*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Software MySQL 5.x, MySQL 8.x ThreatCon 4 (4 weeks) CVSS Score 7.5 Impact System access, DoS, Exposure of sensitive information, Manipulation of data Solution Status Vendor Patched Attack Vector From local network CVE Numbers CVE‑2021‑22901 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-22901> , CVE‑2021‑2352 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2352> , CVE‑2021‑2425 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2425> , CVE‑2021‑2399 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2399> , CVE‑2021‑2384 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2384> , CVE‑2021‑2429 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2429> , CVE‑2021‑2417 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2417> , CVE‑2021‑2422 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2422> , CVE‑2021‑22898 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-22898> , CVE‑2021‑2357 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2357> , CVE‑2021‑2354 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2354> , CVE‑2021‑2374 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2374> , CVE‑2021‑2387 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2387> , CVE‑2021‑2412 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2412> , CVE‑2021‑2418 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2418> , CVE‑2021‑2342 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2342> , CVE‑2021‑2372 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2372> , CVE‑2021‑2385 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2385> , CVE‑2021‑2440 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2440> , CVE‑2021‑2367 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2367> , CVE‑2021‑2402 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2402> , CVE‑2021‑2426 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2426> , CVE‑2021‑2370 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2370> , CVE‑2021‑2389 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2389> , CVE‑2021‑2424 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2424> , CVE‑2021‑2339 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2339> , CVE‑2021‑2340 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2340> , CVE‑2021‑2444 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2444> , CVE‑2021‑2437 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2437> , CVE‑2021‑2383 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2383> , CVE‑2021‑2441 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2441> , CVE‑2021‑2356 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2356> , CVE‑2021‑2427 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2427> , CVE‑2021‑2410 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2410> , CVE‑2021‑2390 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-2390> Description Multiple vulnerabilities have been reported in MySQL Server, which can be exploited by malicious, local users to disclose sensitive information, by malicious users to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system, and by malicious people to cause a DoS and compromise a vulnerable system. Affected Software The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected. MySQL 5.x MySQL 8.x Solution Apply update. https://support.oracle.com/rs?type=doc&id=2787955.1 References 1. https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL <https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL> 2. http://www.oracle.com/security-alerts/cpujul2021verbose.html <http://www.oracle.com/security-alerts/cpujul2021verbose.html> ** Affects: mysql-5.7 (Ubuntu) Importance: Undecided Status: New -- MySQL Server Multiple Vulnerabilities https://bugs.launchpad.net/bugs/1937218 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs