SB2024111298 - Ubuntu update for mysql-8.0

Description

This security bulletin contains information about 16 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2024-21212)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Health Monitor component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

2) Improper input validation (CVE-ID: CVE-2024-21201)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

3) Improper input validation (CVE-ID: CVE-2024-21199)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

4) Improper input validation (CVE-ID: CVE-2024-21213)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

5) Improper input validation (CVE-ID: CVE-2024-21236)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

6) Improper input validation (CVE-ID: CVE-2024-21197)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

7) Improper input validation (CVE-ID: CVE-2024-21219)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

8) Improper input validation (CVE-ID: CVE-2024-21193)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

9) Improper input validation (CVE-ID: CVE-2024-21237)

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Group Replication GCS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

10) Improper input validation (CVE-ID: CVE-2024-21231)

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Client programs component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

11) Improper input validation (CVE-ID: CVE-2024-21239)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

12) Improper input validation (CVE-ID: CVE-2024-21196)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: X Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

13) Improper input validation (CVE-ID: CVE-2024-21194)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

14) Improper input validation (CVE-ID: CVE-2024-21198)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

15) Improper input validation (CVE-ID: CVE-2024-21230)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

16) Improper input validation (CVE-ID: CVE-2024-21241)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-7102-1