{"id":"RLSA-2024:0894","summary":"Moderate: mysql:8.0 security update","details":"MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)\n\n* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)\n\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)\n\n* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)\n\n* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)\n\n* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)\n\n* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)\n\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)\n\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)\n\n* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)\n\n* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)\n\n* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)\n\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (Rocky Linux-22452)","modified":"2025-05-07T19:38:05.499784Z","published":"2025-05-07T19:11:47.341314Z","upstream":["CVE-2022-4899","CVE-2023-21911","CVE-2023-21919","CVE-2023-21920","CVE-2023-21929","CVE-2023-21933","CVE-2023-21935","CVE-2023-21940","CVE-2023-21945","CVE-2023-21946","CVE-2023-21947","CVE-2023-21953","CVE-2023-21955","CVE-2023-21962","CVE-2023-21966","CVE-2023-21972","CVE-2023-21976","CVE-2023-21977","CVE-2023-21980","CVE-2023-21982","CVE-2023-22005","CVE-2023-22007","CVE-2023-22008","CVE-2023-22032","CVE-2023-22033","CVE-2023-22038","CVE-2023-22046","CVE-2023-22048","CVE-2023-22053","CVE-2023-22054","CVE-2023-22056","CVE-2023-22057","CVE-2023-22058","CVE-2023-22059","CVE-2023-22064","CVE-2023-22065","CVE-2023-22066","CVE-2023-22068","CVE-2023-22070","CVE-2023-22078","CVE-2023-22079","CVE-2023-22084","CVE-2023-22092","CVE-2023-22097","CVE-2023-22103","CVE-2023-22104","CVE-2023-22110","CVE-2023-22111","CVE-2023-22112","CVE-2023-22113","CVE-2023-22114","CVE-2023-22115","CVE-2024-20960","CVE-2024-20961","CVE-2024-20962","CVE-2024-20963","CVE-2024-20964","CVE-2024-20965","CVE-2024-20966","CVE-2024-20967","CVE-2024-20968","CVE-2024-20969","CVE-2024-20970","CVE-2024-20971","CVE-2024-20972","CVE-2024-20973","CVE-2024-20974","CVE-2024-20976","CVE-2024-20977","CVE-2024-20978","CVE-2024-20981","CVE-2024-20982","CVE-2024-20983","CVE-2024-20984","CVE-2024-20985","CVE-2024-20993","CVE-2024-21049","CVE-2024-21050","CVE-2024-21051","CVE-2024-21052","CVE-2024-21053","CVE-2024-21055","CVE-2024-21056","CVE-2024-21057","CVE-2024-21061","CVE-2024-21137","CVE-2024-21200"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:0894"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179864"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188109"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188113"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188115"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188116"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188117"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188118"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188119"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188120"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188122"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188123"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188124"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188125"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188127"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188128"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188129"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188130"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188131"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188132"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224211"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224212"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224213"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224214"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224215"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224216"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224218"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224219"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224220"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224221"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224222"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245014"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245015"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245016"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245017"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245018"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245019"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245020"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245021"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245022"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245023"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245024"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245026"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245027"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245028"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245029"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245030"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245031"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245032"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245033"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245034"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258771"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258772"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258773"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258774"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258775"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258776"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258777"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258778"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258779"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258780"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258781"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258782"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258783"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258784"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258785"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258787"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258788"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258789"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258790"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258791"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258792"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258793"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258794"}],"affected":[{"package":{"name":"mecab","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+1676+9b4b6e24"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:0894.json"}},{"package":{"name":"mecab","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+1937+28fbbc83"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:0894.json"}},{"package":{"name":"mecab-ipadic","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0.20070801-16.module+el8.10.0+1676+9b4b6e24"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:0894.json"}},{"package":{"name":"mysql","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mysql?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.36-1.module+el8.10.0+1676+9b4b6e24"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:0894.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}