Amazon Linux AMI update for mariadb105



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-22084
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Amazon Linux AMI
Operating systems & Components / Operating system

mariadb105
Operating systems & Components / Operating system package or component

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper input validation

EUVDB-ID: #VU82154

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22084

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    mariadb105-connect-engine-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-pam-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-gssapi-server-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-server-utils-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-test-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-gssapi-server-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-sphinx-engine-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-server-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-pam-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-sphinx-engine-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-devel-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-server-utils-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-common-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-backup-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-connect-engine-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-backup-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-errmsg-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-server-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-cracklib-password-check-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-oqgraph-engine-debuginfo-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-oqgraph-engine-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-debugsource-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-cracklib-password-check-10.5.23-1.amzn2023.0.1.aarch64
    mariadb105-test-10.5.23-1.amzn2023.0.1.aarch64

src:
    mariadb105-10.5.23-1.amzn2023.0.1.src

x86_64:
    mariadb105-backup-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-pam-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-errmsg-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-gssapi-server-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-sphinx-engine-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-cracklib-password-check-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-server-utils-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-common-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-connect-engine-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-connect-engine-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-rocksdb-engine-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-devel-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-server-utils-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-sphinx-engine-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-gssapi-server-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-backup-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-oqgraph-engine-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-server-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-pam-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-cracklib-password-check-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-test-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-rocksdb-engine-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-oqgraph-engine-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-server-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-debuginfo-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-debugsource-10.5.23-1.amzn2023.0.1.x86_64
    mariadb105-test-10.5.23-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

mariadb105: before 10.5.23-1

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2024-515.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###