RLSA-2020:3732

Source
https://errata.rockylinux.org/RLSA-2020:3732
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2020:3732.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2020:3732
Related
Published
2020-09-14T12:23:24Z
Modified
2023-02-02T13:07:46.823711Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: mysql:8.0 security update
Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version: mysql (8.0.21).

Security Fix(es):

  • mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)

  • mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)

  • mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)

  • mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)

  • mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)

  • mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)

  • mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)

  • mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)

  • mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)

  • mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)

  • mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)

  • mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)

  • mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)

  • mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)

  • mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)

  • mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)

  • mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)

  • mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)

  • mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)

  • mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)

  • mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)

  • mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)

  • mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)

  • mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)

  • mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)

  • mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)

  • mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)

  • mysql: Information Schema unspecified vulnerability (CVE-2019-2911)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / mecab

Package

Name
mecab
Purl
pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.996-1.module+el8.3.0+242+87d3366a.9

Rocky Linux:8 / mecab-ipadic

Package

Name
mecab-ipadic
Purl
pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.7.0.20070801-16.module+el8.3.0+242+87d3366a

Rocky Linux:8 / mysql

Package

Name
mysql
Purl
pkg:rpm/rocky-linux/mysql?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:8.0.21-1.module+el8.3.0+242+87d3366a