Bug 1951749 (CVE-2021-2144)
| Summary: | CVE-2021-2144 mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | damien.ciabrini, databases-maint, dbecker, dciabrin, hhorak, jjoyce, jorton, jschluet, lhh, ljavorsk, lpeer, mbayer, mburns, mkocka, mmuzila, mschorm, pkubat, sclewis, slinaber, SpikeFedora, thoger |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | mysql 5.7.30, mysql 8.0.20, mariadb 5.5.66, mariadb 10.4.9, mariadb 10.3.19, mariadb 10.2.28, mariadb 10.1.42 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-04-23 10:46:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1769273, 1769275, 1769276, 1830104, 1830105, 1874024, 1874027, 1874031, 1894116, 1899013, 1899014, 1899015, 1899016, 1951796 | ||
| Bug Blocks: | 1951805 | ||
|
Description
Pedro Sampaio
2021-04-20 20:11:25 UTC
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1951794] Created mysql:5.7/community-mysql tracking bugs for this issue: Affects: fedora-32 [bug 1951796] Created mysql:8.0/community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1951795] The Oracle advisory states that this issue was fixed upstream in version 8.0.20. The mysql packages as shipped in Red Hat products were previously updated to a version that contains the fix via the following errata: rh-mysql80-mysql in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2020:3518 mysql:8.0 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2020:3732 mysql:8.0 module in Red Hat Enterprise Linux 8.1 Extended Update Support https://access.redhat.com/errata/RHSA-2020:3757 mysql:8.0 module in Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions https://access.redhat.com/errata/RHSA-2020:3755 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-2144 MariaDB upstream indicates that this issue was fixed in MariaDB versions 5.5.66, 10.1.42, 10.2.28, 10.3.19, and 10.4.9 released in Nov 2019. The mariadb packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata: mariadb in Red Hat Enterprise Linux 7 https://access.redhat.com/errata/RHSA-2020:4026 mariadb:10.3 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2020:5500 mariadb:10.3 module in Red Hat Enterprise Linux 8.2 Extended Update Support https://access.redhat.com/errata/RHSA-2020:5654 mariadb:10.3 module in Red Hat Enterprise Linux 8.1 Extended Update Support https://access.redhat.com/errata/RHSA-2020:5665 mariadb:10.3 module in Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions https://access.redhat.com/errata/RHSA-2020:5663 rh-mariadb103-mariadb in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2020:5246 rh-mariadb102-mariadb in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2020:4174 Statement: In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP mysql package. |