Medium: unixODBC

2024-06-0620:17:00

alas.aws.amazon.com

unixodbc

vulnerability

64-bit

stack write

amazon linux 2

update

red hat

mitre

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

Issue Overview:

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. (CVE-2024-1013)

Affected Packages:

unixODBC

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update unixODBC to update your system.

New Packages:

aarch64:  
    unixODBC-2.3.1-15.amzn2.aarch64  
    unixODBC-devel-2.3.1-15.amzn2.aarch64  
    unixODBC-debuginfo-2.3.1-15.amzn2.aarch64  
  
i686:  
    unixODBC-2.3.1-15.amzn2.i686  
    unixODBC-devel-2.3.1-15.amzn2.i686  
    unixODBC-debuginfo-2.3.1-15.amzn2.i686  
  
src:  
    unixODBC-2.3.1-15.amzn2.src  
  
x86_64:  
    unixODBC-2.3.1-15.amzn2.x86_64  
    unixODBC-devel-2.3.1-15.amzn2.x86_64  
    unixODBC-debuginfo-2.3.1-15.amzn2.x86_64

Additional References

Red Hat: CVE-2024-1013

Mitre: CVE-2024-1013

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64unixodbc< 2.3.1-15.amzn2unixODBC-2.3.1-15.amzn2.aarch64.rpm
Amazon Linux2aarch64unixodbc-devel< 2.3.1-15.amzn2unixODBC-devel-2.3.1-15.amzn2.aarch64.rpm
Amazon Linux2aarch64unixodbc-debuginfo< 2.3.1-15.amzn2unixODBC-debuginfo-2.3.1-15.amzn2.aarch64.rpm
Amazon Linux2i686unixodbc< 2.3.1-15.amzn2unixODBC-2.3.1-15.amzn2.i686.rpm
Amazon Linux2i686unixodbc-devel< 2.3.1-15.amzn2unixODBC-devel-2.3.1-15.amzn2.i686.rpm
Amazon Linux2i686unixodbc-debuginfo< 2.3.1-15.amzn2unixODBC-debuginfo-2.3.1-15.amzn2.i686.rpm
Amazon Linux2x86_64unixodbc< 2.3.1-15.amzn2unixODBC-2.3.1-15.amzn2.x86_64.rpm
Amazon Linux2x86_64unixodbc-devel< 2.3.1-15.amzn2unixODBC-devel-2.3.1-15.amzn2.x86_64.rpm
Amazon Linux2x86_64unixodbc-debuginfo< 2.3.1-15.amzn2unixODBC-debuginfo-2.3.1-15.amzn2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	unixodbc	< 2.3.1-15.amzn2	unixODBC-2.3.1-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	unixodbc-devel	< 2.3.1-15.amzn2	unixODBC-devel-2.3.1-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	unixodbc-debuginfo	< 2.3.1-15.amzn2	unixODBC-debuginfo-2.3.1-15.amzn2.aarch64.rpm
Amazon Linux	2	i686	unixodbc	< 2.3.1-15.amzn2	unixODBC-2.3.1-15.amzn2.i686.rpm
Amazon Linux	2	i686	unixodbc-devel	< 2.3.1-15.amzn2	unixODBC-devel-2.3.1-15.amzn2.i686.rpm
Amazon Linux	2	i686	unixodbc-debuginfo	< 2.3.1-15.amzn2	unixODBC-debuginfo-2.3.1-15.amzn2.i686.rpm
Amazon Linux	2	x86_64	unixodbc	< 2.3.1-15.amzn2	unixODBC-2.3.1-15.amzn2.x86_64.rpm
Amazon Linux	2	x86_64	unixodbc-devel	< 2.3.1-15.amzn2	unixODBC-devel-2.3.1-15.amzn2.x86_64.rpm
Amazon Linux	2	x86_64	unixodbc-debuginfo	< 2.3.1-15.amzn2	unixODBC-debuginfo-2.3.1-15.amzn2.x86_64.rpm