ALAS2023-2026-1845

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1845
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
Severity: Important
Issue Overview:

During the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. (CVE-2026-44168)

SHOW CREATE ROUTINE does not apply to roles (CVE-2026-44169)

mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. (CVE-2026-44171)

An application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. (CVE-2026-44172)

MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. (CVE-2026-44173)


Affected Packages:

mariadb114


Issue Correction:
Run dnf update mariadb114 --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1845 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    mariadb114-server-utils-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-gssapi-server-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-connect-engine-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-sphinx-engine-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-gssapi-server-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-server-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-oqgraph-engine-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-devel-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-cracklib-password-check-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-oqgraph-engine-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-sphinx-engine-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-pam-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-pam-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-common-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-client-utils-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-debugsource-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-server-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-cracklib-password-check-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-errmsg-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-backup-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-connect-engine-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-server-utils-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-test-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-backup-debuginfo-11.4.12-1.amzn2023.0.1.aarch64
    mariadb114-test-11.4.12-1.amzn2023.0.1.aarch64

src:
    mariadb114-11.4.12-1.amzn2023.0.1.src

x86_64:
    mariadb114-rocksdb-engine-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-backup-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-server-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-sphinx-engine-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-oqgraph-engine-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-errmsg-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-devel-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-cracklib-password-check-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-pam-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-test-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-server-utils-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-connect-engine-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-client-utils-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-cracklib-password-check-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-backup-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-pam-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-rocksdb-engine-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-debugsource-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-sphinx-engine-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-gssapi-server-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-connect-engine-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-server-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-server-utils-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-gssapi-server-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-oqgraph-engine-debuginfo-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-common-11.4.12-1.amzn2023.0.1.x86_64
    mariadb114-test-11.4.12-1.amzn2023.0.1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-44168, CVE-2026-44169, CVE-2026-44171, CVE-2026-44172, CVE-2026-44173

Mitre: CVE-2026-44168, CVE-2026-44169, CVE-2026-44171, CVE-2026-44172, CVE-2026-44173