{"id":"ALSA-2025:16046","summary":"Moderate: mysql:8.4 security update","details":"MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  \n\nSecurity Fix(es):  \n\n  * openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176)\n  * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)\n  * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)\n  * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)\n  * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)\n  * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)\n  * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)\n  * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)\n  * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)\n  * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)\n  * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)\n  * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)\n  * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)\n  * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)\n  * curl: libcurl: WebSocket endless loop (CVE-2025-5399)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)\n  * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)\n  * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)\n  * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)\n  * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)\n  * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)\n  * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)\n  * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)\n  * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)\n  * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T02:47:10.592688Z","published":"2025-09-17T00:00:00Z","related":["CVE-2024-13176","CVE-2025-21574","CVE-2025-21575","CVE-2025-21577","CVE-2025-21579","CVE-2025-21580","CVE-2025-21581","CVE-2025-21584","CVE-2025-21585","CVE-2025-21588","CVE-2025-30681","CVE-2025-30682","CVE-2025-30683","CVE-2025-30684","CVE-2025-30685","CVE-2025-30687","CVE-2025-30688","CVE-2025-30689","CVE-2025-30693","CVE-2025-30695","CVE-2025-30696","CVE-2025-30699","CVE-2025-30703","CVE-2025-30704","CVE-2025-30705","CVE-2025-30715","CVE-2025-30721","CVE-2025-30722","CVE-2025-50077","CVE-2025-50078","CVE-2025-50079","CVE-2025-50080","CVE-2025-50081","CVE-2025-50082","CVE-2025-50083","CVE-2025-50084","CVE-2025-50085","CVE-2025-50086","CVE-2025-50087","CVE-2025-50088","CVE-2025-50091","CVE-2025-50092","CVE-2025-50093","CVE-2025-50094","CVE-2025-50096","CVE-2025-50097","CVE-2025-50098","CVE-2025-50099","CVE-2025-50100","CVE-2025-50101","CVE-2025-50102","CVE-2025-50104","CVE-2025-5399"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:16046"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-13176"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21574"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21575"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21577"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21579"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21580"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21581"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21584"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21585"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-21588"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30681"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30682"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30683"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30684"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30685"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30687"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30688"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30689"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30693"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30695"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30696"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30699"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30703"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30704"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30705"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30715"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30721"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-30722"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50077"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50078"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50079"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50080"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50081"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50082"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50083"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50084"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50085"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50086"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50087"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50088"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50091"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50092"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50093"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50094"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50096"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50097"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50098"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50099"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50100"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50101"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50102"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-50104"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-5399"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359885"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359888"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359892"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359894"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359895"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359899"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359900"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359902"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359903"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359911"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359918"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359920"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359924"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359928"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359930"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359932"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359934"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359938"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359940"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359943"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359944"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359945"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359947"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359950"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359963"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359964"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2359972"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2370920"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380264"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380273"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380274"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380278"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380280"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380283"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380284"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380290"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380291"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380295"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380298"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380306"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380308"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380309"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380310"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380312"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380313"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380320"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380321"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380322"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380327"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380334"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2380335"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2025-16046.html"}],"affected":[{"package":{"name":"mecab","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mecab"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.996-3.module_el9.6.0+152+8cbce00c.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mecab-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mecab-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.996-3.module_el9.6.0+152+8cbce00c.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mecab-ipadic","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mecab-ipadic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0.20070801-24.module_el9.6.0+152+8cbce00c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mecab-ipadic-EUCJP","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mecab-ipadic-EUCJP"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0.20070801-24.module_el9.6.0+152+8cbce00c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-common","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-errmsg","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-errmsg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-libs","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-server","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-test","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-test"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"mysql-test-data","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/mysql-test-data"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.6-1.module_el9.6.0+180+a4e757e5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"rapidjson-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/rapidjson-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-19.module_el9.6.0+152+8cbce00c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}},{"package":{"name":"rapidjson-doc","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/rapidjson-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-19.module_el9.6.0+152+8cbce00c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:16046.json"}}],"schema_version":"1.7.3"}