The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1141.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security update Advisory ID: RHSA-2024:1141-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2024:1141 Issue date: 2024-03-05 Revision: 03 CVE Names: CVE-2022-4899 ==================================================================== Summary: An update for mysql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982) * mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962) * mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953) * mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955) * mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966) * mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972) * mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980) * mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057) * mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112) * mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033) * mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046) * mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058) * mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114) * mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111) * mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115) * mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964) * mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967) * mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981) * mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983) * mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984) * mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985) * zstd: mysql: buffer overrun in util.c (CVE-2022-4899) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113) Bug Fix(es): * Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: https://access.redhat.com/articles/11258 CVEs: CVE-2022-4899 References: https://access.redhat.com/security/updates/classification/#moderate https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://bugzilla.redhat.com/show_bug.cgi?id=2188109 https://bugzilla.redhat.com/show_bug.cgi?id=2188113 https://bugzilla.redhat.com/show_bug.cgi?id=2188115 https://bugzilla.redhat.com/show_bug.cgi?id=2188116 https://bugzilla.redhat.com/show_bug.cgi?id=2188117 https://bugzilla.redhat.com/show_bug.cgi?id=2188118 https://bugzilla.redhat.com/show_bug.cgi?id=2188119 https://bugzilla.redhat.com/show_bug.cgi?id=2188120 https://bugzilla.redhat.com/show_bug.cgi?id=2188121 https://bugzilla.redhat.com/show_bug.cgi?id=2188122 https://bugzilla.redhat.com/show_bug.cgi?id=2188123 https://bugzilla.redhat.com/show_bug.cgi?id=2188124 https://bugzilla.redhat.com/show_bug.cgi?id=2188125 https://bugzilla.redhat.com/show_bug.cgi?id=2188127 https://bugzilla.redhat.com/show_bug.cgi?id=2188128 https://bugzilla.redhat.com/show_bug.cgi?id=2188129 https://bugzilla.redhat.com/show_bug.cgi?id=2188130 https://bugzilla.redhat.com/show_bug.cgi?id=2188131 https://bugzilla.redhat.com/show_bug.cgi?id=2188132 https://bugzilla.redhat.com/show_bug.cgi?id=2224211 https://bugzilla.redhat.com/show_bug.cgi?id=2224212 https://bugzilla.redhat.com/show_bug.cgi?id=2224213 https://bugzilla.redhat.com/show_bug.cgi?id=2224214 https://bugzilla.redhat.com/show_bug.cgi?id=2224215 https://bugzilla.redhat.com/show_bug.cgi?id=2224216 https://bugzilla.redhat.com/show_bug.cgi?id=2224217 https://bugzilla.redhat.com/show_bug.cgi?id=2224218 https://bugzilla.redhat.com/show_bug.cgi?id=2224219 https://bugzilla.redhat.com/show_bug.cgi?id=2224220 https://bugzilla.redhat.com/show_bug.cgi?id=2224221 https://bugzilla.redhat.com/show_bug.cgi?id=2224222 https://bugzilla.redhat.com/show_bug.cgi?id=2245014 https://bugzilla.redhat.com/show_bug.cgi?id=2245015 https://bugzilla.redhat.com/show_bug.cgi?id=2245016 https://bugzilla.redhat.com/show_bug.cgi?id=2245017 https://bugzilla.redhat.com/show_bug.cgi?id=2245018 https://bugzilla.redhat.com/show_bug.cgi?id=2245019 https://bugzilla.redhat.com/show_bug.cgi?id=2245020 https://bugzilla.redhat.com/show_bug.cgi?id=2245021 https://bugzilla.redhat.com/show_bug.cgi?id=2245022 https://bugzilla.redhat.com/show_bug.cgi?id=2245023 https://bugzilla.redhat.com/show_bug.cgi?id=2245024 https://bugzilla.redhat.com/show_bug.cgi?id=2245026 https://bugzilla.redhat.com/show_bug.cgi?id=2245027 https://bugzilla.redhat.com/show_bug.cgi?id=2245028 https://bugzilla.redhat.com/show_bug.cgi?id=2245029 https://bugzilla.redhat.com/show_bug.cgi?id=2245030 https://bugzilla.redhat.com/show_bug.cgi?id=2245031 https://bugzilla.redhat.com/show_bug.cgi?id=2245032 https://bugzilla.redhat.com/show_bug.cgi?id=2245033 https://bugzilla.redhat.com/show_bug.cgi?id=2245034 https://bugzilla.redhat.com/show_bug.cgi?id=2258771 https://bugzilla.redhat.com/show_bug.cgi?id=2258772 https://bugzilla.redhat.com/show_bug.cgi?id=2258773 https://bugzilla.redhat.com/show_bug.cgi?id=2258774 https://bugzilla.redhat.com/show_bug.cgi?id=2258775 https://bugzilla.redhat.com/show_bug.cgi?id=2258776 https://bugzilla.redhat.com/show_bug.cgi?id=2258777 https://bugzilla.redhat.com/show_bug.cgi?id=2258778 https://bugzilla.redhat.com/show_bug.cgi?id=2258779 https://bugzilla.redhat.com/show_bug.cgi?id=2258780 https://bugzilla.redhat.com/show_bug.cgi?id=2258781 https://bugzilla.redhat.com/show_bug.cgi?id=2258782 https://bugzilla.redhat.com/show_bug.cgi?id=2258783 https://bugzilla.redhat.com/show_bug.cgi?id=2258784 https://bugzilla.redhat.com/show_bug.cgi?id=2258785 https://bugzilla.redhat.com/show_bug.cgi?id=2258787 https://bugzilla.redhat.com/show_bug.cgi?id=2258788 https://bugzilla.redhat.com/show_bug.cgi?id=2258789 https://bugzilla.redhat.com/show_bug.cgi?id=2258790 https://bugzilla.redhat.com/show_bug.cgi?id=2258791 https://bugzilla.redhat.com/show_bug.cgi?id=2258792 https://bugzilla.redhat.com/show_bug.cgi?id=2258793 https://bugzilla.redhat.com/show_bug.cgi?id=2258794