[Announce] [Security Advisory] ALSA-2024:0894: mysql:8.0 security update (Moderate)

28 Feb 2024

      Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-02-28

Summary:

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-0894.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

[Announce] [Security Advisory] ALSA-2024:0894: mysql:8.0 security update (Moderate)

AlmaLinux Errata Notifications