Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0973-1

Опубликовано: 17 апр. 2019
Источник: suse-cvrf

Описание

Security update for sqlite3

This update for sqlite3 fixes the following issues:

Security issues fixed:

  • CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576).
  • CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).
  • CVE-2016-6153: Fixed incorrect permissions when creating temporary files (bsc#987394).

Список пакетов

SUSE Linux Enterprise Server 12-LTSS
libsqlite3-0-3.8.3.1-2.7.1
libsqlite3-0-32bit-3.8.3.1-2.7.1
sqlite3-3.8.3.1-2.7.1

Ссылки

Описание

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-3.8.3.1-2.7.1
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-32bit-3.8.3.1-2.7.1
SUSE Linux Enterprise Server 12-LTSS:sqlite3-3.8.3.1-2.7.1
Ссылки

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-3.8.3.1-2.7.1
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-32bit-3.8.3.1-2.7.1
SUSE Linux Enterprise Server 12-LTSS:sqlite3-3.8.3.1-2.7.1
Ссылки

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-3.8.3.1-2.7.1
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-32bit-3.8.3.1-2.7.1
SUSE Linux Enterprise Server 12-LTSS:sqlite3-3.8.3.1-2.7.1
Ссылки
Уязвимость SUSE-SU-2019:0973-1