- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Multiple vulnerabilities Date: May 26, 2021 Bugs: #699876, #708090, #717628, #732974, #766339, #789243 ID: 202105-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in MySQL, the worst of which could result in the arbitrary execution of code. Background ========== MySQL is a popular multi-threaded, multi-user SQL server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 8.0.24 >= 5.7.34:5.7 >= 8.0.24 2 dev-db/mysql-connector-c < 8.0.24 >= 8.0.24 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact ====== An attacker could possibly execute arbitrary code with the privileges of the process, escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.34" All mysql users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-8.0.24" References ========== [ 1 ] CVE-2019-2938 https://nvd.nist.gov/vuln/detail/CVE-2019-2938 [ 2 ] CVE-2019-2974 https://nvd.nist.gov/vuln/detail/CVE-2019-2974 [ 3 ] CVE-2020-14539 https://nvd.nist.gov/vuln/detail/CVE-2020-14539 [ 4 ] CVE-2020-14540 https://nvd.nist.gov/vuln/detail/CVE-2020-14540 [ 5 ] CVE-2020-14547 https://nvd.nist.gov/vuln/detail/CVE-2020-14547 [ 6 ] CVE-2020-14550 https://nvd.nist.gov/vuln/detail/CVE-2020-14550 [ 7 ] CVE-2020-14553 https://nvd.nist.gov/vuln/detail/CVE-2020-14553 [ 8 ] CVE-2020-14559 https://nvd.nist.gov/vuln/detail/CVE-2020-14559 [ 9 ] CVE-2020-14564 https://nvd.nist.gov/vuln/detail/CVE-2020-14564 [ 10 ] CVE-2020-14567 https://nvd.nist.gov/vuln/detail/CVE-2020-14567 [ 11 ] CVE-2020-14568 https://nvd.nist.gov/vuln/detail/CVE-2020-14568 [ 12 ] CVE-2020-14575 https://nvd.nist.gov/vuln/detail/CVE-2020-14575 [ 13 ] CVE-2020-14576 https://nvd.nist.gov/vuln/detail/CVE-2020-14576 [ 14 ] CVE-2020-14586 https://nvd.nist.gov/vuln/detail/CVE-2020-14586 [ 15 ] CVE-2020-14591 https://nvd.nist.gov/vuln/detail/CVE-2020-14591 [ 16 ] CVE-2020-14597 https://nvd.nist.gov/vuln/detail/CVE-2020-14597 [ 17 ] CVE-2020-14614 https://nvd.nist.gov/vuln/detail/CVE-2020-14614 [ 18 ] CVE-2020-14619 https://nvd.nist.gov/vuln/detail/CVE-2020-14619 [ 19 ] CVE-2020-14620 https://nvd.nist.gov/vuln/detail/CVE-2020-14620 [ 20 ] CVE-2020-14623 https://nvd.nist.gov/vuln/detail/CVE-2020-14623 [ 21 ] CVE-2020-14624 https://nvd.nist.gov/vuln/detail/CVE-2020-14624 [ 22 ] CVE-2020-14626 https://nvd.nist.gov/vuln/detail/CVE-2020-14626 [ 23 ] CVE-2020-14631 https://nvd.nist.gov/vuln/detail/CVE-2020-14631 [ 24 ] CVE-2020-14632 https://nvd.nist.gov/vuln/detail/CVE-2020-14632 [ 25 ] CVE-2020-14633 https://nvd.nist.gov/vuln/detail/CVE-2020-14633 [ 26 ] CVE-2020-14634 https://nvd.nist.gov/vuln/detail/CVE-2020-14634 [ 27 ] CVE-2020-14641 https://nvd.nist.gov/vuln/detail/CVE-2020-14641 [ 28 ] CVE-2020-14643 https://nvd.nist.gov/vuln/detail/CVE-2020-14643 [ 29 ] CVE-2020-14651 https://nvd.nist.gov/vuln/detail/CVE-2020-14651 [ 30 ] CVE-2020-14654 https://nvd.nist.gov/vuln/detail/CVE-2020-14654 [ 31 ] CVE-2020-14656 https://nvd.nist.gov/vuln/detail/CVE-2020-14656 [ 32 ] CVE-2020-14663 https://nvd.nist.gov/vuln/detail/CVE-2020-14663 [ 33 ] CVE-2020-14672 https://nvd.nist.gov/vuln/detail/CVE-2020-14672 [ 34 ] CVE-2020-14678 https://nvd.nist.gov/vuln/detail/CVE-2020-14678 [ 35 ] CVE-2020-14680 https://nvd.nist.gov/vuln/detail/CVE-2020-14680 [ 36 ] CVE-2020-14697 https://nvd.nist.gov/vuln/detail/CVE-2020-14697 [ 37 ] CVE-2020-14702 https://nvd.nist.gov/vuln/detail/CVE-2020-14702 [ 38 ] CVE-2020-14725 https://nvd.nist.gov/vuln/detail/CVE-2020-14725 [ 39 ] CVE-2020-14760 https://nvd.nist.gov/vuln/detail/CVE-2020-14760 [ 40 ] CVE-2020-14765 https://nvd.nist.gov/vuln/detail/CVE-2020-14765 [ 41 ] CVE-2020-14769 https://nvd.nist.gov/vuln/detail/CVE-2020-14769 [ 42 ] CVE-2020-14771 https://nvd.nist.gov/vuln/detail/CVE-2020-14771 [ 43 ] CVE-2020-14773 https://nvd.nist.gov/vuln/detail/CVE-2020-14773 [ 44 ] CVE-2020-14775 https://nvd.nist.gov/vuln/detail/CVE-2020-14775 [ 45 ] CVE-2020-14776 https://nvd.nist.gov/vuln/detail/CVE-2020-14776 [ 46 ] CVE-2020-14777 https://nvd.nist.gov/vuln/detail/CVE-2020-14777 [ 47 ] CVE-2020-14785 https://nvd.nist.gov/vuln/detail/CVE-2020-14785 [ 48 ] CVE-2020-14786 https://nvd.nist.gov/vuln/detail/CVE-2020-14786 [ 49 ] CVE-2020-14789 https://nvd.nist.gov/vuln/detail/CVE-2020-14789 [ 50 ] CVE-2020-14790 https://nvd.nist.gov/vuln/detail/CVE-2020-14790 [ 51 ] CVE-2020-14791 https://nvd.nist.gov/vuln/detail/CVE-2020-14791 [ 52 ] CVE-2020-14793 https://nvd.nist.gov/vuln/detail/CVE-2020-14793 [ 53 ] CVE-2020-14794 https://nvd.nist.gov/vuln/detail/CVE-2020-14794 [ 54 ] CVE-2020-14799 https://nvd.nist.gov/vuln/detail/CVE-2020-14799 [ 55 ] CVE-2020-14800 https://nvd.nist.gov/vuln/detail/CVE-2020-14800 [ 56 ] CVE-2020-14804 https://nvd.nist.gov/vuln/detail/CVE-2020-14804 [ 57 ] CVE-2020-14809 https://nvd.nist.gov/vuln/detail/CVE-2020-14809 [ 58 ] CVE-2020-14812 https://nvd.nist.gov/vuln/detail/CVE-2020-14812 [ 59 ] CVE-2020-14814 https://nvd.nist.gov/vuln/detail/CVE-2020-14814 [ 60 ] CVE-2020-14821 https://nvd.nist.gov/vuln/detail/CVE-2020-14821 [ 61 ] CVE-2020-14827 https://nvd.nist.gov/vuln/detail/CVE-2020-14827 [ 62 ] CVE-2020-14828 https://nvd.nist.gov/vuln/detail/CVE-2020-14828 [ 63 ] CVE-2020-14829 https://nvd.nist.gov/vuln/detail/CVE-2020-14829 [ 64 ] CVE-2020-14830 https://nvd.nist.gov/vuln/detail/CVE-2020-14830 [ 65 ] CVE-2020-14836 https://nvd.nist.gov/vuln/detail/CVE-2020-14836 [ 66 ] CVE-2020-14837 https://nvd.nist.gov/vuln/detail/CVE-2020-14837 [ 67 ] CVE-2020-14838 https://nvd.nist.gov/vuln/detail/CVE-2020-14838 [ 68 ] CVE-2020-14839 https://nvd.nist.gov/vuln/detail/CVE-2020-14839 [ 69 ] CVE-2020-14844 https://nvd.nist.gov/vuln/detail/CVE-2020-14844 [ 70 ] CVE-2020-14845 https://nvd.nist.gov/vuln/detail/CVE-2020-14845 [ 71 ] CVE-2020-14846 https://nvd.nist.gov/vuln/detail/CVE-2020-14846 [ 72 ] CVE-2020-14848 https://nvd.nist.gov/vuln/detail/CVE-2020-14848 [ 73 ] CVE-2020-14852 https://nvd.nist.gov/vuln/detail/CVE-2020-14852 [ 74 ] CVE-2020-14853 https://nvd.nist.gov/vuln/detail/CVE-2020-14853 [ 75 ] CVE-2020-14860 https://nvd.nist.gov/vuln/detail/CVE-2020-14860 [ 76 ] CVE-2020-14861 https://nvd.nist.gov/vuln/detail/CVE-2020-14861 [ 77 ] CVE-2020-14866 https://nvd.nist.gov/vuln/detail/CVE-2020-14866 [ 78 ] CVE-2020-14867 https://nvd.nist.gov/vuln/detail/CVE-2020-14867 [ 79 ] CVE-2020-14868 https://nvd.nist.gov/vuln/detail/CVE-2020-14868 [ 80 ] CVE-2020-14869 https://nvd.nist.gov/vuln/detail/CVE-2020-14869 [ 81 ] CVE-2020-14870 https://nvd.nist.gov/vuln/detail/CVE-2020-14870 [ 82 ] CVE-2020-14873 https://nvd.nist.gov/vuln/detail/CVE-2020-14873 [ 83 ] CVE-2020-14878 https://nvd.nist.gov/vuln/detail/CVE-2020-14878 [ 84 ] CVE-2020-14888 https://nvd.nist.gov/vuln/detail/CVE-2020-14888 [ 85 ] CVE-2020-14891 https://nvd.nist.gov/vuln/detail/CVE-2020-14891 [ 86 ] CVE-2020-14893 https://nvd.nist.gov/vuln/detail/CVE-2020-14893 [ 87 ] CVE-2020-2570 https://nvd.nist.gov/vuln/detail/CVE-2020-2570 [ 88 ] CVE-2020-2572 https://nvd.nist.gov/vuln/detail/CVE-2020-2572 [ 89 ] CVE-2020-2573 https://nvd.nist.gov/vuln/detail/CVE-2020-2573 [ 90 ] CVE-2020-2574 https://nvd.nist.gov/vuln/detail/CVE-2020-2574 [ 91 ] CVE-2020-2577 https://nvd.nist.gov/vuln/detail/CVE-2020-2577 [ 92 ] CVE-2020-2579 https://nvd.nist.gov/vuln/detail/CVE-2020-2579 [ 93 ] CVE-2020-2580 https://nvd.nist.gov/vuln/detail/CVE-2020-2580 [ 94 ] CVE-2020-2584 https://nvd.nist.gov/vuln/detail/CVE-2020-2584 [ 95 ] CVE-2020-2588 https://nvd.nist.gov/vuln/detail/CVE-2020-2588 [ 96 ] CVE-2020-2589 https://nvd.nist.gov/vuln/detail/CVE-2020-2589 [ 97 ] CVE-2020-2627 https://nvd.nist.gov/vuln/detail/CVE-2020-2627 [ 98 ] CVE-2020-2660 https://nvd.nist.gov/vuln/detail/CVE-2020-2660 [ 99 ] CVE-2020-2679 https://nvd.nist.gov/vuln/detail/CVE-2020-2679 [ 100 ] CVE-2020-2686 https://nvd.nist.gov/vuln/detail/CVE-2020-2686 [ 101 ] CVE-2020-2694 https://nvd.nist.gov/vuln/detail/CVE-2020-2694 [ 102 ] CVE-2020-2752 https://nvd.nist.gov/vuln/detail/CVE-2020-2752 [ 103 ] CVE-2020-2759 https://nvd.nist.gov/vuln/detail/CVE-2020-2759 [ 104 ] CVE-2020-2760 https://nvd.nist.gov/vuln/detail/CVE-2020-2760 [ 105 ] CVE-2020-2761 https://nvd.nist.gov/vuln/detail/CVE-2020-2761 [ 106 ] CVE-2020-2762 https://nvd.nist.gov/vuln/detail/CVE-2020-2762 [ 107 ] CVE-2020-2763 https://nvd.nist.gov/vuln/detail/CVE-2020-2763 [ 108 ] CVE-2020-2765 https://nvd.nist.gov/vuln/detail/CVE-2020-2765 [ 109 ] CVE-2020-2768 https://nvd.nist.gov/vuln/detail/CVE-2020-2768 [ 110 ] CVE-2020-2770 https://nvd.nist.gov/vuln/detail/CVE-2020-2770 [ 111 ] CVE-2020-2774 https://nvd.nist.gov/vuln/detail/CVE-2020-2774 [ 112 ] CVE-2020-2779 https://nvd.nist.gov/vuln/detail/CVE-2020-2779 [ 113 ] CVE-2020-2780 https://nvd.nist.gov/vuln/detail/CVE-2020-2780 [ 114 ] CVE-2020-2790 https://nvd.nist.gov/vuln/detail/CVE-2020-2790 [ 115 ] CVE-2020-2804 https://nvd.nist.gov/vuln/detail/CVE-2020-2804 [ 116 ] CVE-2020-2806 https://nvd.nist.gov/vuln/detail/CVE-2020-2806 [ 117 ] CVE-2020-2812 https://nvd.nist.gov/vuln/detail/CVE-2020-2812 [ 118 ] CVE-2020-2814 https://nvd.nist.gov/vuln/detail/CVE-2020-2814 [ 119 ] CVE-2020-2853 https://nvd.nist.gov/vuln/detail/CVE-2020-2853 [ 120 ] CVE-2020-2875 https://nvd.nist.gov/vuln/detail/CVE-2020-2875 [ 121 ] CVE-2020-2892 https://nvd.nist.gov/vuln/detail/CVE-2020-2892 [ 122 ] CVE-2020-2893 https://nvd.nist.gov/vuln/detail/CVE-2020-2893 [ 123 ] CVE-2020-2895 https://nvd.nist.gov/vuln/detail/CVE-2020-2895 [ 124 ] CVE-2020-2896 https://nvd.nist.gov/vuln/detail/CVE-2020-2896 [ 125 ] CVE-2020-2897 https://nvd.nist.gov/vuln/detail/CVE-2020-2897 [ 126 ] CVE-2020-2898 https://nvd.nist.gov/vuln/detail/CVE-2020-2898 [ 127 ] CVE-2020-2901 https://nvd.nist.gov/vuln/detail/CVE-2020-2901 [ 128 ] CVE-2020-2903 https://nvd.nist.gov/vuln/detail/CVE-2020-2903 [ 129 ] CVE-2020-2904 https://nvd.nist.gov/vuln/detail/CVE-2020-2904 [ 130 ] CVE-2020-2921 https://nvd.nist.gov/vuln/detail/CVE-2020-2921 [ 131 ] CVE-2020-2922 https://nvd.nist.gov/vuln/detail/CVE-2020-2922 [ 132 ] CVE-2020-2923 https://nvd.nist.gov/vuln/detail/CVE-2020-2923 [ 133 ] CVE-2020-2924 https://nvd.nist.gov/vuln/detail/CVE-2020-2924 [ 134 ] CVE-2020-2925 https://nvd.nist.gov/vuln/detail/CVE-2020-2925 [ 135 ] CVE-2020-2926 https://nvd.nist.gov/vuln/detail/CVE-2020-2926 [ 136 ] CVE-2020-2928 https://nvd.nist.gov/vuln/detail/CVE-2020-2928 [ 137 ] CVE-2020-2930 https://nvd.nist.gov/vuln/detail/CVE-2020-2930 [ 138 ] CVE-2020-2933 https://nvd.nist.gov/vuln/detail/CVE-2020-2933 [ 139 ] CVE-2020-2934 https://nvd.nist.gov/vuln/detail/CVE-2020-2934 [ 140 ] CVE-2021-1998 https://nvd.nist.gov/vuln/detail/CVE-2021-1998 [ 141 ] CVE-2021-2001 https://nvd.nist.gov/vuln/detail/CVE-2021-2001 [ 142 ] CVE-2021-2002 https://nvd.nist.gov/vuln/detail/CVE-2021-2002 [ 143 ] CVE-2021-2006 https://nvd.nist.gov/vuln/detail/CVE-2021-2006 [ 144 ] CVE-2021-2007 https://nvd.nist.gov/vuln/detail/CVE-2021-2007 [ 145 ] CVE-2021-2009 https://nvd.nist.gov/vuln/detail/CVE-2021-2009 [ 146 ] CVE-2021-2010 https://nvd.nist.gov/vuln/detail/CVE-2021-2010 [ 147 ] CVE-2021-2011 https://nvd.nist.gov/vuln/detail/CVE-2021-2011 [ 148 ] CVE-2021-2012 https://nvd.nist.gov/vuln/detail/CVE-2021-2012 [ 149 ] CVE-2021-2014 https://nvd.nist.gov/vuln/detail/CVE-2021-2014 [ 150 ] CVE-2021-2016 https://nvd.nist.gov/vuln/detail/CVE-2021-2016 [ 151 ] CVE-2021-2019 https://nvd.nist.gov/vuln/detail/CVE-2021-2019 [ 152 ] CVE-2021-2020 https://nvd.nist.gov/vuln/detail/CVE-2021-2020 [ 153 ] CVE-2021-2021 https://nvd.nist.gov/vuln/detail/CVE-2021-2021 [ 154 ] CVE-2021-2022 https://nvd.nist.gov/vuln/detail/CVE-2021-2022 [ 155 ] CVE-2021-2024 https://nvd.nist.gov/vuln/detail/CVE-2021-2024 [ 156 ] CVE-2021-2028 https://nvd.nist.gov/vuln/detail/CVE-2021-2028 [ 157 ] CVE-2021-2030 https://nvd.nist.gov/vuln/detail/CVE-2021-2030 [ 158 ] CVE-2021-2031 https://nvd.nist.gov/vuln/detail/CVE-2021-2031 [ 159 ] CVE-2021-2032 https://nvd.nist.gov/vuln/detail/CVE-2021-2032 [ 160 ] CVE-2021-2036 https://nvd.nist.gov/vuln/detail/CVE-2021-2036 [ 161 ] CVE-2021-2038 https://nvd.nist.gov/vuln/detail/CVE-2021-2038 [ 162 ] CVE-2021-2042 https://nvd.nist.gov/vuln/detail/CVE-2021-2042 [ 163 ] CVE-2021-2046 https://nvd.nist.gov/vuln/detail/CVE-2021-2046 [ 164 ] CVE-2021-2048 https://nvd.nist.gov/vuln/detail/CVE-2021-2048 [ 165 ] CVE-2021-2055 https://nvd.nist.gov/vuln/detail/CVE-2021-2055 [ 166 ] CVE-2021-2056 https://nvd.nist.gov/vuln/detail/CVE-2021-2056 [ 167 ] CVE-2021-2058 https://nvd.nist.gov/vuln/detail/CVE-2021-2058 [ 168 ] CVE-2021-2060 https://nvd.nist.gov/vuln/detail/CVE-2021-2060 [ 169 ] CVE-2021-2061 https://nvd.nist.gov/vuln/detail/CVE-2021-2061 [ 170 ] CVE-2021-2065 https://nvd.nist.gov/vuln/detail/CVE-2021-2065 [ 171 ] CVE-2021-2070 https://nvd.nist.gov/vuln/detail/CVE-2021-2070 [ 172 ] CVE-2021-2072 https://nvd.nist.gov/vuln/detail/CVE-2021-2072 [ 173 ] CVE-2021-2076 https://nvd.nist.gov/vuln/detail/CVE-2021-2076 [ 174 ] CVE-2021-2081 https://nvd.nist.gov/vuln/detail/CVE-2021-2081 [ 175 ] CVE-2021-2087 https://nvd.nist.gov/vuln/detail/CVE-2021-2087 [ 176 ] CVE-2021-2088 https://nvd.nist.gov/vuln/detail/CVE-2021-2088 [ 177 ] CVE-2021-2122 https://nvd.nist.gov/vuln/detail/CVE-2021-2122 [ 178 ] CVE-2021-2154 https://nvd.nist.gov/vuln/detail/CVE-2021-2154 [ 179 ] CVE-2021-2166 https://nvd.nist.gov/vuln/detail/CVE-2021-2166 [ 180 ] CVE-2021-2180 https://nvd.nist.gov/vuln/detail/CVE-2021-2180 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-27 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5