SB2022062431 - SUSE update for mariadb

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2021-46669)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the convert_const_to_int() function when processing BIGINT data type. A remote attacker can trigger use-after-free error and perform a denial of service attack.

2) Improper input validation (CVE-ID: CVE-2022-21427)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2022-27377)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.

4) SQL injection (CVE-ID: CVE-2022-27378)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Create_tmp_table::finalize() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.

5) SQL injection (CVE-ID: CVE-2022-27380)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the my_decimal::operator=() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.

6) SQL injection (CVE-ID: CVE-2022-27381)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.

7) Use-after-free (CVE-ID: CVE-2022-27383)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the my_strcasecmp_8bit component. A remote user can pass specially crafted SQL statements and cause a denial of service.

8) SQL injection (CVE-ID: CVE-2022-27384)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Item_subselect::init_expr_cache_tracker() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.

9) Buffer overflow (CVE-ID: CVE-2022-27386)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/sql_class.cc component. A remote user can send specially crafted data and perform a denial of service attack.

10) Buffer overflow (CVE-ID: CVE-2022-27387)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to buffer overflow error in the decimal_bin_size component. A remote user can send specially crafted SQL statements to the affected application, trigger buffer overflow error and perform a denial of service attack.

11) Buffer overflow (CVE-ID: CVE-2022-27445)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/sql_window.cc component. A remote user can send specially crafted data and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2022/suse-su-20222160-1/