mysql:8.0 security update
エラータID: AXSA:2020-844:01
MySQL server daemon (mysqld) and many client programs and libraries.
The following packages have been upgraded to a later upstream version: mysql
(8.0.21).
Security Fix(es):
mysql: Server: Security: Privileges multiple unspecified vulnerabilities
(CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774,
CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)
mysql: Server: Security: Encryption multiple unspecified vulnerabilities
(CVE-2019-2914, CVE-2019-2957)
mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938,
CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589,
CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895,
CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)
mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946,
CVE-2020-2925)
mysql: Server: Replication multiple unspecified vulnerabilities
(CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)
mysql: Server: Optimizer multiple unspecified vulnerabilities
(CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991,
CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686,
CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904,
CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547,
CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)
mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993,
CVE-2019-3011)
mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997,
CVE-2020-2580)
mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004,
CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)
mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)
mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584,
CVE-2020-14632)
mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588,
CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)
mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752,
CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)
mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)
mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)
mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)
mysql: Server: Information Schema multiple unspecified vulnerabilities
(CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)
mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)
mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)
mysql: Server: Group Replication Plugin unspecified vulnerability
(CVE-2020-2921)
mysql: Server: Group Replication GCS unspecified vulnerability
(CVE-2020-2926)
mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)
mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)
mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)
mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)
mysql: Server: Security: Roles multiple unspecified vulnerabilities
(CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)
mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)
mysql: Information Schema unspecified vulnerability (CVE-2019-2911)
Modularity name: mysql
Stream name: 8.0
Update packages.
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
N/A
SRPMS
- mecab-ipadic-2.7.0.20070801-16.module+el8+128+b1ce1430.src.rpm
MD5: cde2c8df462bbddff9112cbfcfdb5dd6
SHA-256: 0c5f9572ec0e14d0acfa5ab1a54bd641a17684850f784905e013cd268daf9e3b
Size: 10.54 MB - mecab-0.996-1.module+el8+128+b1ce1430.9.src.rpm
MD5: 72ef4124b6ae59e786a3d4ad015f5d1e
SHA-256: 6472095785e4bc12cc29ee93c6d336aa665ff2204fa6cc4a14c2513afec12300
Size: 960.23 kB - mysql-8.0.21-1.module+el8+128+b1ce1430.src.rpm
MD5: d4c025221f71a84f8b2580f82792ed98
SHA-256: b615661948d77730b016191722996dc9663aecb9d8fe9a1b6a464d50dd8223f3
Size: 261.81 MB
Asianux Server 8 for x86_64
- mecab-ipadic-2.7.0.20070801-16.module+el8+128+b1ce1430.x86_64.rpm
MD5: df11d36278d808d184e36c109b49cea9
SHA-256: 786af622a2af162c8746f8c090d0afb253e593b21c61eca0995702c1d0243728
Size: 10.52 MB - mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8+128+b1ce1430.x86_64.rpm
MD5: db100ae2b9ed249b190265a3f533761a
SHA-256: 7708d0543e5babf9af5750d93d0d8793643b09acb1eb6a55f5da80426e69e7b8
Size: 9.40 MB - mecab-0.996-1.module+el8+128+b1ce1430.9.x86_64.rpm
MD5: d87f5867d155702ab3898a461c9d166f
SHA-256: ca3b4cf256e715ddc807ae1f58c1d9b87e53aa595f34479ebe88e3d51d752def
Size: 391.76 kB - mysql-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: f071a09b931c177d0578a71df62d5c39
SHA-256: 72ced4a52d9cd11f3530ebc4c0e889b97847a5c30c45a122671c4590de6206a0
Size: 11.84 MB - mysql-common-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: e6b73c38bcbab0cfa46e0180ff14031f
SHA-256: 9d10563f2977e8ddf7712949dd0aa41f68b90a7f4053d46610569a898292b013
Size: 146.40 kB - mysql-devel-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: 9d352c5251a9dacbb8a735bc93bcd0e7
SHA-256: 4bc6fa2a601d0db9b5054fd78798240f6f9e5476b5e48f5648d96a8d50e852f2
Size: 150.48 kB - mysql-errmsg-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: bf8bcf2963c9c02015bb52efd1cda6fb
SHA-256: db0e15fd5a30d0457ba65587492009be04499302c9ed40d137fc505d0b3fca08
Size: 579.82 kB - mysql-libs-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: 7f24028de31c1d2d39c32e34dd7b0a8a
SHA-256: fa2952800e9e1049b57c1b1a447e35c7f510958c0e743dcb7cd86b1db6220daf
Size: 1.38 MB - mysql-server-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: d4c73a1982394acd84bd389486eb414b
SHA-256: d883bbb8008f50683888094faf659e697e3efcc1020774c8773bfa07bedc0007
Size: 22.29 MB - mysql-test-8.0.21-1.module+el8+128+b1ce1430.x86_64.rpm
MD5: 218046ac65787e7549ee54e3be1ec684
SHA-256: 228cae4c03f68bfedca161e69a073e705ae6d5f5462a71f59c52392c4373807e
Size: 211.98 MB