RLSA-2024:0894

Описание

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

• mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)

• mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)

• mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)

• mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)

• mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)

• mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)

• mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)

• mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)

• mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)

• mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)

• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)

• mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)

• mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)

• mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)

• mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)

• mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)

• mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)

• mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)

• mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)

• mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)

• mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)

• mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)

• mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)

• mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)

• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)

• mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)

• mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)

• mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)

• mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)

• zstd: mysql: buffer overrun in util.c (CVE-2022-4899)

• mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)

• mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)

• mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (Rocky Linux-22452)