Release date:
2026-05-29 13:54:47 UTC
Description:
* SECURITY UPDATE: EXPLAIN crash in optimizer const table extraction
- debian/patches/CVE-2026-21968.patch: EXPLAIN SELECT crashes when querying LEFT JOIN with derived tables containing stored functions and GROUP BY. The optimizer incorrectly marks such derived tables as const during EXPLAIN mode; backport adds is_const_optimizable() guard to three const-extraction code paths to prevent materializing derived tables with stored programs in EXPLAIN mode.
- CVE-2026-21968
* SECURITY UPDATE: null dereference in Value_generator print_expr
- debian/patches/CVE-2026-21937.patch: expr_item is nullptr when a functional index exceeds MI_MAX_KEY_LENGTH (767 bytes); MySQL stores expr_str but leaves expr_item null, causing a crash when print_expr() is called (e.g., SHOW CREATE TABLE). Backport adds an expr_item null guard in Value_generator::print_expr() and falls back to printing expr_str when the Item tree has not been unpacked.
- CVE-2026-21937
* SECURITY UPDATE: PASSWORD EXPIRE not enforced for externally authenticated users
- debian/patches/CVE-2026-21965.patch: The condition in set_and_validate_user_attributes() checking whether a plugin supports password expiration covered only the interval-based form (PASSWORD EXPIRE INTERVAL N DAY), missing the direct PASSWORD EXPIRE clause. Backport expands the condition to also check update_password_expired_column, so all non-default PASSWORD EXPIRE forms are rejected for plugins that do not support expiration. Additionally removes a redundant expiration check from mysql_alter_user() that was already subsumed by set_and_validate_user_attributes().
- CVE-2026-21965
* SECURITY UPDATE: assertion crash on bulk GIS insert into temp table
- debian/patches/CVE-2026-21936.patch: Bulk inserts into a temporary table with a GIS secondary index crash via InnoDB assertion: when B-tree optimistic descent fails and a new mtr is started, the mtr log mode defaults to MTR_LOG_ALL instead of MTR_LOG_NO_REDO required for temporary tables. The backport adds an is_temporary() check immediately after mtr_start() to re-set the log mode to MTR_LOG_NO_REDO.
- CVE-2026-21936
Updated packages:
-
libmysql9.4client-dev_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:246cd25cdfa744200606e684c9f79310699157b4
-
libmysql9.4client24_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:8b354491109f7cc472ddf4c4b1d1d85b43870283
-
mysql9.4-client_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:d6bc5d7cacec6b84a876a495569cd8a2d28e6071
-
mysql9.4-common_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:dd1ce95d2faa3ba3da42efb4402f81dcc26b8eb2
-
mysql9.4-community-client_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:3d1eba2ed4aa68ebf3cbd1cc25e3a44f9f6ace27
-
mysql9.4-community-client-core_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:411e95ffa9f5de18ce924e2ce1ed7d604c1f9cab
-
mysql9.4-community-client-plugins_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:61c5a99d6c27f4ff121a54eaf7a37ed41c2277b9
-
mysql9.4-community-server_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:745b1e0367c475ab55bc9ff6bbce079708db9f6a
-
mysql9.4-community-server-core_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:9e68d26254f0597a0bb9d3c93376a3c3ae71b189
-
mysql9.4-community-server-debug_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:73d8284c206ab919cbd4244de6ee9eae94c5908a
-
mysql9.4-community-test_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:77c3bde56f7ea90f76a23b6a94b1d591d64c7889
-
mysql9.4-community-test-debug_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:4ead33210b8e69a3d6428597d6044f9e25542c93
-
mysql9.4-router_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:f2fb22954094fdb5bc6d31db6f0c19ae682aef34
-
mysql9.4-router-community_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:a5d4f02b0bdced3cc614c99d3151aa745cb26003
-
mysql9.4-server_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:396a56e8490f5d5895e35d37a405b5c8e11e77fb
-
mysql9.4-testsuite_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:0c42af4fec662dd376c2fc105f9a59e95438f756
-
libmysql9.4client-dev_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:7963d630d584dccd10fdc8e2e38b432e791a2f02
-
libmysql9.4client24_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:3413e90a7b60e297da38a0ea7cd2423eeef6b901
-
mysql9.4-client_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:f23da34a4bb9295a6cd3f8450f496b091e3fa5f1
-
mysql9.4-common_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:7d3dcb05383d0a44641aeed5c83e3a281a2c14e2
-
mysql9.4-community-client_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:ad785655cdc36edb03e678ac4ef037cd63e30a8c
-
mysql9.4-community-client-core_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:3ef7e6aeedfe1ff702e8f80c10109d790285c402
-
mysql9.4-community-client-plugins_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:44f930c4a740f1de24f7799a1f648c33cdc55697
-
mysql9.4-community-server_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:5b331f3c2b939d615c11a1a24262fb9ecb239ef2
-
mysql9.4-community-server-core_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:4f406778dffab59aa480b6f2b988b6a16995cdbf
-
mysql9.4-community-server-debug_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:98ed935eb1e5213a36b51ea0651172974d5f22fd
-
mysql9.4-community-test_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:24feb7e8be410d9a0b5044991600c44cceb84729
-
mysql9.4-community-test-debug_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:421b7f7ab834fd72300ddc6b5fbc2d18c735a01a
-
mysql9.4-router_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:829e36ff49d9e7c05259c5cbb7796e7d7e5b946c
-
mysql9.4-router-community_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:eb29dccd631f05350888e972abdee951ad28ca07
-
mysql9.4-server_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:7c3370fede32e09a081b7d1f2f966699e6d94f6d
-
mysql9.4-testsuite_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:6bd0b606616523af3fd096da079bd2e88ed44d8e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
