Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:14003-1

Опубликовано: 01 апр. 2019
Источник: suse-cvrf

Описание

Security update for sqlite3

This update for sqlite3 fixes the following issue:

Security issue fixed:

  • CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
libsqlite3-0-3.7.6.3-1.4.7.3.1
sqlite3-3.7.6.3-1.4.7.3.1
SUSE Linux Enterprise Server 11 SP4
libsqlite3-0-3.7.6.3-1.4.7.3.1
libsqlite3-0-32bit-3.7.6.3-1.4.7.3.1
libsqlite3-0-x86-3.7.6.3-1.4.7.3.1
sqlite3-3.7.6.3-1.4.7.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libsqlite3-0-3.7.6.3-1.4.7.3.1
libsqlite3-0-32bit-3.7.6.3-1.4.7.3.1
libsqlite3-0-x86-3.7.6.3-1.4.7.3.1
sqlite3-3.7.6.3-1.4.7.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
sqlite3-devel-3.7.6.3-1.4.7.3.1
SUSE Studio Onsite 1.3
sqlite3-devel-3.7.6.3-1.4.7.3.1

Ссылки

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libsqlite3-0-3.7.6.3-1.4.7.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:sqlite3-3.7.6.3-1.4.7.3.1
SUSE Linux Enterprise Server 11 SP4:libsqlite3-0-3.7.6.3-1.4.7.3.1
SUSE Linux Enterprise Server 11 SP4:libsqlite3-0-32bit-3.7.6.3-1.4.7.3.1
Ссылки
Уязвимость SUSE-SU-2019:14003-1