AVIS DU CERT-FR: Vulnérabilités Critiques dans Oracle MySQL

CERT-FR has issued an advisory regarding critical vulnerabilities discovered in Oracle MySQL, highlighting significant risks for users of the specified versions.

Advisory Reference: CERTFR-2023-AVI-0863
Publication Date: October 18, 2023
Source: Oracle Security Bulletin cpuoct2023 dated October 17, 2023, Oracle Security Bulletin cpuoct2023verbose dated October 17, 2023

Identified Risks:

  1. Remote Code Execution
  2. Remote Denial of Service
  3. Compromise of Data Integrity
  4. Compromise of Data Confidentiality

Affected Systems:

  1. MySQL Enterprise Monitor – versions 8.0.35 and earlier
  2. MySQL Cluster – versions 8.0.34 and earlier, version 8.1.0
  3. MySQL Connectors – versions 8.1.0 and earlier
  4. MySQL Installer – versions earlier than 1.6.8
  5. MySQL Server – versions 5.7.43 and earlier, versions 8.0.35 and earlier, version 8.1.0

Summary of Vulnerabilities: Multiple vulnerabilities have been identified in Oracle MySQL, some of which allow an attacker to trigger remote code execution, remote denial of service, and compromise data integrity.

Recommended Solution: Users are advised to refer to the security bulletin issued by the vendor for obtaining the necessary patches (see Documentation section for details).