-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-mysql80-mysql security update Advisory ID: RHSA-2023:1102-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2023:1102 Issue date: 2023-03-07 CVE Names: CVE-2022-21594 CVE-2022-21599 CVE-2022-21604 CVE-2022-21608 CVE-2022-21611 CVE-2022-21617 CVE-2022-21625 CVE-2022-21632 CVE-2022-21633 CVE-2022-21637 CVE-2022-21640 CVE-2022-39400 CVE-2022-39408 CVE-2022-39410 CVE-2023-21836 CVE-2023-21863 CVE-2023-21864 CVE-2023-21865 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CVE-2023-21870 CVE-2023-21871 CVE-2023-21873 CVE-2023-21874 CVE-2023-21875 CVE-2023-21876 CVE-2023-21877 CVE-2023-21878 CVE-2023-21879 CVE-2023-21880 CVE-2023-21881 CVE-2023-21882 CVE-2023-21883 CVE-2023-21887 ==================================================================== 1. Summary: An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.32). (BZ#2142971, BZ#2162319) Security Fix(es): * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599) * mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608) * mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611) * mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633) * mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410) * mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883) * mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887) * mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2142861 - CVE-2022-21594 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2142863 - CVE-2022-21599 mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) 2142865 - CVE-2022-21604 mysql: InnoDB unspecified vulnerability (CPU Oct 2022) 2142868 - CVE-2022-21608 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2142869 - CVE-2022-21611 mysql: InnoDB unspecified vulnerability (CPU Oct 2022) 2142870 - CVE-2022-21617 mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) 2142871 - CVE-2022-21625 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2142872 - CVE-2022-21632 mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) 2142873 - CVE-2022-21633 mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) 2142875 - CVE-2022-21637 mysql: InnoDB unspecified vulnerability (CPU Oct 2022) 2142877 - CVE-2022-21640 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2142879 - CVE-2022-39400 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2142880 - CVE-2022-39408 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2142881 - CVE-2022-39410 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) 2162268 - CVE-2023-21836 mysql: Server: DML unspecified vulnerability (CPU Jan 2023) 2162270 - CVE-2023-21863 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162271 - CVE-2023-21864 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162272 - CVE-2023-21865 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162274 - CVE-2023-21867 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162275 - CVE-2023-21868 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162276 - CVE-2023-21869 mysql: InnoDB unspecified vulnerability (CPU Jan 2023) 2162277 - CVE-2023-21870 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162278 - CVE-2023-21871 mysql: InnoDB unspecified vulnerability (CPU Jan 2023) 2162280 - CVE-2023-21873 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162281 - CVE-2023-21874 mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) 2162282 - CVE-2023-21875 mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) 2162283 - CVE-2023-21876 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162284 - CVE-2023-21877 mysql: InnoDB unspecified vulnerability (CPU Jan 2023) 2162285 - CVE-2023-21878 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162286 - CVE-2023-21879 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162287 - CVE-2023-21880 mysql: InnoDB unspecified vulnerability (CPU Jan 2023) 2162288 - CVE-2023-21881 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162289 - CVE-2023-21882 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162290 - CVE-2023-21883 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) 2162291 - CVE-2023-21887 mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql80-mysql-8.0.32-1.el7.src.rpm ppc64le: rh-mysql80-mysql-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-icu-data-files-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.32-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.32-1.el7.ppc64le.rpm s390x: rh-mysql80-mysql-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-icu-data-files-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.32-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.32-1.el7.s390x.rpm x86_64: rh-mysql80-mysql-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-icu-data-files-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.32-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mysql80-mysql-8.0.32-1.el7.src.rpm x86_64: rh-mysql80-mysql-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-icu-data-files-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.32-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.32-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21594 https://access.redhat.com/security/cve/CVE-2022-21599 https://access.redhat.com/security/cve/CVE-2022-21604 https://access.redhat.com/security/cve/CVE-2022-21608 https://access.redhat.com/security/cve/CVE-2022-21611 https://access.redhat.com/security/cve/CVE-2022-21617 https://access.redhat.com/security/cve/CVE-2022-21625 https://access.redhat.com/security/cve/CVE-2022-21632 https://access.redhat.com/security/cve/CVE-2022-21633 https://access.redhat.com/security/cve/CVE-2022-21637 https://access.redhat.com/security/cve/CVE-2022-21640 https://access.redhat.com/security/cve/CVE-2022-39400 https://access.redhat.com/security/cve/CVE-2022-39408 https://access.redhat.com/security/cve/CVE-2022-39410 https://access.redhat.com/security/cve/CVE-2023-21836 https://access.redhat.com/security/cve/CVE-2023-21863 https://access.redhat.com/security/cve/CVE-2023-21864 https://access.redhat.com/security/cve/CVE-2023-21865 https://access.redhat.com/security/cve/CVE-2023-21867 https://access.redhat.com/security/cve/CVE-2023-21868 https://access.redhat.com/security/cve/CVE-2023-21869 https://access.redhat.com/security/cve/CVE-2023-21870 https://access.redhat.com/security/cve/CVE-2023-21871 https://access.redhat.com/security/cve/CVE-2023-21873 https://access.redhat.com/security/cve/CVE-2023-21874 https://access.redhat.com/security/cve/CVE-2023-21875 https://access.redhat.com/security/cve/CVE-2023-21876 https://access.redhat.com/security/cve/CVE-2023-21877 https://access.redhat.com/security/cve/CVE-2023-21878 https://access.redhat.com/security/cve/CVE-2023-21879 https://access.redhat.com/security/cve/CVE-2023-21880 https://access.redhat.com/security/cve/CVE-2023-21881 https://access.redhat.com/security/cve/CVE-2023-21882 https://access.redhat.com/security/cve/CVE-2023-21883 https://access.redhat.com/security/cve/CVE-2023-21887 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZAcuG9zjgjWX9erEAQiCZg//RX3U55Hsa1yStZrZLZLP+nt+h0/LlXRj 4dixNgz2Zvy9rMQ6mTLuxuxcFDLraLUOLKWi8ZDe3iuZfU5bc+wkyrkdnEBMoZW5 yidR3Qz8hBBU6CD1VB9bTPmxVPsKlnw272h943XbOUH4JtZvRGTf3O8xpuS0WrEL ZGq9SJCDv7MQCL5JhAMODdrED/yFlW5I17CWhRoSi1u8nBW7qeO5Kig/sNFpJQtz BYegMWTJx/WFQfCRn0nGck0G8WJkQF3j0hCi+FHDSyHIgYG8XZ5sQX/3Nb6YmV0Q d9mQY71oI5ix5mFNdgOAl/xpVKqkV4Ea3sebTB2GGq6N61jRBD+VKy6iiZoKI4S4 rVj9VIcKvO4gY6Fnag1wd9Kt/iZLbMNBPtLmXjhW8D6YSfiBSieS5Y7BYMSCdyTC QwkQPFEy+NNaS4JcbIo5mbth7YshGue3HKT2Ci0z4czP8UxPiVd3+XfRnZcWX6J1 TyN5qSOXot66HoGWKi4lfDMaM3JHvclVZ0xZc2kUA+tdgzlkY/EWJhFBzJQmpTaV Gg5JGAkyaMy8kUWEkvcNFJ/+kztHt2XxofxbDZhqKR9DNqHwbkC6lDfB9I3EIPg0 LjVBxhMI2o5zReVEeYr8onJSdn6GaF2KLpesPzKm3Elrr2c95pyukcwERJDIJjHm n0kK9NnNg94:z9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce