Forum: >>> Magnum BBS <<<

[ GLSA 202105-27 ] MySQL: Multiple vulnerabilities

From Thomas Deutschmann@21:1/5 to All on Wed May 26 12:00:01 2021

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MZuWVtnQUUjRaKo65J7aNjmY74dNDTey2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202105-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Multiple vulnerabilities
Date: May 26, 2021
Bugs: #699876, #708090, #717628, #732974, #766339, #789243
ID: 202105-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL, the worst of which
could result in the arbitrary execution of code.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 8.0.24 >= 5.7.34:5.7
>= 8.0.24
2 dev-db/mysql-connector-c
< 8.0.24 >= 8.0.24
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
======

An attacker could possibly execute arbitrary code with the privileges
of the process, escalate privileges, gain access to critical data or
complete access to all MySQL server accessible data, or cause a Denial
of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.34"

All mysql users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-8.0.24"

References
==========

[ 1 ] CVE-2019-2938
https://nvd.nist.gov/vuln/detail/CVE-2019-2938
[ 2 ] CVE-2019-2974
https://nvd.nist.gov/vuln/detail/CVE-2019-2974
[ 3 ] CVE-2020-14539
https://nvd.nist.gov/vuln/detail/CVE-2020-14539
[ 4 ] CVE-2020-14540
https://nvd.nist.gov/vuln/detail/CVE-2020-14540
[ 5 ] CVE-2020-14547
https://nvd.nist.gov/vuln/detail/CVE-2020-14547
[ 6 ] CVE-2020-14550
https://nvd.nist.gov/vuln/detail/CVE-2020-14550
[ 7 ] CVE-2020-14553
https://nvd.nist.gov/vuln/detail/CVE-2020-14553
[ 8 ] CVE-2020-14559
https://nvd.nist.gov/vuln/detail/CVE-2020-14559
[ 9 ] CVE-2020-14564
https://nvd.nist.gov/vuln/detail/CVE-2020-14564
[ 10 ] CVE-2020-14567
https://nvd.nist.gov/vuln/detail/CVE-2020-14567
[ 11 ] CVE-2020-14568
https://nvd.nist.gov/vuln/detail/CVE-2020-14568
[ 12 ] CVE-2020-14575
https://nvd.nist.gov/vuln/detail/CVE-2020-14575
[ 13 ] CVE-2020-14576
https://nvd.nist.gov/vuln/detail/CVE-2020-14576
[ 14 ] CVE-2020-14586
https://nvd.nist.gov/vuln/detail/CVE-2020-14586
[ 15 ] CVE-2020-14591
https://nvd.nist.gov/vuln/detail/CVE-2020-14591
[ 16 ] CVE-2020-14597
https://nvd.nist.gov/vuln/detail/CVE-2020-14597
[ 17 ] CVE-2020-14614
https://nvd.nist.gov/vuln/detail/CVE-2020-14614
[ 18 ] CVE-2020-14619
https://nvd.nist.gov/vuln/detail/CVE-2020-14619
[ 19 ] CVE-2020-14620
https://nvd.nist.gov/vuln/detail/CVE-2020-14620
[ 20 ] CVE-2020-14623
https://nvd.nist.gov/vuln/detail/CVE-2020-14623
[ 21 ] CVE-2020-14624
https://nvd.nist.gov/vuln/detail/CVE-2020-14624
[ 22 ] CVE-2020-14626
https://nvd.nist.gov/vuln/detail/CVE-2020-14626
[ 23 ] CVE-2020-14631
https://nvd.nist.gov/vuln/detail/CVE-2020-14631
[ 24 ] CVE-2020-14632
https://nvd.nist.gov/vuln/detail/CVE-2020-14632
[ 25 ] CVE-2020-14633
https://nvd.nist.gov/vuln/detail/CVE-2020-14633
[ 26 ] CVE-2020-14634
https://nvd.nist.gov/vuln/detail/CVE-2020-14634
[ 27 ] CVE-2020-14641
https://nvd.nist.gov/vuln/detail/CVE-2020-14641
[ 28 ] CVE-2020-14643
https://nvd.nist.gov/vuln/detail/CVE-2020-14643
[ 29 ] CVE-2020-14651
https://nvd.nist.gov/vuln/detail/CVE-2020-14651
[ 30 ] CVE-2020-14654
https://nvd.nist.gov/vuln/detail/CVE-2020-14654
[ 31 ] CVE-2020-14656
https://nvd.nist.gov/vuln/detail/CVE-2020-14656
[ 32 ] CVE-2020-14663
https://nvd.nist.gov/vuln/detail/CVE-2020-14663
[ 33 ] CVE-2020-14672
https://nvd.nist.gov/vuln/detail/CVE-2020-14672
[ 34 ] CVE-2020-14678
https://nvd.nist.gov/vuln/detail/CVE-2020-14678
[ 35 ] CVE-2020-14680
https://nvd.nist.gov/vuln/detail/CVE-2020-14680
[ 36 ] CVE-2020-14697
https://nvd.nist.gov/vuln/detail/CVE-2020-14697
[ 37 ] CVE-2020-14702
https://nvd.nist.gov/vuln/detail/CVE-2020-14702
[ 38 ] CVE-2020-14725
https://nvd.nist.gov/vuln/detail/CVE-2020-14725
[ 39 ] CVE-2020-14760
https://nvd.nist.gov/vuln/detail/CVE-2020-14760
[ 40 ] CVE-2020-14765
https://nvd.nist.gov/vuln/detail/CVE-2020-14765
[ 41 ] CVE-2020-14769
https://nvd.nist.gov/vuln/detail/CVE-2020-14769
[ 42 ] CVE-2020-14771
https://nvd.nist.gov/vuln/detail/CVE-2020-14771
[ 43 ] CVE-2020-14773
https://nvd.nist.gov/vuln/detail/CVE-2020-14773
[ 44 ] CVE-2020-14775
https://nvd.nist.gov/vuln/detail/CVE-2020-14775
[ 45 ] CVE-2020-14776
https://nvd.nist.gov/vuln/detail/CVE-2020-14776
[ 46 ] CVE-2020-14777
https://nvd.nist.gov/vuln/detail/CVE-2020-14777
[ 47 ] CVE-2020-14785
https://nvd.nist.gov/vuln/detail/CVE-2020-14785
[ 48 ] CVE-2020-14786
https://nvd.nist.gov/vuln/detail/CVE-2020-14786
[ 49 ] CVE-2020-14789
https://nvd.nist.gov/vuln/detail/CVE-2020-14789
[ 50 ] CVE-2020-14790
https://nvd.nist.gov/vuln/detail/CVE-2020-14790
[ 51 ] CVE-2020-14791
https://nvd.nist.gov/vuln/detail/CVE-2020-14791
[ 52 ] CVE-2020-14793
https://nvd.nist.gov/vuln/detail/CVE-2020-14793
[ 53 ] CVE-2020-14794
https://nvd.nist.gov/vuln/detail/CVE-2020-14794
[ 54 ] CVE-2020-14799
https://nvd.nist.gov/vuln/detail/CVE-2020-14799
[ 55 ] CVE-2020-14800
https://nvd.nist.gov/vuln/detail/CVE-2020-14800
[ 56 ] CVE-2020-14804
https://nvd.nist.gov/vuln/detail/CVE-2020-14804
[ 57 ] CVE-2020-14809
https://nvd.nist.gov/vuln/detail/CVE-2020-14809
[ 58 ] CVE-2020-14812
https://nvd.nist.gov/vuln/detail/CVE-2020-14812
[ 59 ] CVE-2020-14814
https://nvd.nist.gov/vuln/detail/CVE-2020-14814
[ 60 ] CVE-2020-14821
https://nvd.nist.gov/vuln/detail/CVE-2020-14821
[ 61 ] CVE-2020-14827
https://nvd.nist.gov/vuln/detail/CVE-2020-14827
[ 62 ] CVE-2020-14828
https://nvd.nist.gov/vuln/detail/CVE-2020-14828
[ 63 ] CVE-2020-14829
https://nvd.nist.gov/vuln/detail/CVE-2020-14829
[ 64 ] CVE-2020-14830
https://nvd.nist.gov/vuln/detail/CVE-2020-14830
[ 65 ] CVE-2020-14836
https://nvd.nist.gov/vuln/detail/CVE-2020-14836
[ 66 ] CVE-2020-14837
https://nvd.nist.gov/vuln/detail/CVE-2020-14837
[ 67 ] CVE-2020-14838
https://nvd.nist.gov/vuln/detail/CVE-2020-14838
[ 68 ] CVE-2020-14839
https://nvd.nist.gov/vuln/detail/CVE-2020-14839
[ 69 ] CVE-2020-14844
https://nvd.nist.gov/vuln/detail/CVE-2020-14844
[ 70 ] CVE-2020-14845
https://nvd.nist.gov/vuln/detail/CVE-2020-14845
[ 71 ] CVE-2020-14846
https://nvd.nist.gov/vuln/detail/CVE-2020-14846
[ 72 ] CVE-2020-14848
https://nvd.nist.gov/vuln/detail/CVE-2020-14848
[ 73 ] CVE-2020-14852
https://nvd.nist.gov/vuln/detail/CVE-2020-14852
[ 74 ] CVE-2020-14853
https://nvd.nist.gov/vuln/detail/CVE-2020-14853
[ 75 ] CVE-2020-14860
https://nvd.nist.gov/vuln/detail/CVE-2020-14860
[ 76 ] CVE-2020-14861
https://nvd.nist.gov/vuln/detail/CVE-2020-14861
[ 77 ] CVE-2020-14866
https://nvd.nist.gov/vuln/detail/CVE-2020-14866
[ 78 ] CVE-2020-14867
https://nvd.nist.gov/vuln/detail/CVE-2020-14867
[ 79 ] CVE-2020-14868
https://nvd.nist.gov/vuln/detail/CVE-2020-14868
[ 80 ] CVE-2020-14869
https://nvd.nist.gov/vuln/detail/CVE-2020-14869
[ 81 ] CVE-2020-14870
https://nvd.nist.gov/vuln/detail/CVE-2020-14870
[ 82 ] CVE-2020-14873
https://nvd.nist.gov/vuln/detail/CVE-2020-14873
[ 83 ] CVE-2020-14878
https://nvd.nist.gov/vuln/detail/CVE-2020-14878
[ 84 ] CVE-2020-14888
https://nvd.nist.gov/vuln/detail/CVE-2020-14888
[ 85 ] CVE-2020-14891
https://nvd.nist.gov/vuln/detail/CVE-2020-14891
[ 86 ] CVE-2020-14893
https://nvd.nist.gov/vuln/detail/CVE-2020-14893
[ 87 ] CVE-2020-2570
https://nvd.nist.gov/vuln/detail/CVE-2020-2570
[ 88 ] CVE-2020-2572
https://nvd.nist.gov/vuln/detail/CVE-2020-2572
[ 89 ] CVE-2020-2573
https://nvd.nist.gov/vuln/detail/CVE-2020-2573
[ 90 ] CVE-2020-2574
https://nvd.nist.gov/vuln/detail/CVE-2020-2574
[ 91 ] CVE-2020-2577
https://nvd.nist.gov/vuln/detail/CVE-2020-2577
[ 92 ] CVE-2020-2579
https://nvd.nist.gov/vuln/detail/CVE-2020-2579
[ 93 ] CVE-2020-2580
https://nvd.nist.gov/vuln/detail/CVE-2020-2580
[ 94 ] CVE-2020-2584
https://nvd.nist.gov/vuln/detail/CVE-2020-2584
[ 95 ] CVE-2020-2588
https://nvd.nist.gov/vuln/detail/CVE-2020-2588
[ 96 ] CVE-2020-2589
https://nvd.nist.gov/vuln/detail/CVE-2020-2589
[ 97 ] CVE-2020-2627
https://nvd.nist.gov/vuln/detail/CVE-2020-2627
[ 98 ] CVE-2020-2660
https://nvd.nist.gov/vuln/detail/CVE-2020-2660
[ 99 ] CVE-2020-2679
https://nvd.nist.gov/vuln/detail/CVE-2020-2679
[ 100 ] CVE-2020-2686
https://nvd.nist.gov/vuln/detail/CVE-2020-2686
[ 101 ] CVE-2020-2694
https://nvd.nist.gov/vuln/detail/CVE-2020-2694
[ 102 ] CVE-2020-2752
https://nvd.nist.gov/vuln/detail/CVE-2020-2752
[ 103 ] CVE-2020-2759
https://nvd.nist.gov/vuln/detail/CVE-2020-2759
[ 104 ] CVE-2020-2760
https://nvd.nist.gov/vuln/detail/CVE-2020-2760
[ 105 ] CVE-2020-2761
https://nvd.nist.gov/vuln/detail/CVE-2020-2761
[ 106 ] CVE-2020-2762
https://nvd.nist.gov/vuln/detail/CVE-2020-2762
[ 107 ] CVE-2020-2763
https://nvd.nist.gov/vuln/detail/CVE-2020-2763
[ 108 ] CVE-2020-2765
https://nvd.nist.gov/vuln/detail/CVE-2020-2765
[ 109 ] CVE-2020-2768
https://nvd.nist.gov/vuln/detail/CVE-2020-2768
[ 110 ] CVE-2020-2770
https://nvd.nist.gov/vuln/detail/CVE-2020-2770
[ 111 ] CVE-2020-2774
https://nvd.nist.gov/vuln/detail/CVE-2020-2774
[ 112 ] CVE-2020-2779
https://nvd.nist.gov/vuln/detail/CVE-2020-2779
[ 113 ] CVE-2020-2780
https://nvd.nist.gov/vuln/detail/CVE-2020-2780
[ 114 ] CVE-2020-2790
https://nvd.nist.gov/vuln/detail/CVE-2020-2790
[ 115 ] CVE-2020-2804
https://nvd.nist.gov/vuln/detail/CVE-2020-2804
[ 116 ] CVE-2020-2806
https://nvd.nist.gov/vuln/detail/CVE-2020-2806
[ 117 ] CVE-2020-2812
https://nvd.nist.gov/vuln/detail/CVE-2020-2812
[ 118 ] CVE-2020-2814
https://nvd.nist.gov/vuln/detail/CVE-2020-2814
[ 119 ] CVE-2020-2853
https://nvd.nist.gov/vuln/detail/CVE-2020-2853
[ 120 ] CVE-2020-2875
https://nvd.nist.gov/vuln/detail/CVE-2020-2875
[ 121 ] CVE-2020-2892
https://nvd.nist.gov/vuln/detail/CVE-2020-2892
[ 122 ] CVE-2020-2893
https://nvd.nist.gov/vuln/detail/CVE-2020-2893
[ 123 ] CVE-2020-2895
https://nvd.nist.gov/vuln/detail/CVE-2020-2895
[ 124 ] CVE-2020-2896
https://nvd.nist.gov/vuln/detail/CVE-2020-2896
[ 125 ] CVE-2020-2897
https://nvd.nist.gov/vuln/detail/CVE-2020-2897
[ 126 ] CVE-2020-2898
https://nvd.nist.gov/vuln/detail/CVE-2020-2898
[ 127 ] CVE-2020-2901
https://nvd.nist.gov/vuln/detail/CVE-2020-2901
[ 128 ] CVE-2020-2903
https://nvd.nist.gov/vuln/detail/CVE-2020-2903
[ 129 ] CVE-2020-2904
https://nvd.nist.gov/vuln/detail/CVE-2020-2904
[ 130 ] CVE-2020-2921
https://nvd.nist.gov/vuln/detail/CVE-2020-2921
[ 131 ] CVE-2020-2922
https://nvd.nist.gov/vuln/detail/CVE-2020-2922
[ 132 ] CVE-2020-2923
https://nvd.nist.gov/vuln/detail/CVE-2020-2923
[ 133 ] CVE-2020-2924
https://nvd.nist.gov/vuln/detail/CVE-2020-2924
[ 134 ] CVE-2020-2925
https://nvd.nist.gov/vuln/detail/CVE-2020-2925
[ 135 ] CVE-2020-2926
https://nvd.nist.gov/vuln/detail/CVE-2020-2926
[ 136 ] CVE-2020-2928
https://nvd.nist.gov/vuln/detail/CVE-2020-2928
[ 137 ] CVE-2020-2930
https://nvd.nist.gov/vuln/detail/CVE-2020-2930
[ 138 ] CVE-2020-2933
https://nvd.nist.gov/vuln/detail/CVE-2020-2933
[ 139 ] CVE-2020-2934
https://nvd.nist.gov/vuln/detail/CVE-2020-2934
[ 140 ] CVE-2021-1998
https://nvd.nist.gov/vuln/detail/CVE-2021-1998
[ 141 ] CVE-2021-2001
https://nvd.nist.gov/vuln/detail/CVE-2021-2001
[ 142 ] CVE-2021-2002
https://nvd.nist.gov/vuln/detail/CVE-2021-2002
[ 143 ] CVE-2021-2006
https://nvd.nist.gov/vuln/detail/CVE-2021-2006
[ 144 ] CVE-2021-2007
https://nvd.nist.gov/vuln/detail/CVE-2021-2007
[ 145 ] CVE-2021-2009
https://nvd.nist.gov/vuln/detail/CVE-2021-2009
[ 146 ] CVE-2021-2010
https://nvd.nist.gov/vuln/detail/CVE-2021-2010
[ 147 ] CVE-2021-2011
https://nvd.nist.gov/vuln/detail/CVE-2021-2011
[ 148 ] CVE-2021-2012
https://nvd.nist.gov/vuln/detail/CVE-2021-2012
[ 149 ] CVE-2021-2014
https://nvd.nist.gov/vuln/detail/CVE-2021-2014
[ 150 ] CVE-2021-2016
https://nvd.nist.gov/vuln/detail/CVE-2021-2016
[ 151 ] CVE-2021-2019
https://nvd.nist.gov/vuln/detail/CVE-2021-2019
[ 152 ] CVE-2021-2020
https://nvd.nist.gov/vuln/detail/CVE-2021-2020
[ 153 ] CVE-2021-2021
https://nvd.nist.gov/vuln/detail/CVE-2021-2021
[ 154 ] CVE-2021-2022
https://nvd.nist.gov/vuln/detail/CVE-2021-2022
[ 155 ] CVE-2021-2024
https://nvd.nist.gov/vuln/detail/CVE-2021-2024
[ 156 ] CVE-2021-2028
https://nvd.nist.gov/vuln/detail/CVE-2021-2028
[ 157 ] CVE-2021-2030
https://nvd.nist.gov/vuln/detail/CVE-2021-2030
[ 158 ] CVE-2021-2031
https://nvd.nist.gov/vuln/detail/CVE-2021-2031
[ 159 ] CVE-2021-2032
https://nvd.nist.gov/vuln/detail/CVE-2021-2032
[ 160 ] CVE-2021-2036
https://nvd.nist.gov/vuln/detail/CVE-2021-2036
[ 161 ] CVE-2021-2038
https://nvd.nist.gov/vuln/detail/CVE-2021-2038
[ 162 ] CVE-2021-2042
https://nvd.nist.gov/vuln/detail/CVE-2021-2042
[ 163 ] CVE-2021-2046
https://nvd.nist.gov/vuln/detail/CVE-2021-2046
[ 164 ] CVE-2021-2048
https://nvd.nist.gov/vuln/detail/CVE-2021-2048
[ 165 ] CVE-2021-2055
https://nvd.nist.gov/vuln/detail/CVE-2021-2055
[ 166 ] CVE-2021-2056
https://nvd.nist.gov/vuln/detail/CVE-2021-2056
[ 167 ] CVE-2021-2058
https://nvd.nist.gov/vuln/detail/CVE-2021-2058
[ 168 ] CVE-2021-2060
https://nvd.nist.gov/vuln/detail/CVE-2021-2060
[ 169 ] CVE-2021-2061
https://nvd.nist.gov/vuln/detail/CVE-2021-2061
[ 170 ] CVE-2021-2065
https://nvd.nist.gov/vuln/detail/CVE-2021-2065
[ 171 ] CVE-2021-2070
https://nvd.nist.gov/vuln/detail/CVE-2021-2070
[ 172 ] CVE-2021-2072
https://nvd.nist.gov/vuln/detail/CVE-2021-2072
[ 173 ] CVE-2021-2076
https://nvd.nist.gov/vuln/detail/CVE-2021-2076
[ 174 ] CVE-2021-2081
https://nvd.nist.gov/vuln/detail/CVE-2021-2081
[ 175 ] CVE-2021-2087
https://nvd.nist.gov/vuln/detail/CVE-2021-2087
[ 176 ] CVE-2021-2088
https://nvd.nist.gov/vuln/detail/CVE-2021-2088
[ 177 ] CVE-2021-2122
https://nvd.nist.gov/vuln/detail/CVE-2021-2122
[ 178 ] CVE-2021-2154
https://nvd.nist.gov/vuln/detail/CVE-2021-2154
[ 179 ] CVE-2021-2166
https://nvd.nist.gov/vuln/detail/CVE-2021-2166
[ 180 ] CVE-2021-2180
https://nvd.nist.gov/vuln/detail/CVE-2021-2180

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202105-27

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

--MZuWVtnQUUjRaKo65J7aNjmY74dNDTey2--

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAmCuF+AFAwAAAAAACgkQRObr3Jv2BVlt Fgf+Nvea5QkExvAnyg0AP8NiEyWvAsVEYYJQo3TPC8OZ4YUmHa4q1kMjyY9S812DJQgFrW6Pi5ma h8/E0aKHJpfYsJoX1t3UuBX8xMqPh04ZEDrK+6+MrilSUbU/uQD7OE/SCeVmZfEOQvjB/Y7gHHCa HkcqL2UHn+RuWlbEsZiBIu/SQud/ly/cpqnHa7r/KFWqTslYBp6X9givnzJWCohsYfmr9AJgniwV 4jQLTZ1isAt+qHzpGh3ze94YaX68gyaPBJH/9eOzgxPiKKzrdCGgd1gHatZkJqy3dUVbqbVqSB9J ehKk0Mg7xCkGQRi531kbBZAalTw/uQbMlYeWwAvQ2g==
=h7ci
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	150:43:34
Calls:	10,383
Files:	14,054
Messages:	6,417,791

[ GLSA 202105-27 ] MySQL: Multiple vulnerabilities

Who's Online

System Info