ALAS2023-2026-1873

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1873
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
Severity: Important
Issue Overview:

An application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. (CVE-2026-44172)


Affected Packages:

mariadb-connector-c


Issue Correction:
Run dnf update mariadb-connector-c --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1873 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    mariadb-connector-c-debuginfo-3.3.10-1.amzn2023.0.2.aarch64
    mariadb-connector-c-test-3.3.10-1.amzn2023.0.2.aarch64
    mariadb-connector-c-devel-debuginfo-3.3.10-1.amzn2023.0.2.aarch64
    mariadb-connector-c-devel-3.3.10-1.amzn2023.0.2.aarch64
    mariadb-connector-c-debugsource-3.3.10-1.amzn2023.0.2.aarch64
    mariadb-connector-c-3.3.10-1.amzn2023.0.2.aarch64
    mariadb-connector-c-test-debuginfo-3.3.10-1.amzn2023.0.2.aarch64

noarch:
    mariadb-connector-c-config-3.3.10-1.amzn2023.0.2.noarch
    mariadb-connector-c-doc-3.3.10-1.amzn2023.0.2.noarch

src:
    mariadb-connector-c-3.3.10-1.amzn2023.0.2.src

x86_64:
    mariadb-connector-c-devel-debuginfo-3.3.10-1.amzn2023.0.2.x86_64
    mariadb-connector-c-test-debuginfo-3.3.10-1.amzn2023.0.2.x86_64
    mariadb-connector-c-debuginfo-3.3.10-1.amzn2023.0.2.x86_64
    mariadb-connector-c-debugsource-3.3.10-1.amzn2023.0.2.x86_64
    mariadb-connector-c-3.3.10-1.amzn2023.0.2.x86_64
    mariadb-connector-c-devel-3.3.10-1.amzn2023.0.2.x86_64
    mariadb-connector-c-test-3.3.10-1.amzn2023.0.2.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-44172

Mitre: CVE-2026-44172