Release date:
2026-05-29 14:45:03 UTC
Description:
* SECURITY UPDATE: EXPLAIN crash in optimizer const table extraction
- debian/patches/CVE-2026-21968.patch: EXPLAIN SELECT crashes when querying LEFT JOIN with derived tables containing stored functions and GROUP BY. The optimizer incorrectly marks such derived tables as const during EXPLAIN mode; backport adds is_const_optimizable() guard to three const-extraction code paths to prevent materializing derived tables with stored programs in EXPLAIN mode.
- CVE-2026-21968
* SECURITY UPDATE: null dereference in Value_generator print_expr
- debian/patches/CVE-2026-21937.patch: expr_item is nullptr when a functional index exceeds MI_MAX_KEY_LENGTH (767 bytes); MySQL stores expr_str but leaves expr_item null, causing a crash when print_expr() is called (e.g., SHOW CREATE TABLE). Backport adds an expr_item null guard in Value_generator::print_expr() and falls back to printing expr_str when the Item tree has not been unpacked.
- CVE-2026-21937
* SECURITY UPDATE: PASSWORD EXPIRE not enforced for externally authenticated users
- debian/patches/CVE-2026-21965.patch: The condition in set_and_validate_user_attributes() checking whether a plugin supports password expiration covered only the interval-based form (PASSWORD EXPIRE INTERVAL N DAY), missing the direct PASSWORD EXPIRE clause. Backport expands the condition to also check update_password_expired_column, so all non-default PASSWORD EXPIRE forms are rejected for plugins that do not support expiration. Additionally removes a redundant expiration check from mysql_alter_user() that was already subsumed by set_and_validate_user_attributes().
- CVE-2026-21965
* SECURITY UPDATE: assertion crash on bulk GIS insert into temp table
- debian/patches/CVE-2026-21936.patch: Bulk inserts into a temporary table with a GIS secondary index crash via InnoDB assertion: when B-tree optimistic descent fails and a new mtr is started, the mtr log mode defaults to MTR_LOG_ALL instead of MTR_LOG_NO_REDO required for temporary tables. The backport adds an is_temporary() check immediately after mtr_start() to re-set the log mode to MTR_LOG_NO_REDO.
- CVE-2026-21936
Updated packages:
-
libmysql9.4client-dev_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:5744978b2007a90d609ee32d93b4832b9e826720
-
libmysql9.4client24_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:b7b6a8d0d230e3b9fb79d079d2f42371d6f757fb
-
mysql9.4-client_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:fe6d5782c864b598b5a0c367c61a80641cda38b0
-
mysql9.4-common_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:9ab51cedb8dcba4449e50204c4b1d1509d636b83
-
mysql9.4-community-client_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:a6bb2a07bc9a242d60813234a879d57cc0c495fb
-
mysql9.4-community-client-core_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:5fe6bcb19d3f7be94d7e44b8d27b6bdc7da8e6de
-
mysql9.4-community-client-plugins_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:94b8a2d5647f4bb4893b2c4c86f13a0a3bcb0b08
-
mysql9.4-community-server_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:b7ac746bbfee04ab703b167b31d76f9e337dff2a
-
mysql9.4-community-server-core_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:2ae9a256ea2f82f49502736bbd21cb0750948eba
-
mysql9.4-community-server-debug_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:59dffd6c4bc1762f82052ad7955213bad37af03c
-
mysql9.4-community-test_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:7752a64219548dbfc7cb5a278087a518b8bb1ffd
-
mysql9.4-community-test-debug_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:a2a6ff89d81a64cce26605fc57ce0b55de5d6b30
-
mysql9.4-router_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:604746d53917ee70ab9ca81c339a6cecff674afd
-
mysql9.4-router-community_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:f3367a4a78dac125f7bbd3f97625e14609e48426
-
mysql9.4-server_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:1a133c4da9a6476a8025a080e21561368c3dc09a
-
mysql9.4-testsuite_9.4.0-1debian13+tuxcare.els5_amd64.deb
sha:d7530decabde7a1fb936cc38b9993dbd689ef59c
-
libmysql9.4client-dev_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:70befdda299f7d1ba13066eb5c2e0096474eec17
-
libmysql9.4client24_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:6fb31d48970dc04fe7ded933b8b11be3b526b149
-
mysql9.4-client_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:f49b338e1a9389ba38f9a2e16005bbb9fdd9fbca
-
mysql9.4-common_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:f76dfcf27969336d0ec3eef2b086f2259eeb1754
-
mysql9.4-community-client_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:5f6d1976e468e43594b92ad8fab260bde2ff104f
-
mysql9.4-community-client-core_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:ddc6326704bf15eb0d0dce70ed135f5d6dded263
-
mysql9.4-community-client-plugins_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:47d510605c09fac5b32aa2561e4868e4175554c6
-
mysql9.4-community-server_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:a2d7f7ff5884f702fb017bc82c76e98124f0aac9
-
mysql9.4-community-server-core_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:5c7d8adab2112c873ec64cebe9f535f8a83c624a
-
mysql9.4-community-server-debug_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:11453976e3dd01aefb83714daebba57614cbbbae
-
mysql9.4-community-test_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:393be801d92d73efa1ecc917c746ebcb6ee73391
-
mysql9.4-community-test-debug_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:75137914b912615aee72fdafb117909f1306de76
-
mysql9.4-router_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:f7513e6ae6818614047971ab7da718959927d73e
-
mysql9.4-router-community_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:4d66aa02bea0973500d7e6fc6d695121ee80c579
-
mysql9.4-server_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:f86d1932e80d7d01bbc162bdc55cda2dcba87842
-
mysql9.4-testsuite_9.4.0-1debian13+tuxcare.els5_arm64.deb
sha:62f3da3f92717788f93a8d129ce4e8d3c0be826e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
