ALSA-2025:1673

[ALSA-2025:1673] Important: mysql:8.0 security update

Type:

security

Severity:

important

Release date:

2025-02-20

Description:

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  

Security Fix(es):  

  * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
  * krb5: GSS message token handling (CVE-2024-37371)
  * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
  * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
  * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
  * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
  * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
  * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
  * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
  * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
  * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
  * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
  * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
  * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
  * curl: curl netrc password leak (CVE-2024-11053)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
  * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
  * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
  * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
  * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
  * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
  * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
  * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
  * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
  * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
  * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2024-11053
CVE-2024-21193
CVE-2024-21194
CVE-2024-21196
CVE-2024-21197
CVE-2024-21198
CVE-2024-21199
CVE-2024-21201
CVE-2024-21203
CVE-2024-21212
CVE-2024-21213
CVE-2024-21218
CVE-2024-21219
CVE-2024-21230
CVE-2024-21231
CVE-2024-21236
CVE-2024-21237
CVE-2024-21238
CVE-2024-21239
CVE-2024-21241
CVE-2024-21247
CVE-2024-37371
CVE-2024-5535
CVE-2024-7264
CVE-2025-21490
CVE-2025-21491
CVE-2025-21494
CVE-2025-21497
CVE-2025-21500
CVE-2025-21501
CVE-2025-21503
CVE-2025-21504
CVE-2025-21505
CVE-2025-21518
CVE-2025-21519
CVE-2025-21520
CVE-2025-21521
CVE-2025-21522
CVE-2025-21523
CVE-2025-21525
CVE-2025-21529
CVE-2025-21531
CVE-2025-21534
CVE-2025-21536
CVE-2025-21540
CVE-2025-21543
CVE-2025-21546
CVE-2025-21555
CVE-2025-21559
RHSA-2025:1673
ALSA-2025:1673

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mysql-devel-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	3391941ef79db85cbd1465fc11e6baa315ca23b0dc1e3a6288fcf2bc3be0cfe0
aarch64	mecab-ipadic-EUCJP-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.aarch64.rpm	425abc4f961eba02774fd4b277401de4f2a51e43878a91aedd197eaceece3fb6
aarch64	mysql-test-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	4b79115afe284d3e1b391b519ce2fc2b32a701ed97979b896068991499699303
aarch64	mysql-common-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	4fbabcd4a62fbcb4c114dc458932164d8733950d23574874263a090c31deaf3d
aarch64	mysql-libs-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	6c66b884114847af9cef85a3ad2eff8af7a81b52c3745c92284e77a7c339bb84
aarch64	mecab-ipadic-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.aarch64.rpm	91886bdd1e30f91d3df43becea42f53b1aee2ec4a07fcb2b6a24ab7323e739a6
aarch64	mecab-devel-0.996-2.module_el8.6.0+3340+d764b636.aarch64.rpm	c0b14c42d4982d3da9aee02be557152498892b0b4e4a2434a6881bb17e53eba3
aarch64	mysql-server-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	c5512a88c62df29473d3d3f0e979f128b28102fd36f18df76174ec10d1ebf783
aarch64	mecab-0.996-2.module_el8.6.0+3340+d764b636.aarch64.rpm	e1c7024f127b0836925cb951490c38855bc0f97fa958be73c2b0ab72a8dcb6cc
aarch64	mysql-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	e2cf8cd864e019737f75c9b06e42e68528bdc024bc44a647132fbb83372838f9
aarch64	mysql-errmsg-8.0.41-1.module_el8.10.0+3965+b415b607.aarch64.rpm	e3a960784eb2d23cb67e2fd0cce864370c1dcf6442a3eeefd0aa9283dc172c6b
ppc64le	mysql-errmsg-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	5113865aedfdfd542dc21902f25595b393d81146290d36a82abd0cd23aa0e882
ppc64le	mysql-libs-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	66ed35d99e196fab00a62c9e76ece356f64931e374281e2545d2462ff3a6a763
ppc64le	mysql-common-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	7565503165701c8e2116d310b2f19a20c815b3a61d958806e2a7d50b1fa2df27
ppc64le	mysql-devel-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	7d0c0ae06e3aff30c627644911c0fa0e97e3858a597034883f1f26929f74b97d
ppc64le	mysql-test-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	8912d93dcb89c21f4364fe099de05beb29af81a8d99ad6d67d0007ba9a396588
ppc64le	mecab-ipadic-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.ppc64le.rpm	92cd322cc9a4fa365621c6f0fb35f109c2e828543ed560a6bc623435d490aa68
ppc64le	mysql-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	ab355db9728a3fa7f962302bd06498508110526fdc01821e75a0ab8ea889b675
ppc64le	mecab-0.996-2.module_el8.10.0+3965+b415b607.ppc64le.rpm	ac20a3006f671bd07f23b8b82ca0a7db54da1294cda562df477c653e1eb9b92d
ppc64le	mysql-server-8.0.41-1.module_el8.10.0+3965+b415b607.ppc64le.rpm	de75d924c3c2120610f22e0079d28e71484f87faa054cd38e26a3de545fc845b
ppc64le	mecab-devel-0.996-2.module_el8.10.0+3965+b415b607.ppc64le.rpm	df9a4ab9c73892acc9981ce7312cbf8d3cfd4984e9b2e0bd790b0b8d4c35f63a
ppc64le	mecab-ipadic-EUCJP-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.ppc64le.rpm	ef0f76b28f02faa9102bcef763236f4dc51fec9e3d53d8ffb7c5f83eca737512
s390x	mysql-libs-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	2a80a82a141c7b34b8c477f86186f88e6a2102fbacf77d2b2f8dd28873707454
s390x	mecab-ipadic-EUCJP-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.s390x.rpm	2b2400a7cf814f42d9725bb33f0614cd034a53f2d70efe17314f1155c8165718
s390x	mecab-0.996-2.module_el8.10.0+3965+b415b607.s390x.rpm	33b6163fbf1b6b08111e95f3543dbb14bf19fc0ff5086e737fe6343a4443df82
s390x	mysql-devel-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	84101f33396667135ec18e5a6dd91cb2a0e0c7f75bba7424ca5892d575857e5c
s390x	mysql-errmsg-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	94a4a23631985bb03a9a2f201128db03d1eb6b5f6dbe1010c59d81f5d7a25ccd
s390x	mecab-devel-0.996-2.module_el8.6.0+3340+d764b636.s390x.rpm	95fbafd6a495d411511dcfabd6b0f0746e44e7a7bcc70330024e0022229ee5d3
s390x	mysql-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	af235c45a58d6748bae5dfa806fa3192a616063161e45d1e972f5a58b927a2e7
s390x	mysql-test-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	be0ffbaf2e230ca16e85b3402aab1b45315ec05eeedd5a86f7e8bbb87a5b4396
s390x	mysql-common-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	c8672abde90ab67a7a779706c5c042767715b601f0ef22ecd70f24b1e7a6ba4a
s390x	mecab-ipadic-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.s390x.rpm	d836c246ea2cfe40117264855bf7d6f3fed850ab95c2ea36490dec679af45dee
s390x	mysql-server-8.0.41-1.module_el8.10.0+3965+b415b607.s390x.rpm	e073fa339fd2efe273620b29b886022f1366651fc7cb9aab587d750a6928eb5a
x86_64	mecab-ipadic-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.x86_64.rpm	0e021b50d3ac1a4a1d7e1add04a8af7dbfbba9237492d5112a1dfbf10bc35e5a
x86_64	mecab-ipadic-EUCJP-2.7.0.20070801-17.module_el8.10.0+3965+b415b607.x86_64.rpm	34ebfe09ec7ffcfd76b301a6e54b87881c1843d40b4b4230ecf202257963008d
x86_64	mysql-test-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	35c71b9a423a8f0b2cc79eddb4e4f8007c3ad97e2cf7102cc39e1227bba3fe77
x86_64	mecab-devel-0.996-2.module_el8.10.0+3965+b415b607.x86_64.rpm	54c279f829e4f4dc6dc5daab32a1b34c4279d522ff4de4c1d8df6cf76e34ef4f
x86_64	mysql-errmsg-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	5cdb1ec705db26cd0138e40b1f6b310f73d9b93fc9e05b30046d54d2205e6804
x86_64	mysql-common-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	5d93b86fdff39337413376f826d5e0e25e482ef31f6508ab6cee95c247d746a3
x86_64	mysql-libs-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	a1459891faeb6465e5ca7f9e8367fa0beb1e0109b6a6a2e9efbfc12170474850
x86_64	mecab-0.996-2.module_el8.6.0+3340+d764b636.x86_64.rpm	ad92d845da106629c38f53bf00066da345d350ac0d997f8b0ab94651b56637de
x86_64	mysql-server-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	d7cb67fb5a0180d34fb7a20bb7ee41689028c9aef09496ae6bec262e71b94bea
x86_64	mysql-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	f0789561d369a933e1fb675a003ee66717bb9d8453ca39d590f8879a8d1b898a
x86_64	mysql-devel-8.0.41-1.module_el8.10.0+3965+b415b607.x86_64.rpm	f1d4183b9f7c735e669f5116afad41c7830eefefbe9ab1d9e056ddddec5e0972

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.