Описание
Security update for sqlite3
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
Список пакетов
SUSE Enterprise Storage 7
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Enterprise Storage 7.1
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Manager Proxy 4.2
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
SUSE Manager Server 4.2
libsqlite3-0-3.39.3-150000.3.20.1
libsqlite3-0-32bit-3.39.3-150000.3.20.1
sqlite3-3.39.3-150000.3.20.1
sqlite3-devel-3.39.3-150000.3.20.1
sqlite3-tcl-3.39.3-150000.3.20.1
Ссылки
- Link for SUSE-SU-2023:1295-1
- E-Mail link for SUSE-SU-2023:1295-1
- SUSE Security Ratings
- SUSE Bug 1206337
- SUSE CVE CVE-2022-46908 page
Описание
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
Затронутые продукты
SUSE Enterprise Storage 7.1:libsqlite3-0-3.39.3-150000.3.20.1
SUSE Enterprise Storage 7.1:libsqlite3-0-32bit-3.39.3-150000.3.20.1
SUSE Enterprise Storage 7.1:sqlite3-3.39.3-150000.3.20.1
SUSE Enterprise Storage 7.1:sqlite3-devel-3.39.3-150000.3.20.1
Ссылки
- CVE-2022-46908
- SUSE Bug 1206337
- SUSE Bug 1220151