CVE-2022-21529
CVE-2022-21530
CVE-2022-21531
CVE-2022-21534
CVE-2022-21537
CVE-2022-21538
CVE-2022-21539
CVE-2022-21547
CVE-2022-21553
CVE-2022-21556
CVE-2022-21569
CVE-2022-21592
CVE-2022-21605
CVE-2022-21607
CVE-2022-21635
CVE-2022-21638
CVE-2022-21641
CVE-2023-21866
CVE-2023-21872

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-6590

oracle-oval
почти 3 года назад

ELSA-2022-6590: mysql security, bug fix, and enhancement update (MODERATE)

oracle-oval логотип

ELSA-2022-7119

oracle-oval
почти 3 года назад

ELSA-2022-7119: mysql:8.0 security, bug fix, and enhancement update (MODERATE)

rocky логотип

RLSA-2022:7119

rocky
почти 3 года назад

Moderate: mysql:8.0 security, bug fix, and enhancement update

ubuntu логотип

CVE-2022-21412

CVSS3: 4.9
ubuntu
больше 3 лет назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

redhat логотип

CVE-2022-21412

CVSS3: 4.9
redhat
больше 3 лет назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).