This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5890005907442735013==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV
Content-Type: multipart/mixed;
 boundary="X5Zj0aqwCHS8EyaJ7noSgYyk2ds70MmpV";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
 <ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <bf7a906e-e80a-c3cf-023f-421cc0528403@canonical.com>
Subject: [USN-5123-1] MySQL vulnerabilities

--X5Zj0aqwCHS8EyaJ7noSgYyk2ds70MmpV
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5123-1
October 25, 2021

mysql-5.7, mysql-8.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-8.0: MySQL database
- mysql-5.7: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and
Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  mysql-server-8.0                8.0.27-0ubuntu0.21.10.1

Ubuntu 21.04:
  mysql-server-8.0                8.0.27-0ubuntu0.21.04.1

Ubuntu 20.04 LTS:
  mysql-server-8.0                8.0.27-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  mysql-server-5.7                5.7.36-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-5123-1
  CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35546,
  CVE-2021-35575, CVE-2021-35577, CVE-2021-35584, CVE-2021-35591,
  CVE-2021-35596, CVE-2021-35597, CVE-2021-35602, CVE-2021-35604,
  CVE-2021-35607, CVE-2021-35608, CVE-2021-35610, CVE-2021-35612,
  CVE-2021-35613, CVE-2021-35622, CVE-2021-35623, CVE-2021-35624,
  CVE-2021-35625, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628,
  CVE-2021-35630, CVE-2021-35631, CVE-2021-35632, CVE-2021-35633,
  CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35637,
  CVE-2021-35638, CVE-2021-35639, CVE-2021-35640, CVE-2021-35641,
  CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645,
  CVE-2021-35646, CVE-2021-35647, CVE-2021-35648

Package Information:
  https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.27-0ubuntu0.21.10.1
  https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.27-0ubuntu0.21.04.1
  https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.27-0ubuntu0.20.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.36-0ubuntu0.18.04.1


--X5Zj0aqwCHS8EyaJ7noSgYyk2ds70MmpV--

--gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmF2tfAACgkQZWnYVadE
vpNmNA//ZMVOdKR0jnvmytDyC4ZlgTNuesnkO1HfxvxTY6JgdCZXN9OrHp0hIBmT
ozTClOHQJ55q58QrOs87BV+Rtg4Mhy9aEwjfIeRHAZ8IBMTEOc2sglCtbgX4Fq5z
uV0Zk8zOoZL7ewTqGXx9zI+Rtt5N/z+UnFKSjx4jD1jtEq4hUuhmrgV1s70wU4+X
5Iqoz7PgIjkXEilbbukzUi5IKEb+NBC5+csWM/VcfDzS0dGuLW3IbSkRnDRsnGIl
3zxaRUAP+YPrn7kOPXzZHc4JRZX+0PmEVtPKXkGZ6DiMu2DGg6Q+GQXn0BirwCMS
MFbBOJNcKCzhUoQSMG3reN50oQZwW7bnxQ7nDff8+0GkXqmQqOs1DiyiCVgfaLii
yKKZNyNH3/tKk+nL7ixMxVA4B8yKFlzPfeq8+TlwSv4eR+qs9hLi2aOxMxSZ5hdl
INznSKZqLoTMipgQefg2o15VHiZ/8UpvcctIn3BQe9L1Q4/maACjtTSJ5hK0cXbz
qnpsxxTkWpHuyuvKVEQhppQsOZCn8RGaB0EmS/Ew7mtATLQ/r3594b65Ffy+JWPF
ua1JxF3iDwRUlQKcbT91vzE8Pm2mXMOKFHNR3SKQm6ONpufr4DTVXD1WGBkTj9to
9bTTWYNEPbF6cDpXuARXkr2RQea9h4qF12ikp9Hhk1PNKy5eohM=
=Aa3A
-----END PGP SIGNATURE-----

--gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV--


--===============5890005907442735013==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5890005907442735013==--