ALAS2022-2022-096

Amazon Linux 2022 Security Advisory: ALAS-2022-096
Advisory Release Date: 2022-06-28 23:52 Pacific
Advisory Updated Date: 2022-07-19 19:44 Pacific
Severity: Medium
Issue Overview:

A use-after-free vulnerability was found in MariaDB. This flaw allows attackers to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. (CVE-2021-46669)


Affected Packages:

mariadb105


Issue Correction:
Run dnf update --releasever=2022.0.20220628 mariadb105 to update your system.

New Packages:
aarch64:
    mariadb105-server-utils-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-test-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-pam-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-cracklib-password-check-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-sphinx-engine-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-server-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-devel-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-oqgraph-engine-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-connect-engine-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-common-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-pam-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-backup-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-errmsg-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-server-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-gssapi-server-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-server-utils-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-backup-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-debugsource-10.5.16-1.amzn2022.0.2.aarch64
    mariadb105-test-10.5.16-1.amzn2022.0.2.aarch64

src:
    mariadb105-10.5.16-1.amzn2022.0.2.src

x86_64:
    mariadb105-test-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-pam-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-backup-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-sphinx-engine-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-connect-engine-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-sphinx-engine-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-devel-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-oqgraph-engine-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-errmsg-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-server-utils-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-server-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-pam-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-oqgraph-engine-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-connect-engine-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-server-utils-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-backup-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-cracklib-password-check-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-rocksdb-engine-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-gssapi-server-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-gssapi-server-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-cracklib-password-check-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-common-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-server-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-rocksdb-engine-debuginfo-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-debugsource-10.5.16-1.amzn2022.0.2.x86_64
    mariadb105-test-10.5.16-1.amzn2022.0.2.x86_64

Additional References

Red Hat: CVE-2021-46669

Mitre: CVE-2021-46669