SB2025020802 - openEuler update for mysql

Description

This security bulletin contains information about 20 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2025-21490)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

2) Improper input validation (CVE-ID: CVE-2025-21491)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

3) Improper input validation (CVE-ID: CVE-2025-21495)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Firewall component in MySQL Enterprise Firewall. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

4) Improper input validation (CVE-ID: CVE-2025-21497)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

5) Improper input validation (CVE-ID: CVE-2025-21500)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

6) Improper input validation (CVE-ID: CVE-2025-21501)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

7) Improper input validation (CVE-ID: CVE-2025-21503)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

8) Improper input validation (CVE-ID: CVE-2025-21505)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

9) Improper input validation (CVE-ID: CVE-2025-21518)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

10) Improper input validation (CVE-ID: CVE-2025-21519)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

11) Improper input validation (CVE-ID: CVE-2025-21520)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A local privileged user can exploit this vulnerability to gain access to sensitive information.

12) Improper input validation (CVE-ID: CVE-2025-21522)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

13) Improper input validation (CVE-ID: CVE-2025-21523)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

14) Improper input validation (CVE-ID: CVE-2025-21529)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

15) Improper input validation (CVE-ID: CVE-2025-21531)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

16) Improper input validation (CVE-ID: CVE-2025-21540)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

17) Improper input validation (CVE-ID: CVE-2025-21543)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Packaging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

18) Improper input validation (CVE-ID: CVE-2025-21546)

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.

19) Improper input validation (CVE-ID: CVE-2025-21555)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

20) Improper input validation (CVE-ID: CVE-2025-21559)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103