Gentoo 2512 Published by

A MySQL security update has been released for Gentoo Linux.



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202105-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: MySQL: Multiple vulnerabilities
Date: May 26, 2021
Bugs: #699876, #708090, #717628, #732974, #766339, #789243
ID: 202105-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL, the worst of which
could result in the arbitrary execution of code.

Background
==========

MySQL is a popular multi-threaded, multi-user SQL server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 8.0.24 >= 5.7.34:5.7
>= 8.0.24
2 dev-db/mysql-connector-c
< 8.0.24 >= 8.0.24
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
======

An attacker could possibly execute arbitrary code with the privileges
of the process, escalate privileges, gain access to critical data or
complete access to all MySQL server accessible data, or cause a Denial
of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.34"

All mysql users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-8.0.24"

References
==========

[ 1 ] CVE-2019-2938
  https://nvd.nist.gov/vuln/detail/CVE-2019-2938
[ 2 ] CVE-2019-2974
  https://nvd.nist.gov/vuln/detail/CVE-2019-2974
[ 3 ] CVE-2020-14539
  https://nvd.nist.gov/vuln/detail/CVE-2020-14539
[ 4 ] CVE-2020-14540
  https://nvd.nist.gov/vuln/detail/CVE-2020-14540
[ 5 ] CVE-2020-14547
  https://nvd.nist.gov/vuln/detail/CVE-2020-14547
[ 6 ] CVE-2020-14550
  https://nvd.nist.gov/vuln/detail/CVE-2020-14550
[ 7 ] CVE-2020-14553
  https://nvd.nist.gov/vuln/detail/CVE-2020-14553
[ 8 ] CVE-2020-14559
  https://nvd.nist.gov/vuln/detail/CVE-2020-14559
[ 9 ] CVE-2020-14564
  https://nvd.nist.gov/vuln/detail/CVE-2020-14564
[ 10 ] CVE-2020-14567
  https://nvd.nist.gov/vuln/detail/CVE-2020-14567
[ 11 ] CVE-2020-14568
  https://nvd.nist.gov/vuln/detail/CVE-2020-14568
[ 12 ] CVE-2020-14575
  https://nvd.nist.gov/vuln/detail/CVE-2020-14575
[ 13 ] CVE-2020-14576
  https://nvd.nist.gov/vuln/detail/CVE-2020-14576
[ 14 ] CVE-2020-14586
  https://nvd.nist.gov/vuln/detail/CVE-2020-14586
[ 15 ] CVE-2020-14591
  https://nvd.nist.gov/vuln/detail/CVE-2020-14591
[ 16 ] CVE-2020-14597
  https://nvd.nist.gov/vuln/detail/CVE-2020-14597
[ 17 ] CVE-2020-14614
  https://nvd.nist.gov/vuln/detail/CVE-2020-14614
[ 18 ] CVE-2020-14619
  https://nvd.nist.gov/vuln/detail/CVE-2020-14619
[ 19 ] CVE-2020-14620
  https://nvd.nist.gov/vuln/detail/CVE-2020-14620
[ 20 ] CVE-2020-14623
  https://nvd.nist.gov/vuln/detail/CVE-2020-14623
[ 21 ] CVE-2020-14624
  https://nvd.nist.gov/vuln/detail/CVE-2020-14624
[ 22 ] CVE-2020-14626
  https://nvd.nist.gov/vuln/detail/CVE-2020-14626
[ 23 ] CVE-2020-14631
  https://nvd.nist.gov/vuln/detail/CVE-2020-14631
[ 24 ] CVE-2020-14632
  https://nvd.nist.gov/vuln/detail/CVE-2020-14632
[ 25 ] CVE-2020-14633
  https://nvd.nist.gov/vuln/detail/CVE-2020-14633
[ 26 ] CVE-2020-14634
  https://nvd.nist.gov/vuln/detail/CVE-2020-14634
[ 27 ] CVE-2020-14641
  https://nvd.nist.gov/vuln/detail/CVE-2020-14641
[ 28 ] CVE-2020-14643
  https://nvd.nist.gov/vuln/detail/CVE-2020-14643
[ 29 ] CVE-2020-14651
  https://nvd.nist.gov/vuln/detail/CVE-2020-14651
[ 30 ] CVE-2020-14654
  https://nvd.nist.gov/vuln/detail/CVE-2020-14654
[ 31 ] CVE-2020-14656
  https://nvd.nist.gov/vuln/detail/CVE-2020-14656
[ 32 ] CVE-2020-14663
  https://nvd.nist.gov/vuln/detail/CVE-2020-14663
[ 33 ] CVE-2020-14672
  https://nvd.nist.gov/vuln/detail/CVE-2020-14672
[ 34 ] CVE-2020-14678
  https://nvd.nist.gov/vuln/detail/CVE-2020-14678
[ 35 ] CVE-2020-14680
  https://nvd.nist.gov/vuln/detail/CVE-2020-14680
[ 36 ] CVE-2020-14697
  https://nvd.nist.gov/vuln/detail/CVE-2020-14697
[ 37 ] CVE-2020-14702
  https://nvd.nist.gov/vuln/detail/CVE-2020-14702
[ 38 ] CVE-2020-14725
  https://nvd.nist.gov/vuln/detail/CVE-2020-14725
[ 39 ] CVE-2020-14760
  https://nvd.nist.gov/vuln/detail/CVE-2020-14760
[ 40 ] CVE-2020-14765
  https://nvd.nist.gov/vuln/detail/CVE-2020-14765
[ 41 ] CVE-2020-14769
  https://nvd.nist.gov/vuln/detail/CVE-2020-14769
[ 42 ] CVE-2020-14771
  https://nvd.nist.gov/vuln/detail/CVE-2020-14771
[ 43 ] CVE-2020-14773
  https://nvd.nist.gov/vuln/detail/CVE-2020-14773
[ 44 ] CVE-2020-14775
  https://nvd.nist.gov/vuln/detail/CVE-2020-14775
[ 45 ] CVE-2020-14776
  https://nvd.nist.gov/vuln/detail/CVE-2020-14776
[ 46 ] CVE-2020-14777
  https://nvd.nist.gov/vuln/detail/CVE-2020-14777
[ 47 ] CVE-2020-14785
  https://nvd.nist.gov/vuln/detail/CVE-2020-14785
[ 48 ] CVE-2020-14786
  https://nvd.nist.gov/vuln/detail/CVE-2020-14786
[ 49 ] CVE-2020-14789
  https://nvd.nist.gov/vuln/detail/CVE-2020-14789
[ 50 ] CVE-2020-14790
  https://nvd.nist.gov/vuln/detail/CVE-2020-14790
[ 51 ] CVE-2020-14791
  https://nvd.nist.gov/vuln/detail/CVE-2020-14791
[ 52 ] CVE-2020-14793
  https://nvd.nist.gov/vuln/detail/CVE-2020-14793
[ 53 ] CVE-2020-14794
  https://nvd.nist.gov/vuln/detail/CVE-2020-14794
[ 54 ] CVE-2020-14799
  https://nvd.nist.gov/vuln/detail/CVE-2020-14799
[ 55 ] CVE-2020-14800
  https://nvd.nist.gov/vuln/detail/CVE-2020-14800
[ 56 ] CVE-2020-14804
  https://nvd.nist.gov/vuln/detail/CVE-2020-14804
[ 57 ] CVE-2020-14809
  https://nvd.nist.gov/vuln/detail/CVE-2020-14809
[ 58 ] CVE-2020-14812
  https://nvd.nist.gov/vuln/detail/CVE-2020-14812
[ 59 ] CVE-2020-14814
  https://nvd.nist.gov/vuln/detail/CVE-2020-14814
[ 60 ] CVE-2020-14821
  https://nvd.nist.gov/vuln/detail/CVE-2020-14821
[ 61 ] CVE-2020-14827
  https://nvd.nist.gov/vuln/detail/CVE-2020-14827
[ 62 ] CVE-2020-14828
  https://nvd.nist.gov/vuln/detail/CVE-2020-14828
[ 63 ] CVE-2020-14829
  https://nvd.nist.gov/vuln/detail/CVE-2020-14829
[ 64 ] CVE-2020-14830
  https://nvd.nist.gov/vuln/detail/CVE-2020-14830
[ 65 ] CVE-2020-14836
  https://nvd.nist.gov/vuln/detail/CVE-2020-14836
[ 66 ] CVE-2020-14837
  https://nvd.nist.gov/vuln/detail/CVE-2020-14837
[ 67 ] CVE-2020-14838
  https://nvd.nist.gov/vuln/detail/CVE-2020-14838
[ 68 ] CVE-2020-14839
  https://nvd.nist.gov/vuln/detail/CVE-2020-14839
[ 69 ] CVE-2020-14844
  https://nvd.nist.gov/vuln/detail/CVE-2020-14844
[ 70 ] CVE-2020-14845
  https://nvd.nist.gov/vuln/detail/CVE-2020-14845
[ 71 ] CVE-2020-14846
  https://nvd.nist.gov/vuln/detail/CVE-2020-14846
[ 72 ] CVE-2020-14848
  https://nvd.nist.gov/vuln/detail/CVE-2020-14848
[ 73 ] CVE-2020-14852
  https://nvd.nist.gov/vuln/detail/CVE-2020-14852
[ 74 ] CVE-2020-14853
  https://nvd.nist.gov/vuln/detail/CVE-2020-14853
[ 75 ] CVE-2020-14860
  https://nvd.nist.gov/vuln/detail/CVE-2020-14860
[ 76 ] CVE-2020-14861
  https://nvd.nist.gov/vuln/detail/CVE-2020-14861
[ 77 ] CVE-2020-14866
  https://nvd.nist.gov/vuln/detail/CVE-2020-14866
[ 78 ] CVE-2020-14867
  https://nvd.nist.gov/vuln/detail/CVE-2020-14867
[ 79 ] CVE-2020-14868
  https://nvd.nist.gov/vuln/detail/CVE-2020-14868
[ 80 ] CVE-2020-14869
  https://nvd.nist.gov/vuln/detail/CVE-2020-14869
[ 81 ] CVE-2020-14870
  https://nvd.nist.gov/vuln/detail/CVE-2020-14870
[ 82 ] CVE-2020-14873
  https://nvd.nist.gov/vuln/detail/CVE-2020-14873
[ 83 ] CVE-2020-14878
  https://nvd.nist.gov/vuln/detail/CVE-2020-14878
[ 84 ] CVE-2020-14888
  https://nvd.nist.gov/vuln/detail/CVE-2020-14888
[ 85 ] CVE-2020-14891
  https://nvd.nist.gov/vuln/detail/CVE-2020-14891
[ 86 ] CVE-2020-14893
  https://nvd.nist.gov/vuln/detail/CVE-2020-14893
[ 87 ] CVE-2020-2570
  https://nvd.nist.gov/vuln/detail/CVE-2020-2570
[ 88 ] CVE-2020-2572
  https://nvd.nist.gov/vuln/detail/CVE-2020-2572
[ 89 ] CVE-2020-2573
  https://nvd.nist.gov/vuln/detail/CVE-2020-2573
[ 90 ] CVE-2020-2574
  https://nvd.nist.gov/vuln/detail/CVE-2020-2574
[ 91 ] CVE-2020-2577
  https://nvd.nist.gov/vuln/detail/CVE-2020-2577
[ 92 ] CVE-2020-2579
  https://nvd.nist.gov/vuln/detail/CVE-2020-2579
[ 93 ] CVE-2020-2580
  https://nvd.nist.gov/vuln/detail/CVE-2020-2580
[ 94 ] CVE-2020-2584
  https://nvd.nist.gov/vuln/detail/CVE-2020-2584
[ 95 ] CVE-2020-2588
  https://nvd.nist.gov/vuln/detail/CVE-2020-2588
[ 96 ] CVE-2020-2589
  https://nvd.nist.gov/vuln/detail/CVE-2020-2589
[ 97 ] CVE-2020-2627
  https://nvd.nist.gov/vuln/detail/CVE-2020-2627
[ 98 ] CVE-2020-2660
  https://nvd.nist.gov/vuln/detail/CVE-2020-2660
[ 99 ] CVE-2020-2679
  https://nvd.nist.gov/vuln/detail/CVE-2020-2679
[ 100 ] CVE-2020-2686
  https://nvd.nist.gov/vuln/detail/CVE-2020-2686
[ 101 ] CVE-2020-2694
  https://nvd.nist.gov/vuln/detail/CVE-2020-2694
[ 102 ] CVE-2020-2752
  https://nvd.nist.gov/vuln/detail/CVE-2020-2752
[ 103 ] CVE-2020-2759
  https://nvd.nist.gov/vuln/detail/CVE-2020-2759
[ 104 ] CVE-2020-2760
  https://nvd.nist.gov/vuln/detail/CVE-2020-2760
[ 105 ] CVE-2020-2761
  https://nvd.nist.gov/vuln/detail/CVE-2020-2761
[ 106 ] CVE-2020-2762
  https://nvd.nist.gov/vuln/detail/CVE-2020-2762
[ 107 ] CVE-2020-2763
  https://nvd.nist.gov/vuln/detail/CVE-2020-2763
[ 108 ] CVE-2020-2765
  https://nvd.nist.gov/vuln/detail/CVE-2020-2765
[ 109 ] CVE-2020-2768
  https://nvd.nist.gov/vuln/detail/CVE-2020-2768
[ 110 ] CVE-2020-2770
  https://nvd.nist.gov/vuln/detail/CVE-2020-2770
[ 111 ] CVE-2020-2774
  https://nvd.nist.gov/vuln/detail/CVE-2020-2774
[ 112 ] CVE-2020-2779
  https://nvd.nist.gov/vuln/detail/CVE-2020-2779
[ 113 ] CVE-2020-2780
  https://nvd.nist.gov/vuln/detail/CVE-2020-2780
[ 114 ] CVE-2020-2790
  https://nvd.nist.gov/vuln/detail/CVE-2020-2790
[ 115 ] CVE-2020-2804
  https://nvd.nist.gov/vuln/detail/CVE-2020-2804
[ 116 ] CVE-2020-2806
  https://nvd.nist.gov/vuln/detail/CVE-2020-2806
[ 117 ] CVE-2020-2812
  https://nvd.nist.gov/vuln/detail/CVE-2020-2812
[ 118 ] CVE-2020-2814
  https://nvd.nist.gov/vuln/detail/CVE-2020-2814
[ 119 ] CVE-2020-2853
  https://nvd.nist.gov/vuln/detail/CVE-2020-2853
[ 120 ] CVE-2020-2875
  https://nvd.nist.gov/vuln/detail/CVE-2020-2875
[ 121 ] CVE-2020-2892
  https://nvd.nist.gov/vuln/detail/CVE-2020-2892
[ 122 ] CVE-2020-2893
  https://nvd.nist.gov/vuln/detail/CVE-2020-2893
[ 123 ] CVE-2020-2895
  https://nvd.nist.gov/vuln/detail/CVE-2020-2895
[ 124 ] CVE-2020-2896
  https://nvd.nist.gov/vuln/detail/CVE-2020-2896
[ 125 ] CVE-2020-2897
  https://nvd.nist.gov/vuln/detail/CVE-2020-2897
[ 126 ] CVE-2020-2898
  https://nvd.nist.gov/vuln/detail/CVE-2020-2898
[ 127 ] CVE-2020-2901
  https://nvd.nist.gov/vuln/detail/CVE-2020-2901
[ 128 ] CVE-2020-2903
  https://nvd.nist.gov/vuln/detail/CVE-2020-2903
[ 129 ] CVE-2020-2904
  https://nvd.nist.gov/vuln/detail/CVE-2020-2904
[ 130 ] CVE-2020-2921
  https://nvd.nist.gov/vuln/detail/CVE-2020-2921
[ 131 ] CVE-2020-2922
  https://nvd.nist.gov/vuln/detail/CVE-2020-2922
[ 132 ] CVE-2020-2923
  https://nvd.nist.gov/vuln/detail/CVE-2020-2923
[ 133 ] CVE-2020-2924
  https://nvd.nist.gov/vuln/detail/CVE-2020-2924
[ 134 ] CVE-2020-2925
  https://nvd.nist.gov/vuln/detail/CVE-2020-2925
[ 135 ] CVE-2020-2926
  https://nvd.nist.gov/vuln/detail/CVE-2020-2926
[ 136 ] CVE-2020-2928
  https://nvd.nist.gov/vuln/detail/CVE-2020-2928
[ 137 ] CVE-2020-2930
  https://nvd.nist.gov/vuln/detail/CVE-2020-2930
[ 138 ] CVE-2020-2933
  https://nvd.nist.gov/vuln/detail/CVE-2020-2933
[ 139 ] CVE-2020-2934
  https://nvd.nist.gov/vuln/detail/CVE-2020-2934
[ 140 ] CVE-2021-1998
  https://nvd.nist.gov/vuln/detail/CVE-2021-1998
[ 141 ] CVE-2021-2001
  https://nvd.nist.gov/vuln/detail/CVE-2021-2001
[ 142 ] CVE-2021-2002
  https://nvd.nist.gov/vuln/detail/CVE-2021-2002
[ 143 ] CVE-2021-2006
  https://nvd.nist.gov/vuln/detail/CVE-2021-2006
[ 144 ] CVE-2021-2007
  https://nvd.nist.gov/vuln/detail/CVE-2021-2007
[ 145 ] CVE-2021-2009
  https://nvd.nist.gov/vuln/detail/CVE-2021-2009
[ 146 ] CVE-2021-2010
  https://nvd.nist.gov/vuln/detail/CVE-2021-2010
[ 147 ] CVE-2021-2011
  https://nvd.nist.gov/vuln/detail/CVE-2021-2011
[ 148 ] CVE-2021-2012
  https://nvd.nist.gov/vuln/detail/CVE-2021-2012
[ 149 ] CVE-2021-2014
  https://nvd.nist.gov/vuln/detail/CVE-2021-2014
[ 150 ] CVE-2021-2016
  https://nvd.nist.gov/vuln/detail/CVE-2021-2016
[ 151 ] CVE-2021-2019
  https://nvd.nist.gov/vuln/detail/CVE-2021-2019
[ 152 ] CVE-2021-2020
  https://nvd.nist.gov/vuln/detail/CVE-2021-2020
[ 153 ] CVE-2021-2021
  https://nvd.nist.gov/vuln/detail/CVE-2021-2021
[ 154 ] CVE-2021-2022
  https://nvd.nist.gov/vuln/detail/CVE-2021-2022
[ 155 ] CVE-2021-2024
  https://nvd.nist.gov/vuln/detail/CVE-2021-2024
[ 156 ] CVE-2021-2028
  https://nvd.nist.gov/vuln/detail/CVE-2021-2028
[ 157 ] CVE-2021-2030
  https://nvd.nist.gov/vuln/detail/CVE-2021-2030
[ 158 ] CVE-2021-2031
  https://nvd.nist.gov/vuln/detail/CVE-2021-2031
[ 159 ] CVE-2021-2032
  https://nvd.nist.gov/vuln/detail/CVE-2021-2032
[ 160 ] CVE-2021-2036
  https://nvd.nist.gov/vuln/detail/CVE-2021-2036
[ 161 ] CVE-2021-2038
  https://nvd.nist.gov/vuln/detail/CVE-2021-2038
[ 162 ] CVE-2021-2042
  https://nvd.nist.gov/vuln/detail/CVE-2021-2042
[ 163 ] CVE-2021-2046
  https://nvd.nist.gov/vuln/detail/CVE-2021-2046
[ 164 ] CVE-2021-2048
  https://nvd.nist.gov/vuln/detail/CVE-2021-2048
[ 165 ] CVE-2021-2055
  https://nvd.nist.gov/vuln/detail/CVE-2021-2055
[ 166 ] CVE-2021-2056
  https://nvd.nist.gov/vuln/detail/CVE-2021-2056
[ 167 ] CVE-2021-2058
  https://nvd.nist.gov/vuln/detail/CVE-2021-2058
[ 168 ] CVE-2021-2060
  https://nvd.nist.gov/vuln/detail/CVE-2021-2060
[ 169 ] CVE-2021-2061
  https://nvd.nist.gov/vuln/detail/CVE-2021-2061
[ 170 ] CVE-2021-2065
  https://nvd.nist.gov/vuln/detail/CVE-2021-2065
[ 171 ] CVE-2021-2070
  https://nvd.nist.gov/vuln/detail/CVE-2021-2070
[ 172 ] CVE-2021-2072
  https://nvd.nist.gov/vuln/detail/CVE-2021-2072
[ 173 ] CVE-2021-2076
  https://nvd.nist.gov/vuln/detail/CVE-2021-2076
[ 174 ] CVE-2021-2081
  https://nvd.nist.gov/vuln/detail/CVE-2021-2081
[ 175 ] CVE-2021-2087
  https://nvd.nist.gov/vuln/detail/CVE-2021-2087
[ 176 ] CVE-2021-2088
  https://nvd.nist.gov/vuln/detail/CVE-2021-2088
[ 177 ] CVE-2021-2122
  https://nvd.nist.gov/vuln/detail/CVE-2021-2122
[ 178 ] CVE-2021-2154
  https://nvd.nist.gov/vuln/detail/CVE-2021-2154
[ 179 ] CVE-2021-2166
  https://nvd.nist.gov/vuln/detail/CVE-2021-2166
[ 180 ] CVE-2021-2180
  https://nvd.nist.gov/vuln/detail/CVE-2021-2180

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/202105-27

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
  https://bugs.gentoo.org.

License
=======

Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

  https://creativecommons.org/licenses/by-sa/2.5