VIR Vulnerability Intelligence Relay

CVE-2021-35607

medium
Published 2022-10-25 Β· Modified 2022-10-25
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description mysql: Server: DML unspecified vulnerability (CPU Oct 2021) CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8mysql:8.0-8060020220830124159.ad008a3aRHSA-2022:71192022-10-25T00:00:00Z Red Hat Software Collections for Red Hat Enterprise Linux…

Description

mysql: Server: DML unspecified vulnerability (CPU Oct 2021)

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8mysql:8.0-8060020220830124159.ad008a3aRHSA-2022:71192022-10-25T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-mysql80-mysql-0:8.0.30-1.el7RHSA-2022:65182022-09-14T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6mysqlNot affected
Red Hat Enterprise Linux 7mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.3/mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.5/mariadbNot affected
Red Hat Enterprise Linux 9mariadbNot affected
Red Hat Enterprise Linux 9mysqlNot affected
Red Hat OpenStack Platform 10 (Newton)mariadb-galeraNot affected
Red Hat OpenStack Platform 13 (Queens)mariadbNot affected
Red Hat Software Collectionsrh-mariadb103-mariadbNot affected
Red Hat Software Collectionsrh-mariadb105-mariadbNot affected

Apply commands

bash fix
Apply RHSA-2022:7119 for Red Hat Enterprise Linux 8
yum update -y mysql:8
# or:
dnf upgrade -y mysql:8

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat OpenStack Platform 10 (Newton)Not affected
redhatRed Hat OpenStack Platform 13 (Queens)Not affected
redhatRed Hat Software CollectionsNot affected
redhatRed Hat Software CollectionsNot affected

OS impact
debian Debian Fixed 1 release
VersionStatusFixed in
sid Fixed 8.0.28-1
redhat Red Hat Fixed 1 release
VersionStatusFixed in
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.