[Announce] [Security Advisory] ALSA-2025:1673: mysql:8.0 security update (Important)

20 Feb 2025

      Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-02-20

Summary:

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  

Security Fix(es):  

  * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
  * krb5: GSS message token handling (CVE-2024-37371)
  * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
  * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
  * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
  * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
  * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
  * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
  * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
  * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
  * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
  * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
  * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
  * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
  * curl: curl netrc password leak (CVE-2024-11053)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
  * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
  * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
  * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
  * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
  * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
  * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
  * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
  * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
  * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
  * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-1673.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

[Announce] [Security Advisory] ALSA-2025:1673: mysql:8.0 security update (Important)

AlmaLinux Errata Notifications