Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1522-1

Опубликовано: 17 июн. 2019
Источник: suse-cvrf

Описание

Security update for sqlite3

This update for sqlite3 fixes the following issues:

Security issue fixed:

  • CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976).
  • CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).
  • CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).

Список пакетов

SUSE Linux Enterprise Server 12-LTSS
libsqlite3-0-3.8.3.1-2.12.1
libsqlite3-0-32bit-3.8.3.1-2.12.1
sqlite3-3.8.3.1-2.12.1

Ссылки

Описание

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-3.8.3.1-2.12.1
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-32bit-3.8.3.1-2.12.1
SUSE Linux Enterprise Server 12-LTSS:sqlite3-3.8.3.1-2.12.1
Ссылки

Описание

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-3.8.3.1-2.12.1
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-32bit-3.8.3.1-2.12.1
SUSE Linux Enterprise Server 12-LTSS:sqlite3-3.8.3.1-2.12.1
Ссылки

Описание

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-3.8.3.1-2.12.1
SUSE Linux Enterprise Server 12-LTSS:libsqlite3-0-32bit-3.8.3.1-2.12.1
SUSE Linux Enterprise Server 12-LTSS:sqlite3-3.8.3.1-2.12.1
Ссылки