An update for mysql is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of
 Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of the
 MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

* openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)

* krb5: GSS message token handling (CVE-2024-37371)

* curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)

* mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024)
 (CVE-2024-21238)

* mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)

* mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)

* mysql: Client programs unspecified vulnerability (CPU Oct 2024)
 (CVE-2024-21231)

* mysql: Information Schema unspecified vulnerability (CPU Oct 2024)
 (CVE-2024-21197)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)

* mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)

* mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024)
 (CVE-2024-21237)

* mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)

* mysql: Health Monitor unspecified vulnerability (CPU Oct 2024)
 (CVE-2024-21212)

* mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)

* mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)

* mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)

* mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)

* mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)

* curl: curl netrc password leak (CVE-2024-11053)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)

* mysql: MySQL Server Options Vulnerability (CVE-2025-21520)

* mysql: High Privilege Denial of Service Vulnerability in MySQL Server
 (CVE-2025-21490)

* mysql: Information Schema unspecified vulnerability (CPU Jan 2025)
 (CVE-2025-21529)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)

* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)

* mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)

* mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data
 Modification Vulnerability (CVE-2025-21555)

* mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)

* mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data
 Modification Vulnerability (CVE-2025-21491)

* mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)

* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)

* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025)
 (CVE-2025-21521)

* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)

* mysql: Performance Schema unspecified vulnerability (CPU Jan 2025)
 (CVE-2025-21534)

* mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)

* mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)

* mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)

* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)

* mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data
 Modification Vulnerability (CVE-2025-21559)

* mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)

* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)

* mysql: Components Services unspecified vulnerability (CPU Jan 2025)
 (CVE-2025-21505)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-5535: Exposure of Sensitive Information to an Unauthorized Actor
 (CWE-200)
CVE-2024-7264: Out-of-bounds Read (CWE-125)
CVE-2024-11053: Exposure of Sensitive Information to an Unauthorized Actor
 (CWE-200)
CVE-2024-21193
CVE-2024-21194
CVE-2024-21196
CVE-2024-21197
CVE-2024-21198
CVE-2024-21199
CVE-2024-21201
CVE-2024-21203
CVE-2024-21212
CVE-2024-21213
CVE-2024-21218
CVE-2024-21219
CVE-2024-21230
CVE-2024-21231
CVE-2024-21236
CVE-2024-21237
CVE-2024-21238
CVE-2024-21239
CVE-2024-21241
CVE-2024-21247
CVE-2024-37371
CVE-2025-21490: Improper Resource Shutdown or Release (CWE-404)
CVE-2025-21491: Improper Resource Shutdown or Release (CWE-404)
CVE-2025-21494
CVE-2025-21497
CVE-2025-21500
CVE-2025-21501
CVE-2025-21503
CVE-2025-21504
CVE-2025-21505
CVE-2025-21518
CVE-2025-21519
CVE-2025-21520: Improper Authorization (CWE-285)
CVE-2025-21521
CVE-2025-21522
CVE-2025-21523
CVE-2025-21525
CVE-2025-21529
CVE-2025-21531
CVE-2025-21534
CVE-2025-21536
CVE-2025-21540
CVE-2025-21543
CVE-2025-21546: Improper Privilege Management (CWE-269)
CVE-2025-21555: Improper Resource Shutdown or Release (CWE-404)
CVE-2025-21559: Improper Resource Shutdown or Release (CWE-404)