Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. External References: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL
Created mysql:5.7/community-mysql tracking bugs for this issue: Affects: fedora-32 [bug 1922456]
Created mysql:8.0/community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1922447]
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1922446]
The Oracle advisory states that this issue was fixed upstream in version 8.0.20. The mysql packages as shipped in Red Hat products were previously updated to a version that contains the fix via the following errata: rh-mysql80-mysql in Red Hat Software Collections https://access.redhat.com/errata/RHSA-2020:3518 mysql:8.0 module in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2020:3732 mysql:8.0 module in Red Hat Enterprise Linux 8.1 Extended Update Support https://access.redhat.com/errata/RHSA-2020:3757 mysql:8.0 module in Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions https://access.redhat.com/errata/RHSA-2020:3755
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-2007
MariaDB upstream indicates that they corrected this issue in MariaDB versions 5.5.65, 10.1.41, 10.2.26, 10.3.17, and 10.4.7, as well as MariaDB Connector/C version 3.1.3. Therefore: * The mariadb:10.3 modules in Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions were updated to fixed version via these errata: https://access.redhat.com/errata/RHSA-2019:3708 https://access.redhat.com/errata/RHSA-2020:5663 * The mariadb-connector-c packages in Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions were updated to fixed version via these errata: https://access.redhat.com/errata/RHSA-2020:5503 https://access.redhat.com/errata/RHSA-2020:5655 https://access.redhat.com/errata/RHSA-2020:5660 https://access.redhat.com/errata/RHSA-2020:5662 * The mariadb packages in Red Hat Enterprise Linux 7 were updated to the fixed version via this erratum: https://access.redhat.com/errata/RHSA-2020:1100 * The rh-mariadb103-mariadb packages in Red Hat Software Collections were updated to the fixed version via this erratum: https://access.redhat.com/errata/RHSA-2020:5246