VIR Vulnerability Intelligence Relay

CVE-2023-22066

medium
Published 2024-03-05 Β· Modified 2024-02-20
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2024:0894: mysql:8.0 security update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description mysql: InnoDB unspecified vulnerability (CPU Oct 2023) CVSS v3: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8mysql:8.0-8090020240126173013.a75119d5RHSA-2024:08942024-02-20T00:00:00Z Red Hat Enterprise Linux 9mysql-0:8.0.36-1.el9_3RHSA-2024:11412024-03-05T00:00:00Z Red Hat Software Collections for…

Description

mysql: InnoDB unspecified vulnerability (CPU Oct 2023)

CVSS v3: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8mysql:8.0-8090020240126173013.a75119d5RHSA-2024:08942024-02-20T00:00:00Z
Red Hat Enterprise Linux 9mysql-0:8.0.36-1.el9_3RHSA-2024:11412024-03-05T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-mysql80-mysql-0:8.0.36-1.el7RHSA-2024:26192024-04-30T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6mysqlNot affected
Red Hat Enterprise Linux 7mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.3/mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.5/mariadbNot affected
Red Hat Enterprise Linux 9mariadbNot affected
Red Hat Software Collectionsrh-mariadb105-mariadbNot affected

Apply commands

bash fix
Apply RHSA-2024:0894 for Red Hat Enterprise Linux 8
yum update -y mysql:8
# or:
dnf upgrade -y mysql:8

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Software CollectionsNot affected

OS impact
almalinux AlmaLinux Fixed 2 releases
VersionStatusFixed in
9 Fixed mysql-errmsg-8.0.36-1.el9_3.x86_64.rpm
8 Fixed mecab-ipadic-2.7.0.20070801-16.module_el8.6.0+3340+d764b636.x86_64.rpm
debian Debian Fixed 1 release
VersionStatusFixed in
sid Fixed 8.0.35-1
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.