An update for mysql is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1375 Final 1.0 1.0 2021-10-08 Initial 2021-10-08 2021-10-08 openEuler SA Tool V1.0 2021-10-08 mysql security update An update for mysql is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates Security Fix(es): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2342) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2367) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-2374) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2372) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2399) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).(CVE-2021-2417) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2387) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2402) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2384) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2425) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2437) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2390) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2370) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2418) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2410) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2383) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-2385) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2389) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2426) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2427) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2441) An update for mysql is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium mysql https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2342 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2367 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2374 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2372 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2399 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2417 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2387 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2402 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2384 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2425 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2437 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2390 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2370 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2418 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2410 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2383 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2385 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2389 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2426 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2427 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2441 https://nvd.nist.gov/vuln/detail/CVE-2021-2342 https://nvd.nist.gov/vuln/detail/CVE-2021-2367 https://nvd.nist.gov/vuln/detail/CVE-2021-2374 https://nvd.nist.gov/vuln/detail/CVE-2021-2372 https://nvd.nist.gov/vuln/detail/CVE-2021-2399 https://nvd.nist.gov/vuln/detail/CVE-2021-2417 https://nvd.nist.gov/vuln/detail/CVE-2021-2387 https://nvd.nist.gov/vuln/detail/CVE-2021-2402 https://nvd.nist.gov/vuln/detail/CVE-2021-2384 https://nvd.nist.gov/vuln/detail/CVE-2021-2425 https://nvd.nist.gov/vuln/detail/CVE-2021-2437 https://nvd.nist.gov/vuln/detail/CVE-2021-2390 https://nvd.nist.gov/vuln/detail/CVE-2021-2370 https://nvd.nist.gov/vuln/detail/CVE-2021-2418 https://nvd.nist.gov/vuln/detail/CVE-2021-2410 https://nvd.nist.gov/vuln/detail/CVE-2021-2383 https://nvd.nist.gov/vuln/detail/CVE-2021-2385 https://nvd.nist.gov/vuln/detail/CVE-2021-2389 https://nvd.nist.gov/vuln/detail/CVE-2021-2426 https://nvd.nist.gov/vuln/detail/CVE-2021-2427 https://nvd.nist.gov/vuln/detail/CVE-2021-2441 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 mysql-8.0.26-1.oe1.aarch64.rpm mysql-8.0.26-1.oe1.aarch64.rpm mysql-8.0.26-1.oe1.src.rpm mysql-8.0.26-1.oe1.src.rpm mysql-8.0.26-1.oe1.x86_64.rpm mysql-8.0.26-1.oe1.x86_64.rpm Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2342 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2367 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). 2021-10-08 CVE-2021-2374 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2372 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2399 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H). 2021-10-08 CVE-2021-2417 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 6.0 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2387 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2402 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2384 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2425 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2437 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2390 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2370 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2418 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2410 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2383 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). 2021-10-08 CVE-2021-2385 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.0 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2389 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2426 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2427 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2021-10-08 CVE-2021-2441 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2021-10-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1375