[security - medium] mysql:8.4 security update, rapidjson-1.1.0-19.module+el9+1137+b4f9282d
エラータID: AXSA:2026-378:01
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21941)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21948)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2026) (CVE-2026-21936)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21968)
* mysql: DDL unspecified vulnerability (CPU Jan 2026) (CVE-2026-21937)
* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) (CVE-2026-21964)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-21936
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21937
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21941
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21948
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21964
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21968
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modularity name: "mysql"
Stream name: "8.4"
Update packages.
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
N/A
SRPMS
- mecab-ipadic-2.7.0.20070801-24.module+el9+1137+b4f9282d.src.rpm
MD5: 24c68d2d242076d3ee681616761d6d55
SHA-256: a12fa64d53bdce6c2200b762d0119582a69c9a6c6213e74e374ddd28be68f6aa
Size: 10.54 MB - mecab-0.996-3.module+el9+1137+b4f9282d.4.src.rpm
MD5: 07c6c429e45107bb6c12f2f1289ad969
SHA-256: cd183a26f3b0554c07e5c265e73a53db8b23f0b269b84fc8a3bbb66def783e12
Size: 956.98 kB - mysql-8.4.8-1.module+el9+1137+b4f9282d.ML.1.src.rpm
MD5: 6a2b9bcdcaa8ac8adaf7471e3e75f0d6
SHA-256: b746ceae9a873fc922f369775ba3b7caa7a26609b3a407bd123edce0e2abdae2
Size: 453.53 MB - rapidjson-1.1.0-19.module+el9+1137+b4f9282d.src.rpm
MD5: 0eefe693cd09e55f6f7eb33f6a832358
SHA-256: f37b1a47e4d220ddb5633ec26422c8fb1af9920484adad3b83f145719f91d8cc
Size: 0.98 MB
Asianux Server 9 for x86_64
- mecab-0.996-3.module+el9+1137+b4f9282d.4.x86_64.rpm
MD5: 8789431af5157258c9c12ec1a5a51b27
SHA-256: befc1e4f7f5bfc5bbb3893947451d7a5135cebc33c918111d6c3042e03c3d472
Size: 355.44 kB - mecab-debugsource-0.996-3.module+el9+1137+b4f9282d.4.x86_64.rpm
MD5: f7891020cb47615af54ef0132e8d4bc0
SHA-256: 5f6dfc8dec5f8dadca977fbf53d741dbd53417d48b81027b3d8e89a6b8dba475
Size: 155.37 kB - mecab-devel-0.996-3.module+el9+1137+b4f9282d.4.x86_64.rpm
MD5: 18bf5130e006b0573c7bd618643f3ab9
SHA-256: 61691a68f84089f6ec12443fa5c1ee29fdca9b099a4b744009acb110e8ab22f2
Size: 82.73 kB - mecab-ipadic-2.7.0.20070801-24.module+el9+1137+b4f9282d.x86_64.rpm
MD5: f4885633da1c4c986166bb6d665b7e00
SHA-256: 4f47e7bd87d4e152f1df5f57253d6aada84fd93cf427e8beb2e63f0ddcf63c3d
Size: 10.54 MB - mecab-ipadic-EUCJP-2.7.0.20070801-24.module+el9+1137+b4f9282d.x86_64.rpm
MD5: 74486fb518b4b1f0aba338cbeabf1e99
SHA-256: 803faebb75f1137511ab4b88d50901ef7180f01b7549febcd7e01a5c3bfbc5f6
Size: 9.63 MB - mysql-8.4.8-1.module+el9+1137+b4f9282d.ML.1.x86_64.rpm
MD5: 77fd318f4a217156cabb1abad7fcb110
SHA-256: 149c05da97501e6de629cd806e218faf90fa86d801f60eccfc8caebfbcba2b40
Size: 2.46 MB - mysql-common-8.4.8-1.module+el9+1137+b4f9282d.ML.1.noarch.rpm
MD5: 36571b404a1791f1bf47d263e475cf5f
SHA-256: 104d23d66b2c7b61b15cd9be67781f2f2b76699b2108feac92f7bc304d3fde34
Size: 76.46 kB - mysql-debugsource-8.4.8-1.module+el9+1137+b4f9282d.ML.1.x86_64.rpm
MD5: 306e7a733e40b4c40b565c0dcc5c239e
SHA-256: f92d1bae715cb6b8fed02b74f01f7e99f805583ae9b8d92de357055d0c67d4dd
Size: 17.62 MB - mysql-devel-8.4.8-1.module+el9+1137+b4f9282d.ML.1.x86_64.rpm
MD5: cea3ccc7aff67b0a7d71082a183c7872
SHA-256: 524b0d633fcbb583fe60477f6e690cbd2abca85b5231daed884cc7a242367b00
Size: 102.07 kB - mysql-errmsg-8.4.8-1.module+el9+1137+b4f9282d.ML.1.noarch.rpm
MD5: 81aac9fd53db50c3d66bc1ef62ca9868
SHA-256: f3b8bfae6a2a9d549a0b69079eb47220eb67cb877f2d5094239e8fea7f6b8f79
Size: 528.02 kB - mysql-libs-8.4.8-1.module+el9+1137+b4f9282d.ML.1.x86_64.rpm
MD5: 9c37b3c4f27be2baa6e88c9a79c6cce3
SHA-256: a3cc796b868e3945dddb9c14c7d2f08168cfa3cb434a715315265ec58f1c7367
Size: 1.26 MB - mysql-server-8.4.8-1.module+el9+1137+b4f9282d.ML.1.x86_64.rpm
MD5: 010766f01a3888c1abba5408a27c1b4c
SHA-256: 23ece34ce56d0e04fd6f3fc87b5f5ad707b9c3b6a5fd2f73848b5042cbf56659
Size: 18.38 MB - mysql-test-8.4.8-1.module+el9+1137+b4f9282d.ML.1.x86_64.rpm
MD5: cd71ac65d5f3796400fb0a9af1be2450
SHA-256: 32cd951c96f63d8630b3744267fc3a73ae4008a905da1a2c12499ad2a175c5ff
Size: 4.39 MB - mysql-test-data-8.4.8-1.module+el9+1137+b4f9282d.ML.1.noarch.rpm
MD5: 56438851009a6e8fe9f8aa0295fe883b
SHA-256: f6ec3a242d74a8d1be8f78f7c452f441e66e49574ed30ecb9df6e0d4c33b8bd5
Size: 379.32 MB - rapidjson-devel-1.1.0-19.module+el9+1137+b4f9282d.x86_64.rpm
MD5: 11eeccd2f51c2a8feab3de544820eda6
SHA-256: f9f397b2908d3f5e0ab4eed4bf4f7edb7580805c3b65460324d1076534778128
Size: 119.79 kB - rapidjson-doc-1.1.0-19.module+el9+1137+b4f9282d.noarch.rpm
MD5: fbbb62507fcee869351573e86143d57b
SHA-256: 8f7a83fa9130ac42e646e19cf9b12626e4dba9dbce6e617cc6bf719b0380837c
Size: 1.31 MB