Bug 2162321 - CVE-2023-21836 CVE-2023-21863 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CVE-2023-21870 CVE-2023-21871 CVE-2023-21873 CVE-2023-21875 CVE-2023-21876 CVE-2023-21877 CVE-2023-21878 CVE-2023-21879 ... mysql:8.0/community-mysql: various flaws [fedora-all]
Summary: CVE-2023-21836 CVE-2023-21863 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CV...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: community-mysql
Version: 37
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Michal Schorm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2023-22015 CVE-2023-22026 CVE-2023-22028 CVE-2023-21836 CVE-2023-21863 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CVE-2023-21870 CVE-2023-21871 CVE-2023-21873 CVE-2023-21875 CVE-2023-21876 CVE-2023-21877 CVE-2023-21878 CVE-2023-21879 CVE-2023-21880 CVE-2023-21881 CVE-2023-21882 CVE-2023-21883 CVE-2023-21887 CVE-2023-21913 CVE-2023-21963
TreeView+ depends on / blocked
 
Reported: 2023-01-19 10:59 UTC by Mauro Matteo Cascella
Modified: 2023-10-30 09:29 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-09-16 00:21:02 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Comment 1 Mauro Matteo Cascella 2023-01-19 10:59:10 UTC
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=medium

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=2162268,2162270,2162274,2162275,2162276,2162277,2162278,2162280,2162282,2162283,2162284,2162285,2162286,2162287,2162288,2162289,2162290,2162291,2162321

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new

Comment 2 Mauro Matteo Cascella 2023-01-19 11:07:31 UTC
These CVEs were fixed upstream in MySQL 8.0.32 (Oracle CPU Jan 2023).

https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL

Comment 3 Mauro Matteo Cascella 2023-05-09 12:53:52 UTC
Adding CVE-2023-21913 and CVE-2023-21963 - these CVEs were covered in Apr 2023 CPU [1] and listed as fixed in 8.0.32.

[1] https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL

Comment 4 Fedora Update System 2023-09-07 10:08:46 UTC
FEDORA-MODULAR-2023-8110bc5325 has been submitted as an update to Fedora 37 Modular. https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2023-8110bc5325

Comment 5 Fedora Update System 2023-09-07 10:08:56 UTC
FEDORA-MODULAR-2023-5b8a7bde59 has been submitted as an update to Fedora 38 Modular. https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2023-5b8a7bde59

Comment 6 Fedora Update System 2023-09-08 01:35:14 UTC
FEDORA-MODULAR-2023-8110bc5325 has been pushed to the Fedora 37 Modular testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2023-8110bc5325

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2023-09-08 01:39:23 UTC
FEDORA-MODULAR-2023-5b8a7bde59 has been pushed to the Fedora 38 Modular testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2023-5b8a7bde59

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2023-09-16 00:21:02 UTC
FEDORA-MODULAR-2023-8110bc5325 has been pushed to the Fedora 37 Modular stable repository.
If problem still persists, please make note of it in this bug report.

Comment 9 Fedora Update System 2023-09-16 00:28:37 UTC
FEDORA-MODULAR-2023-5b8a7bde59 has been pushed to the Fedora 38 Modular stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Mauro Matteo Cascella 2023-10-30 09:29:12 UTC
Adding CVE-2023-22015, CVE-2023-22026, CVE-2023-22028 - these CVEs were covered in Oct 2023 CPU [1] and listed as fixed in 8.0.32.

[1] https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL


Note You need to log in before you can comment on or make changes to this bug.