Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9 Type: Security Severity: Important Release date: 2025-02-20 Summary: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535) * krb5: GSS message token handling (CVE-2024-37371) * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264) * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238) * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196) * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241) * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231) * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197) * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218) * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201) * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236) * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237) * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203) * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212) * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219) * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230) * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213) * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194) * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199) * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193) * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198) * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247) * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239) * curl: curl netrc password leak (CVE-2024-11053) * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497) * mysql: MySQL Server Options Vulnerability (CVE-2025-21520) * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490) * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529) * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531) * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504) * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540) * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555) * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543) * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491) * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525) * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536) * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521) * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501) * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534) * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494) * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519) * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522) * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503) * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518) * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559) * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546) * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500) * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523) * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-1671.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team
