This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5890005907442735013== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV Content-Type: multipart/mixed; boundary="X5Zj0aqwCHS8EyaJ7noSgYyk2ds70MmpV"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <bf7a906e-e80a-c3cf-023f-421cc0528403@canonical.com> Subject: [USN-5123-1] MySQL vulnerabilities
--X5Zj0aqwCHS8EyaJ7noSgYyk2ds70MmpV Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5123-1 October 25, 2021
mysql-5.7, mysql-8.0 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description: - mysql-8.0: MySQL database - mysql-5.7: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html https://www.oracle.com/security-alerts/cpuoct2021.html
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: mysql-server-8.0 8.0.27-0ubuntu0.21.10.1
Ubuntu 21.04: mysql-server-8.0 8.0.27-0ubuntu0.21.04.1
Ubuntu 20.04 LTS: mysql-server-8.0 8.0.27-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: mysql-server-5.7 5.7.36-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5123-1 CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35584, CVE-2021-35591, CVE-2021-35596, CVE-2021-35597, CVE-2021-35602, CVE-2021-35604, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610, CVE-2021-35612, CVE-2021-35613, CVE-2021-35622, CVE-2021-35623, CVE-2021-35624, CVE-2021-35625, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35630, CVE-2021-35631, CVE-2021-35632, CVE-2021-35633, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35637, CVE-2021-35638, CVE-2021-35639, CVE-2021-35640, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2021-35648
Package Information: https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.27-0ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.27-0ubuntu0.21.04.1 https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.27-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.36-0ubuntu0.18.04.1
--X5Zj0aqwCHS8EyaJ7noSgYyk2ds70MmpV--
--gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmF2tfAACgkQZWnYVadE vpNmNA//ZMVOdKR0jnvmytDyC4ZlgTNuesnkO1HfxvxTY6JgdCZXN9OrHp0hIBmT ozTClOHQJ55q58QrOs87BV+Rtg4Mhy9aEwjfIeRHAZ8IBMTEOc2sglCtbgX4Fq5z uV0Zk8zOoZL7ewTqGXx9zI+Rtt5N/z+UnFKSjx4jD1jtEq4hUuhmrgV1s70wU4+X 5Iqoz7PgIjkXEilbbukzUi5IKEb+NBC5+csWM/VcfDzS0dGuLW3IbSkRnDRsnGIl 3zxaRUAP+YPrn7kOPXzZHc4JRZX+0PmEVtPKXkGZ6DiMu2DGg6Q+GQXn0BirwCMS MFbBOJNcKCzhUoQSMG3reN50oQZwW7bnxQ7nDff8+0GkXqmQqOs1DiyiCVgfaLii yKKZNyNH3/tKk+nL7ixMxVA4B8yKFlzPfeq8+TlwSv4eR+qs9hLi2aOxMxSZ5hdl INznSKZqLoTMipgQefg2o15VHiZ/8UpvcctIn3BQe9L1Q4/maACjtTSJ5hK0cXbz qnpsxxTkWpHuyuvKVEQhppQsOZCn8RGaB0EmS/Ew7mtATLQ/r3594b65Ffy+JWPF ua1JxF3iDwRUlQKcbT91vzE8Pm2mXMOKFHNR3SKQm6ONpufr4DTVXD1WGBkTj9to 9bTTWYNEPbF6cDpXuARXkr2RQea9h4qF12ikp9Hhk1PNKy5eohM= =Aa3A -----END PGP SIGNATURE-----
--gB9Zq1gnqVTEDfNEVmKuPvjFM8wzbgprV--
--===============5890005907442735013== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5890005907442735013==--
|