Bug 1922382 (CVE-2021-2007)
| Summary: | CVE-2021-2007 mysql: C API unspecified vulnerability (CPU Jan 2021) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | damien.ciabrini, databases-maint, dbecker, dciabrin, hhorak, jjoyce, jorton, jschluet, lhh, ljavorsk, lpeer, mbayer, mburns, mkocka, mmuzila, mschorm, sclewis, slinaber, SpikeFedora |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | mysql 5.6.48, mysql 5.7.30, mysql 8.0.20, mariadb-connector-c 3.1.3, mariadb 5.5.65, mariadb 10.4.7, mariadb 10.3.17, mariadb 10.2.26, mariadb 10.1.41 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-11 22:10:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1741357, 1741358, 1830104, 1830105, 1830114, 1840654, 1874024, 1874027, 1874031, 1894120, 1899048, 1899049, 1899050, 1899051, 1909692, 1922446, 1922447, 1922456 | ||
| Bug Blocks: | 1922432 | ||
|
Description
msiddiqu
2021-01-29 16:46:48 UTC
Created mysql:5.7/community-mysql tracking bugs for this issue: Affects: fedora-32 [bug 1922456] Created mysql:8.0/community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1922447] Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1922446] The Oracle advisory states that this issue was fixed upstream in version 8.0.20. The mysql packages as shipped in Red Hat products were previously updated to a version that contains the fix via the following errata: rh-mysql80-mysql in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2020:3518 mysql:8.0 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2020:3732 mysql:8.0 module in Red Hat Enterprise Linux 8.1 Extended Update Support https://access.redhat.com/errata/RHSA-2020:3757 mysql:8.0 module in Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions https://access.redhat.com/errata/RHSA-2020:3755 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-2007 MariaDB upstream indicates that they corrected this issue in MariaDB versions 5.5.65, 10.1.41, 10.2.26, 10.3.17, and 10.4.7, as well as MariaDB Connector/C version 3.1.3. Therefore: * The mariadb:10.3 modules in Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions were updated to fixed version via these errata: https://access.redhat.com/errata/RHSA-2019:3708 https://access.redhat.com/errata/RHSA-2020:5663 * The mariadb-connector-c packages in Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions were updated to fixed version via these errata: https://access.redhat.com/errata/RHSA-2020:5503 https://access.redhat.com/errata/RHSA-2020:5655 https://access.redhat.com/errata/RHSA-2020:5660 https://access.redhat.com/errata/RHSA-2020:5662 * The mariadb packages in Red Hat Enterprise Linux 7 were updated to the fixed version via this erratum: https://access.redhat.com/errata/RHSA-2020:1100 * The rh-mariadb103-mariadb packages in Red Hat Software Collections were updated to the fixed version via this erratum: https://access.redhat.com/errata/RHSA-2020:5246 |