ALSA-2025:1671

[ALSA-2025:1671] Important: mysql security update

Type:

security

Severity:

important

Release date:

2025-02-20

Description:

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  

Security Fix(es):  

  * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
  * krb5: GSS message token handling (CVE-2024-37371)
  * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
  * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
  * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
  * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
  * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
  * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
  * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
  * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
  * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
  * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
  * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
  * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
  * curl: curl netrc password leak (CVE-2024-11053)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
  * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
  * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
  * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
  * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
  * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
  * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
  * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
  * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
  * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
  * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2024-11053
CVE-2024-21193
CVE-2024-21194
CVE-2024-21196
CVE-2024-21197
CVE-2024-21198
CVE-2024-21199
CVE-2024-21201
CVE-2024-21203
CVE-2024-21212
CVE-2024-21213
CVE-2024-21218
CVE-2024-21219
CVE-2024-21230
CVE-2024-21231
CVE-2024-21236
CVE-2024-21237
CVE-2024-21238
CVE-2024-21239
CVE-2024-21241
CVE-2024-21247
CVE-2024-37371
CVE-2024-5535
CVE-2024-7264
CVE-2025-21490
CVE-2025-21491
CVE-2025-21494
CVE-2025-21497
CVE-2025-21500
CVE-2025-21501
CVE-2025-21503
CVE-2025-21504
CVE-2025-21505
CVE-2025-21518
CVE-2025-21519
CVE-2025-21520
CVE-2025-21521
CVE-2025-21522
CVE-2025-21523
CVE-2025-21525
CVE-2025-21529
CVE-2025-21531
CVE-2025-21534
CVE-2025-21536
CVE-2025-21540
CVE-2025-21543
CVE-2025-21546
CVE-2025-21555
CVE-2025-21559
RHSA-2025:1671
ALSA-2025:1671

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mysql-devel-8.0.41-2.el9_5.aarch64.rpm	017ef38b485a7f976215b1d53b4e547ce2a57d1be891ed810b20488110c47d0e
aarch64	mysql-errmsg-8.0.41-2.el9_5.aarch64.rpm	06a2e2b45748970499022ec033e1650b9c77f7b781f1c79f4b023893681445aa
aarch64	mysql-8.0.41-2.el9_5.aarch64.rpm	23233700fbdbbe3a48101a82b29bba7d4e0f606403be7e27d7318b13368dd7c5
aarch64	mysql-server-8.0.41-2.el9_5.aarch64.rpm	4595f9a421de92869e1b9b23ee6838e3dc6a429d8e47213913e86e1910dd6f2e
aarch64	mysql-libs-8.0.41-2.el9_5.aarch64.rpm	5e74671f2d4e3d801a9e5d7e69af1c0f943099c3d88148464952fb64c8aad93a
aarch64	mysql-test-8.0.41-2.el9_5.aarch64.rpm	dfa3ca754f169ba43f4266bb625ecc5c6964a416906c744531ed588feae9c4c5
aarch64	mysql-common-8.0.41-2.el9_5.aarch64.rpm	e7df9ab1eae87869835819ccdbcfed772a0f0186f22f4ca07aa9e3e69aeb31e3
ppc64le	mysql-common-8.0.41-2.el9_5.ppc64le.rpm	12cec4515c6bffc3393bbafffe420ce69797e476a27399f1e526ca027207aedf
ppc64le	mysql-8.0.41-2.el9_5.ppc64le.rpm	23f4deacfadd575167eb5ca4383b3841c8f51f3545ff1010238e62ab4903703a
ppc64le	mysql-test-8.0.41-2.el9_5.ppc64le.rpm	57903d86c6a1e74feb005cdecb1cd12ff1bbb77de0ba19b3e42fdd4b74e59dd5
ppc64le	mysql-libs-8.0.41-2.el9_5.ppc64le.rpm	6561a0742df4ab3f2add808bc92468557d9957ed4a75c25dfed010d2d3661671
ppc64le	mysql-devel-8.0.41-2.el9_5.ppc64le.rpm	94634331d49be449bdb8e88aa8041bf1d33e7664acab743c1c21c766f4cc0029
ppc64le	mysql-errmsg-8.0.41-2.el9_5.ppc64le.rpm	b12e94dc634dab908190cdaf971036d24aced245cf7c65f9ffed216842992c46
ppc64le	mysql-server-8.0.41-2.el9_5.ppc64le.rpm	e4ff2b5b4924f28e3ffdb4b6d2c7ac8d557ad7d7a06bd2acbd8e3db7d577c44d
s390x	mysql-common-8.0.41-2.el9_5.s390x.rpm	27eabf960f9fcfa6bf8140737114ff77b52be9b85a6a72c848a26c28b30fe31f
s390x	mysql-libs-8.0.41-2.el9_5.s390x.rpm	8f7a9dddd8f2fcf8c22892eb27f84efa83fdf2e77a299dc29042fe5c1c4624d2
s390x	mysql-devel-8.0.41-2.el9_5.s390x.rpm	90fd07fc425021cc957eca019434f8207c813f473e1701547203d5f9f1bf7627
s390x	mysql-errmsg-8.0.41-2.el9_5.s390x.rpm	aee557800a51d9bd8265e786c70c69bd52270effaa2e9f6f03a594c520b67889
s390x	mysql-8.0.41-2.el9_5.s390x.rpm	b14a385f5c243da0c0d2bbc4d7bb216ba5b2023b6d93438e768b7ec3ae84c13f
s390x	mysql-test-8.0.41-2.el9_5.s390x.rpm	c6672b99ed1de9647f85ea0061d4f1c586dc715071ff9a0171e6be68b93d91c5
s390x	mysql-server-8.0.41-2.el9_5.s390x.rpm	fc0a8ed758e7d1e5e667210e126b03069136a89428bae118a591f937dd7a8714
x86_64	mysql-devel-8.0.41-2.el9_5.x86_64.rpm	5244f97c5ae51272ab3b8fc3bca747ebaa69dc5bfe347121b464a33930807728
x86_64	mysql-server-8.0.41-2.el9_5.x86_64.rpm	60f730f6968277e15dc69a6bd8bd9cf00a95f777b37ac9ed334f3ecfd41f898a
x86_64	mysql-common-8.0.41-2.el9_5.x86_64.rpm	74cbbab133f9af04797d0491775e22ebac0df5e1d64680b93fd9dbed27015b56
x86_64	mysql-errmsg-8.0.41-2.el9_5.x86_64.rpm	ac46c17f6f747d3a04206028c7a7fd48df7879eb1fadaef8ce4ffcbcccba7666
x86_64	mysql-libs-8.0.41-2.el9_5.x86_64.rpm	b401075a379a99ed69a6ea73ddd8dcc26147711ffcf3b9367de4a07593e6816e
x86_64	mysql-test-8.0.41-2.el9_5.x86_64.rpm	c5cfd224ff1476aa49501795be03b3245779cfba36a9e2f69950a3564402c370
x86_64	mysql-8.0.41-2.el9_5.x86_64.rpm	dbec644cd57b08cc74d9468fe438c9073da1d254f4f8d402ff9a98d263a428a0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.