VIR Vulnerability Intelligence Relay

CVE-2020-14837

medium
Published 2021-09-21 Β· Modified 2021-09-21
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020) CVSS v3: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8mysql:8.0-8040020210824134700.522a0ee4RHSA-2021:35902021-09-21T00:00:00Z Red Hat Software Collections for Red Hat Enterprise Linux…

Description

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)

CVSS v3: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8mysql:8.0-8040020210824134700.522a0ee4RHSA-2021:35902021-09-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-mysql80-mysql-0:8.0.26-1.el7RHSA-2021:38112021-10-12T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSrh-mysql80-mysql-0:8.0.26-1.el7RHSA-2021:38112021-10-12T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 5mysql55-mysqlNot affected
Red Hat Enterprise Linux 6mysqlNot affected
Red Hat Enterprise Linux 7mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.3/mariadbNot affected
Red Hat OpenStack Platform 10 (Newton)mariadb-galeraNot affected
Red Hat OpenStack Platform 13 (Queens)mariadbNot affected
Red Hat Software Collectionsrh-mariadb102-mariadbNot affected
Red Hat Software Collectionsrh-mariadb103-mariadbNot affected

Apply commands

bash fix
Apply RHSA-2021:3590 for Red Hat Enterprise Linux 8
yum update -y mysql:8
# or:
dnf upgrade -y mysql:8

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 5Not affected
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat OpenStack Platform 10 (Newton)Not affected
redhatRed Hat OpenStack Platform 13 (Queens)Not affected
redhatRed Hat Software CollectionsNot affected
redhatRed Hat Software CollectionsNot affected

OS impact
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
8 Fixed mysql-test-8.0.26-1.module_el8.4.0+2532+b8928c02.x86_64.rpm
debian Debian Fixed 1 release
VersionStatusFixed in
sid Fixed 8.0.22-1
redhat Red Hat Fixed 1 release
VersionStatusFixed in
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.