RHBA-2024:2629 - Bug Fix Advisory

Topic

Updated rhscl/mysql-80-rhel7 container image is now available for Red Hat Software Collections for Red Hat Enterprise Linux 7.

Description

The rhscl/mysql-80-rhel7 container image has been updated for Red Hat Software Collections for Red Hat Enterprise Linux 7 to address the following security advisory: RHSA-2024:2619 (see References)

Users of rhscl/mysql-80-rhel7 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Software Collections for Red Hat Enterprise Linux 7 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le

Fixes

• BZ - 2179864 - CVE-2022-4899 zstd: mysql: buffer overrun in util.c
• BZ - 2188109 - CVE-2023-21911 mysql: InnoDB unspecified vulnerability (CPU Apr 2023)
• BZ - 2188113 - CVE-2023-21919 mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
• BZ - 2188115 - CVE-2023-21920 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2188116 - CVE-2023-21929 mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
• BZ - 2188117 - CVE-2023-21933 mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
• BZ - 2188118 - CVE-2023-21935 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2188119 - CVE-2023-21940 mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023)
• BZ - 2188120 - CVE-2023-21945 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2188121 - CVE-2023-21946 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2188122 - CVE-2023-21947 mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023)
• BZ - 2188123 - CVE-2023-21953 mysql: Server: Partition unspecified vulnerability (CPU Apr 2023)
• BZ - 2188124 - CVE-2023-21955 mysql: Server: Partition unspecified vulnerability (CPU Apr 2023)
• BZ - 2188125 - CVE-2023-21962 mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023)
• BZ - 2188127 - CVE-2023-21966 mysql: Server: JSON unspecified vulnerability (CPU Apr 2023)
• BZ - 2188128 - CVE-2023-21972 mysql: Server: DML unspecified vulnerability (CPU Apr 2023)
• BZ - 2188129 - CVE-2023-21976 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2188130 - CVE-2023-21977 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2188131 - CVE-2023-21980 mysql: Client programs unspecified vulnerability (CPU Apr 2023)
• BZ - 2188132 - CVE-2023-21982 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
• BZ - 2224211 - CVE-2023-22005 mysql: Server: Replication unspecified vulnerability (CPU Jul 2023)
• BZ - 2224212 - CVE-2023-22007 mysql: Server: Replication unspecified vulnerability (CPU Jul 2023)
• BZ - 2224213 - CVE-2023-22008 mysql: InnoDB unspecified vulnerability (CPU Jul 2023)
• BZ - 2224214 - CVE-2023-22033 mysql: InnoDB unspecified vulnerability (CPU Jul 2023)
• BZ - 2224215 - CVE-2023-22038 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)
• BZ - 2224216 - CVE-2023-22046 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023)
• BZ - 2224217 - CVE-2023-22048 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023)
• BZ - 2224218 - CVE-2023-22053 mysql: Client programs unspecified vulnerability (CPU Jul 2023)
• BZ - 2224219 - CVE-2023-22054 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023)
• BZ - 2224220 - CVE-2023-22056 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023)
• BZ - 2224221 - CVE-2023-22057 mysql: Server: Replication unspecified vulnerability (CPU Jul 2023)
• BZ - 2224222 - CVE-2023-22058 mysql: Server: DDL unspecified vulnerability (CPU Jul 2023)
• BZ - 2245014 - CVE-2023-22032 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245015 - CVE-2023-22059 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245016 - CVE-2023-22064 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245017 - CVE-2023-22065 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245018 - CVE-2023-22066 mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
• BZ - 2245019 - CVE-2023-22068 mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
• BZ - 2245020 - CVE-2023-22070 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245021 - CVE-2023-22078 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245022 - CVE-2023-22079 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245023 - CVE-2023-22084 mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
• BZ - 2245024 - CVE-2023-22092 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245026 - CVE-2023-22097 mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
• BZ - 2245027 - CVE-2023-22103 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245028 - CVE-2023-22104 mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
• BZ - 2245029 - CVE-2023-22110 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245030 - CVE-2023-22111 mysql: Server: UDF unspecified vulnerability (CPU Oct 2023)
• BZ - 2245031 - CVE-2023-22112 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)
• BZ - 2245032 - CVE-2023-22113 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023)
• BZ - 2245033 - CVE-2023-22114 mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
• BZ - 2245034 - CVE-2023-22115 mysql: Server: DML unspecified vulnerability (CPU Oct 2023)
• BZ - 2258771 - CVE-2024-20960 mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024)
• BZ - 2258772 - CVE-2024-20961 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258773 - CVE-2024-20962 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258774 - CVE-2024-20963 mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024)
• BZ - 2258775 - CVE-2024-20964 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024)
• BZ - 2258776 - CVE-2024-20965 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258777 - CVE-2024-20966 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258778 - CVE-2024-20967 mysql: Server: Replication unspecified vulnerability (CPU Jan 2024)
• BZ - 2258779 - CVE-2024-20968 mysql: Server: Options unspecified vulnerability (CPU Jan 2024)
• BZ - 2258780 - CVE-2024-20969 mysql: Server: DDL unspecified vulnerability (CPU Jan 2024)
• BZ - 2258781 - CVE-2024-20970 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258782 - CVE-2024-20971 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258783 - CVE-2024-20972 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258784 - CVE-2024-20973 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258785 - CVE-2024-20974 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258787 - CVE-2024-20976 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258788 - CVE-2024-20977 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258789 - CVE-2024-20978 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258790 - CVE-2024-20981 mysql: Server: DDL unspecified vulnerability (CPU Jan 2024)
• BZ - 2258791 - CVE-2024-20982 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
• BZ - 2258792 - CVE-2024-20983 mysql: Server: DML unspecified vulnerability (CPU Jan 2024)
• BZ - 2258793 - CVE-2024-20984 mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024)
• BZ - 2258794 - CVE-2024-20985 mysql: Server: UDF unspecified vulnerability (CPU Jan 2024)
• BZ - 2275428 - CVE-2024-20993 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2024)
• BZ - 2275435 - CVE-2024-21015 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275437 - CVE-2024-21049 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275438 - CVE-2024-21050 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275439 - CVE-2024-21051 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275440 - CVE-2024-21052 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275441 - CVE-2024-21053 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275444 - CVE-2024-21055 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2024)
• BZ - 2275445 - CVE-2024-21056 mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
• BZ - 2275446 - CVE-2024-21057 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2024)
• BZ - 2275448 - CVE-2024-21061 mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2024)

CVEs

(none)

References

• https://access.redhat.com/errata/RHSA-2024:2619
• https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rhscl/mysql-80-rhel7