Bug 2142862 (CVE-2022-21595)
Summary: | CVE-2022-21595 mysql: C API unspecified vulnerability (CPU Oct 2022) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | databases-maint, dciabrin, eglynn, hhorak, jjoyce, jorton, lhh, ljavorsk, mbayer, mburns, mgarciac, mmuzila, mschorm, spower |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mysql 5.7.37, mysql 8.0.28, mariadb 10.7.2, mariadb 10.6.6, mariadb 10.5.14, mariadb 10.4.23, mariadb 10.3.33, mariadb 10.2.42 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-07 05:33:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2047907, 2047908, 2048163, 2048164, 2048165, 2055709, 2055710, 2055711, 2055712, 2055713, 2055714, 2068217, 2068219, 2078334, 2088294, 2090650, 2090651, 2095292, 2096273, 2101781, 2107051, 2107053 | ||
Bug Blocks: | 2142882 |
Description
Mauro Matteo Cascella
2022-11-15 11:28:13 UTC
The Oracle advisory states that this issue was fixed upstream in version 8.0.28. The mysql packages as shipped in following Red Hat products were previously updated to a version that contains the fix (8.0.30) via the following errata: mysql:8.0 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7119 rh-mysql80-mysql in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2022:6518 MariaDB upstream states that this issue was fixed in MariaDB versions 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6 and 10.7.2. The mariadb packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata: mariadb:10.3 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:6443 mariadb:10.5 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:5826 rh-mariadb103-mariadb in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2022:6306 rh-mariadb105-mariadb in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2022:5759 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-21595 |