Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU65754
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32081
CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
Description
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. A local user can trigger the vulnerability to execute arbitrary code on the target system.
Mitigation
Update the affected package mariadb to the latest version.
Vulnerable software versions
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
openSUSE Leap: 15.3
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
SUSE Linux Enterprise Server: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages: 15-SP3
SUSE Linux Enterprise Module for Server Applications: 15-SP3
mariadb-galera: before 10.5.17-150300.3.21.1
mariadb-errormessages: before 10.5.17-150300.3.21.1
mariadb-tools-debuginfo: before 10.5.17-150300.3.21.1
mariadb-tools: before 10.5.17-150300.3.21.1
mariadb-test-debuginfo: before 10.5.17-150300.3.21.1
mariadb-test: before 10.5.17-150300.3.21.1
mariadb-rpm-macros: before 10.5.17-150300.3.21.1
mariadb-debugsource: before 10.5.17-150300.3.21.1
mariadb-debuginfo: before 10.5.17-150300.3.21.1
mariadb-client-debuginfo: before 10.5.17-150300.3.21.1
mariadb-client: before 10.5.17-150300.3.21.1
mariadb-bench-debuginfo: before 10.5.17-150300.3.21.1
mariadb-bench: before 10.5.17-150300.3.21.1
mariadb: before 10.5.17-150300.3.21.1
libmariadbd19-debuginfo: before 10.5.17-150300.3.21.1
..
Support the originator by clicking the read the rest link below.