Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. (CVE-2021-27928)

Source

ALASMARIADB10.5-2023-001

Amazon Linux 2 Security Advisory: ALASMARIADB10.5-2023-001
Advisory Release Date: 2023-08-04 20:34 Pacific
Advisory Updated Date: 2023-09-25 22:10 Pacific

Severity: Important

References: CVE-2021-27928
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. (CVE-2021-27928)

Affected Packages:

mariadb

Issue Correction:
Run yum update mariadb to update your system.

New Packages:

aarch64:
    mariadb-10.5.9-1.amzn2.0.1.aarch64
    mariadb-libs-10.5.9-1.amzn2.0.1.aarch64
    mariadb-config-10.5.9-1.amzn2.0.1.aarch64
    mariadb-common-10.5.9-1.amzn2.0.1.aarch64
    mariadb-errmsg-10.5.9-1.amzn2.0.1.aarch64
    mariadb-server-galera-10.5.9-1.amzn2.0.1.aarch64
    mariadb-server-10.5.9-1.amzn2.0.1.aarch64
    mariadb-oqgraph-engine-10.5.9-1.amzn2.0.1.aarch64
    mariadb-connect-engine-10.5.9-1.amzn2.0.1.aarch64
    mariadb-backup-10.5.9-1.amzn2.0.1.aarch64
    mariadb-cracklib-password-check-10.5.9-1.amzn2.0.1.aarch64
    mariadb-gssapi-server-10.5.9-1.amzn2.0.1.aarch64
    mariadb-pam-10.5.9-1.amzn2.0.1.aarch64
    mariadb-sphinx-engine-10.5.9-1.amzn2.0.1.aarch64
    mariadb-s3-engine-10.5.9-1.amzn2.0.1.aarch64
    mariadb-server-utils-10.5.9-1.amzn2.0.1.aarch64
    mariadb-devel-10.5.9-1.amzn2.0.1.aarch64
    mariadb-embedded-10.5.9-1.amzn2.0.1.aarch64
    mariadb-embedded-devel-10.5.9-1.amzn2.0.1.aarch64
    mariadb-test-10.5.9-1.amzn2.0.1.aarch64
    mariadb-debuginfo-10.5.9-1.amzn2.0.1.aarch64

src:
    mariadb-10.5.9-1.amzn2.0.1.src

x86_64:
    mariadb-10.5.9-1.amzn2.0.1.x86_64
    mariadb-libs-10.5.9-1.amzn2.0.1.x86_64
    mariadb-config-10.5.9-1.amzn2.0.1.x86_64
    mariadb-common-10.5.9-1.amzn2.0.1.x86_64
    mariadb-errmsg-10.5.9-1.amzn2.0.1.x86_64
    mariadb-server-galera-10.5.9-1.amzn2.0.1.x86_64
    mariadb-server-10.5.9-1.amzn2.0.1.x86_64
    mariadb-oqgraph-engine-10.5.9-1.amzn2.0.1.x86_64
    mariadb-connect-engine-10.5.9-1.amzn2.0.1.x86_64
    mariadb-backup-10.5.9-1.amzn2.0.1.x86_64
    mariadb-rocksdb-engine-10.5.9-1.amzn2.0.1.x86_64
    mariadb-cracklib-password-check-10.5.9-1.amzn2.0.1.x86_64
    mariadb-gssapi-server-10.5.9-1.amzn2.0.1.x86_64
    mariadb-pam-10.5.9-1.amzn2.0.1.x86_64
    mariadb-sphinx-engine-10.5.9-1.amzn2.0.1.x86_64
    mariadb-s3-engine-10.5.9-1.amzn2.0.1.x86_64
    mariadb-server-utils-10.5.9-1.amzn2.0.1.x86_64
    mariadb-devel-10.5.9-1.amzn2.0.1.x86_64
    mariadb-embedded-10.5.9-1.amzn2.0.1.x86_64
    mariadb-embedded-devel-10.5.9-1.amzn2.0.1.x86_64
    mariadb-test-10.5.9-1.amzn2.0.1.x86_64
    mariadb-debuginfo-10.5.9-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2021-27928

Mitre: CVE-2021-27928

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALASMARIADB10.5-2023-001

ALASMARIADB10.5-2023-001

Additional References

Vulmon Search

About

Products

Connect