Bug 2196534 - CVE-2023-21911 CVE-2023-21919 CVE-2023-21920 CVE-2023-21929 CVE-2023-21933 CVE-2023-21935 CVE-2023-21940 CVE-2023-21945 CVE-2023-21946 CVE-2023-21947 CVE-2023-21953 CVE-2023-21955 CVE-2023-21962 ... community-mysql: various flaws [fedora-all]
Summary: CVE-2023-21911 CVE-2023-21919 CVE-2023-21920 CVE-2023-21929 CVE-2023-21933 CV...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: community-mysql
Version: 38
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Michal Schorm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2023-21911 CVE-2023-21919 CVE-2023-21920 CVE-2023-21929 CVE-2023-21933 CVE-2023-21935 CVE-2023-21940 CVE-2023-21945 CVE-2023-21946 CVE-2023-21947 CVE-2023-21953 CVE-2023-21955 CVE-2023-21962 CVE-2023-21966 CVE-2023-21972 CVE-2023-21976 CVE-2023-21977 CVE-2023-21980 CVE-2023-21982 CVE-2023-22007
TreeView+ depends on / blocked
 
Reported: 2023-05-09 12:32 UTC by Mauro Matteo Cascella
Modified: 2023-08-14 14:21 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-05-09 12:32:22 UTC 
More information about these security flaws is available in the following bugs:

http://bugzilla.redhat.com/show_bug.cgi?id=2188132
http://bugzilla.redhat.com/show_bug.cgi?id=2188122
http://bugzilla.redhat.com/show_bug.cgi?id=2188118
http://bugzilla.redhat.com/show_bug.cgi?id=2188127
http://bugzilla.redhat.com/show_bug.cgi?id=2188131
http://bugzilla.redhat.com/show_bug.cgi?id=2188120
http://bugzilla.redhat.com/show_bug.cgi?id=2188119
http://bugzilla.redhat.com/show_bug.cgi?id=2188121
http://bugzilla.redhat.com/show_bug.cgi?id=2188109
http://bugzilla.redhat.com/show_bug.cgi?id=2188130
http://bugzilla.redhat.com/show_bug.cgi?id=2188125
http://bugzilla.redhat.com/show_bug.cgi?id=2188115
http://bugzilla.redhat.com/show_bug.cgi?id=2188129
http://bugzilla.redhat.com/show_bug.cgi?id=2188124
http://bugzilla.redhat.com/show_bug.cgi?id=2188128
http://bugzilla.redhat.com/show_bug.cgi?id=2188117
http://bugzilla.redhat.com/show_bug.cgi?id=2188123
http://bugzilla.redhat.com/show_bug.cgi?id=2188116
http://bugzilla.redhat.com/show_bug.cgi?id=2188113

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Comment 1 Mauro Matteo Cascella 2023-05-09 12:32:24 UTC 
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=medium

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=2188109,2188113,2188115,2188116,2188117,2188118,2188119,2188120,2188121,2188122,2188123,2188124,2188125,2188127,2188128,2188129,2188130,2188131,2188132,2196534

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new
Comment 2 Mauro Matteo Cascella 2023-05-09 18:44:45 UTC 
Fixed upstream in version 8.0.33.
Comment 3 Mauro Matteo Cascella 2023-08-14 14:21:21 UTC 
Adding CVE-2023-22007, also fixed in 8.0.33, from Jul 2023 CPU: https://www.oracle.com/security-alerts/cpujul2023.html#AppendixMSQL
Note You need to log in before you can comment on or make changes to this bug.