CVE-2021-46669
Description
Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used Red Hat statement Mitigation for this issue is not available, please update the affected package. CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linuxβ¦
Workaround
for this issue is not available, please update the affected package.
Description
mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
Red Hat statement
Mitigation for this issue is not available, please update the affected package.
CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | mariadb:10.5-8060020220614163302.ad008a3a | RHSA-2022:5826 | 2022-08-02T00:00:00Z |
| Red Hat Enterprise Linux 8 | mariadb:10.3-8060020220715055054.ad008a3a | RHSA-2022:6443 | 2022-09-13T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | mariadb:10.5-8040020231006044227.522a0ee4 | RHSA-2023:6821 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | mariadb:10.5-8040020231006044227.522a0ee4 | RHSA-2023:6821 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | mariadb:10.5-8040020231006044227.522a0ee4 | RHSA-2023:6821 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 9 | mariadb-3:10.5.16-2.el9_0 | RHSA-2022:5948 | 2022-08-09T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mariadb105-mariadb-3:10.5.16-2.el7 | RHSA-2022:5759 | 2022-07-28T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mariadb103-mariadb-3:10.3.35-1.el7 | RHSA-2022:6306 | 2022-09-01T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Out of support scope |
| Red Hat OpenStack Platform 13 (Queens) | mariadb | Out of support scope |
Apply commands
yum update -y mariadb:10
# or:
dnf upgrade -y mariadb:10OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| rocky | 9 | fixed | |
| debian | bullseye | fixed | 1:10.5.18-0+deb11u1 |
| almalinux | 9 | fixed | mariadb-devel-10.5.16-2.el9_0.aarch64.rpm |
References
- https://access.redhat.com/errata/RHSA-2022:5948
- https://errata.rockylinux.org/RLSA-2022:6443
- https://errata.rockylinux.org/RLSA-2022:5826
- https://errata.rockylinux.org/RLSA-2022:5948
- https://security-tracker.debian.org/tracker/CVE-2021-46669
- https://access.redhat.com/errata/RHSA-2022:5826
- https://bugzilla.redhat.com/2049302
- https://bugzilla.redhat.com/2050017
- https://bugzilla.redhat.com/2050022
- https://bugzilla.redhat.com/2050024
- https://bugzilla.redhat.com/2050026
- https://bugzilla.redhat.com/2050032
- https://bugzilla.redhat.com/2050034
- https://bugzilla.redhat.com/2068211
- https://bugzilla.redhat.com/2068233
- https://bugzilla.redhat.com/2068234
- https://bugzilla.redhat.com/2069833
- https://bugzilla.redhat.com/2074817
- https://bugzilla.redhat.com/2074947
- https://bugzilla.redhat.com/2074949
- https://bugzilla.redhat.com/2074951
- https://bugzilla.redhat.com/2074966
- https://bugzilla.redhat.com/2074981
- https://bugzilla.redhat.com/2074987
- https://bugzilla.redhat.com/2074996
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.