CVE-2022-4899
Description
Moderate: mysql security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-1141.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0894.html
Vendor advisory: alma — https://bugzilla.redhat.com/2258794
Vendor advisory: alma — https://bugzilla.redhat.com/2258793
Vendor advisory: alma — https://bugzilla.redhat.com/2258792
Vendor advisory: alma — https://bugzilla.redhat.com/2258791
Vendor advisory: alma — https://bugzilla.redhat.com/2258790
Vendor advisory: alma — https://bugzilla.redhat.com/2258789
Vendor advisory: alma — https://bugzilla.redhat.com/2258788
Vendor advisory: alma — https://bugzilla.redhat.com/2258787
Vendor advisory: alma — https://bugzilla.redhat.com/2258785
Vendor advisory: alma — https://bugzilla.redhat.com/2258784
Vendor advisory: alma — https://bugzilla.redhat.com/2258783
Vendor advisory: alma — https://bugzilla.redhat.com/2258782
Vendor advisory: alma — https://bugzilla.redhat.com/2258781
Vendor advisory: alma — https://bugzilla.redhat.com/2258780
Vendor advisory: alma — https://bugzilla.redhat.com/2258779
Vendor advisory: alma — https://bugzilla.redhat.com/2258778
Vendor advisory: alma — https://bugzilla.redhat.com/2258777
Vendor advisory: alma — https://bugzilla.redhat.com/2258776
Vendor advisory: alma — https://bugzilla.redhat.com/2258775
Vendor advisory: alma — https://bugzilla.redhat.com/2258774
Vendor advisory: alma — https://bugzilla.redhat.com/2258773
Vendor advisory: alma — https://bugzilla.redhat.com/2258772
Vendor advisory: alma — https://bugzilla.redhat.com/2258771
Vendor advisory: alma — https://bugzilla.redhat.com/2245034
Vendor advisory: alma — https://bugzilla.redhat.com/2245033
Vendor advisory: alma — https://bugzilla.redhat.com/2245032
Vendor advisory: alma — https://bugzilla.redhat.com/2245031
Vendor advisory: alma — https://bugzilla.redhat.com/2245030
Vendor advisory: alma — https://bugzilla.redhat.com/2245029
Vendor advisory: alma — https://bugzilla.redhat.com/2245028
Vendor advisory: alma — https://bugzilla.redhat.com/2245027
Vendor advisory: alma — https://bugzilla.redhat.com/2245026
Vendor advisory: alma — https://bugzilla.redhat.com/2245024
Vendor advisory: alma — https://bugzilla.redhat.com/2245023
Vendor advisory: alma — https://bugzilla.redhat.com/2245022
Vendor advisory: alma — https://bugzilla.redhat.com/2245021
Vendor advisory: alma — https://bugzilla.redhat.com/2245020
Vendor advisory: alma — https://bugzilla.redhat.com/2245019
Vendor advisory: alma — https://bugzilla.redhat.com/2245018
Vendor advisory: alma — https://bugzilla.redhat.com/2245017
Vendor advisory: alma — https://bugzilla.redhat.com/2245016
Vendor advisory: alma — https://bugzilla.redhat.com/2245015
Vendor advisory: alma — https://bugzilla.redhat.com/2245014
Vendor advisory: alma — https://bugzilla.redhat.com/2224222
Vendor advisory: alma — https://bugzilla.redhat.com/2224221
Vendor advisory: alma — https://bugzilla.redhat.com/2224220
Vendor advisory: alma — https://bugzilla.redhat.com/2224219
Vendor advisory: alma — https://bugzilla.redhat.com/2224218
Vendor advisory: alma — https://bugzilla.redhat.com/2224217
Vendor advisory: alma — https://bugzilla.redhat.com/2224216
Vendor advisory: alma — https://bugzilla.redhat.com/2224215
Vendor advisory: alma — https://bugzilla.redhat.com/2224214
Vendor advisory: alma — https://bugzilla.redhat.com/2224213
Vendor advisory: alma — https://bugzilla.redhat.com/2224212
Vendor advisory: alma — https://bugzilla.redhat.com/2224211
Vendor advisory: alma — https://bugzilla.redhat.com/2188132
Vendor advisory: alma — https://bugzilla.redhat.com/2188131
Vendor advisory: alma — https://bugzilla.redhat.com/2188130
Vendor advisory: alma — https://bugzilla.redhat.com/2188129
Vendor advisory: alma — https://bugzilla.redhat.com/2188128
Vendor advisory: alma — https://bugzilla.redhat.com/2188127
Vendor advisory: alma — https://bugzilla.redhat.com/2188125
Vendor advisory: alma — https://bugzilla.redhat.com/2188124
Vendor advisory: alma — https://bugzilla.redhat.com/2188123
Vendor advisory: alma — https://bugzilla.redhat.com/2188122
Vendor advisory: alma — https://bugzilla.redhat.com/2188121
Vendor advisory: alma — https://bugzilla.redhat.com/2188120
Vendor advisory: alma — https://bugzilla.redhat.com/2188119
Vendor advisory: alma — https://bugzilla.redhat.com/2188118
Vendor advisory: alma — https://bugzilla.redhat.com/2188117
Vendor advisory: alma — https://bugzilla.redhat.com/2188116
Vendor advisory: alma — https://bugzilla.redhat.com/2188115
Vendor advisory: alma — https://bugzilla.redhat.com/2188113
Vendor advisory: alma — https://bugzilla.redhat.com/2188109
Vendor advisory: alma — https://bugzilla.redhat.com/2179864
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0894
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-4899
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-4899.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0894
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:1141
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 1.5.4+dfsg2-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 1.5.4+dfsg2-1 |
| debian | sid | fixed | 1.5.4+dfsg2-1 |
| debian | trixie | fixed | 1.5.4+dfsg2-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| SwiftURL | github.com/facebook/zstd | <1.5.4 | 1.5.4 |
| PyPI | zstd | <1.5.4.0 | 1.5.4.0 |
| PyPI | zstd | <1.5.4 | 1.5.4 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-4899
- https://github.com/facebook/zstd/issues/3200
- https://github.com/facebook/zstd/pull/3220
- https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6
- https://github.com/facebook/zstd
- https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN
- https://security.netapp.com/advisory/ntap-20230725-0005
- https://access.redhat.com/errata/RHSA-2024:1141
- https://errata.rockylinux.org/RLSA-2024:0894
- https://security.netapp.com/advisory/ntap-20230725-0005/
- https://www.suse.com/security/cve/CVE-2022-4899.html
- https://security-tracker.debian.org/tracker/CVE-2022-4899
- https://access.redhat.com/errata/RHSA-2024:0894
- https://bugzilla.redhat.com/2179864
- https://bugzilla.redhat.com/2188109
- https://bugzilla.redhat.com/2188113
- https://bugzilla.redhat.com/2188115
- https://bugzilla.redhat.com/2188116
- https://bugzilla.redhat.com/2188117
- https://bugzilla.redhat.com/2188118
- https://bugzilla.redhat.com/2188119
- https://bugzilla.redhat.com/2188120
Verify integrity in audit chain (admin only). AS-IS.