Moderate: rh-mysql80-mysql security update

Topic

An update for rh-mysql80-mysql is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.32). (BZ#2142971, BZ#2162319)

Security Fix(es):

• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)
• mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)
• mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)
• mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)
• mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)
• mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)
• mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)
• mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)
• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)
• mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)
• mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)
• mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)
• mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)
• mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)
• mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)
• mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)
• mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)
• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

Affected Products

• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
• Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

• BZ - 2142861 - CVE-2022-21594 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2142863 - CVE-2022-21599 mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022)
• BZ - 2142865 - CVE-2022-21604 mysql: InnoDB unspecified vulnerability (CPU Oct 2022)
• BZ - 2142868 - CVE-2022-21608 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2142869 - CVE-2022-21611 mysql: InnoDB unspecified vulnerability (CPU Oct 2022)
• BZ - 2142870 - CVE-2022-21617 mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022)
• BZ - 2142871 - CVE-2022-21625 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2142872 - CVE-2022-21632 mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022)
• BZ - 2142873 - CVE-2022-21633 mysql: Server: Replication unspecified vulnerability (CPU Oct 2022)
• BZ - 2142875 - CVE-2022-21637 mysql: InnoDB unspecified vulnerability (CPU Oct 2022)
• BZ - 2142877 - CVE-2022-21640 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2142879 - CVE-2022-39400 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2142880 - CVE-2022-39408 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2142881 - CVE-2022-39410 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
• BZ - 2162268 - CVE-2023-21836 mysql: Server: DML unspecified vulnerability (CPU Jan 2023)
• BZ - 2162270 - CVE-2023-21863 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162271 - CVE-2023-21864 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162272 - CVE-2023-21865 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162274 - CVE-2023-21867 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162275 - CVE-2023-21868 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162276 - CVE-2023-21869 mysql: InnoDB unspecified vulnerability (CPU Jan 2023)
• BZ - 2162277 - CVE-2023-21870 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162278 - CVE-2023-21871 mysql: InnoDB unspecified vulnerability (CPU Jan 2023)
• BZ - 2162280 - CVE-2023-21873 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162281 - CVE-2023-21874 mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023)
• BZ - 2162282 - CVE-2023-21875 mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023)
• BZ - 2162283 - CVE-2023-21876 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162284 - CVE-2023-21877 mysql: InnoDB unspecified vulnerability (CPU Jan 2023)
• BZ - 2162285 - CVE-2023-21878 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162286 - CVE-2023-21879 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162287 - CVE-2023-21880 mysql: InnoDB unspecified vulnerability (CPU Jan 2023)
• BZ - 2162288 - CVE-2023-21881 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162289 - CVE-2023-21882 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162290 - CVE-2023-21883 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)
• BZ - 2162291 - CVE-2023-21887 mysql: Server: GIS unspecified vulnerability (CPU Jan 2023)

CVEs

• CVE-2022-21594
• CVE-2022-21599
• CVE-2022-21604
• CVE-2022-21608
• CVE-2022-21611
• CVE-2022-21617
• CVE-2022-21625
• CVE-2022-21632
• CVE-2022-21633
• CVE-2022-21637
• CVE-2022-21640
• CVE-2022-39400
• CVE-2022-39408
• CVE-2022-39410
• CVE-2023-21836
• CVE-2023-21863
• CVE-2023-21864
• CVE-2023-21865
• CVE-2023-21867
• CVE-2023-21868
• CVE-2023-21869
• CVE-2023-21870
• CVE-2023-21871
• CVE-2023-21873
• CVE-2023-21874
• CVE-2023-21875
• CVE-2023-21876
• CVE-2023-21877
• CVE-2023-21878
• CVE-2023-21879
• CVE-2023-21880
• CVE-2023-21881
• CVE-2023-21882
• CVE-2023-21883
• CVE-2023-21887

References

• https://access.redhat.com/security/updates/classification/#moderate