[security - medium] mysql:8.4 security update, rapidjson-1.1.0-3.module+el8+1928+3470422a
エラータID: AXSA:2025-11541:01
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: DML unspecified vulnerability (CPU Oct 2025) (CVE-2025-53053)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53044)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53062)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53054)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53045)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53040)
* mysql: Components Services unspecified vulnerability (CPU Oct 2025) (CVE-2025-53069)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-53040
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53042
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53044
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53045
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53053
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-53054
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-53062
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53069
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modularity name: "mysql"
Stream name: "8.4"
Update packages.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
N/A
SRPMS
- mecab-ipadic-2.7.0.20070801-17.module+el8+1928+3470422a.src.rpm
MD5: 6229eea477b1a25d5f24cc2641500a80
SHA-256: 6014226764a9dfed1a3018f9bcbbffda63661e93d8f06a6bb4066de4754c14db
Size: 10.54 MB - mecab-0.996-2.module+el8+1928+3470422a.src.rpm
MD5: 8f83af883a2e846182cd1da5d58398b1
SHA-256: 26193786eed32715389c4cef6bfd939a8a38556b13f4a4fba8c741319a0cb8ae
Size: 960.68 kB - mysql-8.4.7-1.module+el8+1928+3470422a.ML.1.src.rpm
MD5: e13559476dab62f556171b72cd96e83f
SHA-256: 8538049b6435736390a53e4c8f5ed90d50d48bdf6609f816ec2eb1dba77466cc
Size: 453.50 MB - rapidjson-1.1.0-3.module+el8+1928+3470422a.src.rpm
MD5: 5c7d4a774c03d5c6e8603753131a437f
SHA-256: 5e6e2dcbbb5a23ede29aabcf88610f5498df13d3271cedf838fc6d8e6d360dac
Size: 0.98 MB
Asianux Server 8 for x86_64
- mecab-0.996-2.module+el8+1928+3470422a.x86_64.rpm
MD5: f72a931b9645dcda08d8f8901351c0f5
SHA-256: def7448bde5827fce1365e920764a264003680d11613f36cf03716b8102c9221
Size: 392.37 kB - mecab-debugsource-0.996-2.module+el8+1928+3470422a.x86_64.rpm
MD5: 982a02b716f8d61e01013cec31091fd6
SHA-256: 95dbcfeac0daf48ddb1291ad1b59a897cd76b54fb05ddc64346ff24e80eb9c2e
Size: 165.54 kB - mecab-devel-0.996-2.module+el8+1928+3470422a.x86_64.rpm
MD5: d202b218a5bee9df9eba7b18685f34ad
SHA-256: 29cd29c782aa8622de58432b08b843fdf46f6e33a271877537739f78a7e2228e
Size: 78.61 kB - mecab-ipadic-2.7.0.20070801-17.module+el8+1928+3470422a.x86_64.rpm
MD5: 020b3b95d35cb35013e9d5d802f56ece
SHA-256: ec9ec53347429d2f273aac1481ae538ed9a9d7d165081d1ed55113ba8a1c416a
Size: 10.52 MB - mecab-ipadic-EUCJP-2.7.0.20070801-17.module+el8+1928+3470422a.x86_64.rpm
MD5: f1614f6ceba3230f22a8e356f774896d
SHA-256: a76136379e4490b550e817496ffe776f9a82c8d1c0adc1de04bb94713b2fb191
Size: 9.40 MB - mysql-8.4.7-1.module+el8+1928+3470422a.ML.1.x86_64.rpm
MD5: 6212bb5db41464ddb498383de792813b
SHA-256: 46aa77c8007e0a0a9443212072489a2cb2f80cba55ba7fabde1ae87d0c805e9f
Size: 9.89 MB - mysql-common-8.4.7-1.module+el8+1928+3470422a.ML.1.noarch.rpm
MD5: 2091a6556dab2143dea92b79b43bc0ba
SHA-256: 8b071187966ca4f1aadb2e4266d0a57a1ec98d04ba11b39abb51a9b9e8b0ad52
Size: 141.79 kB - mysql-debugsource-8.4.7-1.module+el8+1928+3470422a.ML.1.x86_64.rpm
MD5: 1433568163b0a52a3e16a088efa140c3
SHA-256: c97e45b66ff0f24bba49a94c3ae09e446861320e794c544279560e75e2470e2f
Size: 19.08 MB - mysql-devel-8.4.7-1.module+el8+1928+3470422a.ML.1.x86_64.rpm
MD5: 6de10a22d99839653f26b03a9bbea96b
SHA-256: 04ed808b6a1fc0881bc15c9c7520f45f34bbb1aa9b74da9b6dbc08699a8f5eed
Size: 171.75 kB - mysql-errmsg-8.4.7-1.module+el8+1928+3470422a.ML.1.noarch.rpm
MD5: 5b4698fac8e5a76bc1e31e213d2da200
SHA-256: afc1c43f21a5fe1831680cabbe4706f057c57d75136cbf1124ed33f1fcc9ac91
Size: 672.93 kB - mysql-libs-8.4.7-1.module+el8+1928+3470422a.ML.1.x86_64.rpm
MD5: 16d0535449e2973e82dd34e076cd78b1
SHA-256: ee92907c5b36806d1b6e19b9f77fb505a763e55023d8c716f6acab44f8220006
Size: 1.28 MB - mysql-server-8.4.7-1.module+el8+1928+3470422a.ML.1.x86_64.rpm
MD5: 180e0b50874d76a78ec41b2050f3606f
SHA-256: 07094320f009966d7686938559431f224c8d97574ce6c70264f38b4a419d3a4a
Size: 24.73 MB - mysql-test-8.4.7-1.module+el8+1928+3470422a.ML.1.x86_64.rpm
MD5: b288aad5a91d2e2db382917e5615c0c1
SHA-256: c97e65a488d94abe18bff88558598e48debee86ad867016814122d11f056b681
Size: 5.72 MB - mysql-test-data-8.4.7-1.module+el8+1928+3470422a.ML.1.noarch.rpm
MD5: b3d2f7924fc97fe88fb0cac718f6b414
SHA-256: 924e6fbaa6c032143f704be835322fdce53bb3b4fb67ee22576b9ee7471b303f
Size: 384.77 MB