Описание
Security update for sqlite3
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
Список пакетов
Container bci/bci-sle15-kernel-module-devel:15.7
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/bci-sle15-kernel-module-devel:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/kiwi:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk-devel:17
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk-devel:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk:17
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/python:3
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/python:3.13
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/python:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/ruby:3
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-devel-3.49.1-150000.3.27.1
Container bci/ruby:latest
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-devel-3.49.1-150000.3.27.1
Container bci/spack:0.23
libsqlite3-0-3.49.1-150000.3.27.1
Container bci/spack:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/389-ds:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/cosign:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/kiosk/firefox-esr:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/ltss/sle15.3/bci-base:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/ltss/sle15.4/bci-base:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/ltss/sle15.5/sle15:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/manager/4.3/proxy-httpd:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/manager/4.3/proxy-salt-broker:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/manager/4.3/proxy-squid:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/manager/4.3/proxy-ssh:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/manager/4.3/proxy-tftpd:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/rmt-server:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro-rancher/5.2:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro-rancher/5.3:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro-rancher/5.4:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/5.1/toolbox:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/5.2/toolbox:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/5.3/toolbox:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/5.4/toolbox:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/5.5/toolbox:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/5.5:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/base-5.5:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/kvm-5.5:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle-micro/rt-5.5:latest
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle15:15.6
libsqlite3-0-3.49.1-150000.3.27.1
Container suse/sle15:15.7
libsqlite3-0-3.49.1-150000.3.27.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
SUSE Linux Enterprise Micro 5.1
libsqlite3-0-3.49.1-150000.3.27.1
SUSE Linux Enterprise Micro 5.2
libsqlite3-0-3.49.1-150000.3.27.1
SUSE Linux Enterprise Micro 5.3
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
SUSE Linux Enterprise Micro 5.4
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
SUSE Linux Enterprise Micro 5.5
libsqlite3-0-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libsqlite3-0-3.49.1-150000.3.27.1
libsqlite3-0-32bit-3.49.1-150000.3.27.1
sqlite3-3.49.1-150000.3.27.1
sqlite3-devel-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
openSUSE Leap 15.6
libsqlite3-0-3.49.1-150000.3.27.1
libsqlite3-0-32bit-3.49.1-150000.3.27.1
sqlite3-3.49.1-150000.3.27.1
sqlite3-devel-3.49.1-150000.3.27.1
sqlite3-doc-3.49.1-150000.3.27.1
sqlite3-tcl-3.49.1-150000.3.27.1
Ссылки
- Link for SUSE-SU-2025:1456-1
- E-Mail link for SUSE-SU-2025:1456-1
- SUSE Security Ratings
- SUSE Bug 1241020
- SUSE Bug 1241078
- SUSE Bug 1241189
- SUSE CVE CVE-2025-29087 page
- SUSE CVE CVE-2025-29088 page
- SUSE CVE CVE-2025-3277 page
Описание
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.7:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/bci-sle15-kernel-module-devel:latest:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/kiwi:latest:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk-devel:17:libsqlite3-0-3.49.1-150000.3.27.1
Ссылки
- CVE-2025-29087
- SUSE Bug 1241020
Описание
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.7:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/bci-sle15-kernel-module-devel:latest:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/kiwi:latest:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk-devel:17:libsqlite3-0-3.49.1-150000.3.27.1
Ссылки
- CVE-2025-29088
- SUSE Bug 1241078
Описание
An integer overflow can be triggered in SQLite's `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.7:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/bci-sle15-kernel-module-devel:latest:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/kiwi:latest:libsqlite3-0-3.49.1-150000.3.27.1
Container bci/openjdk-devel:17:libsqlite3-0-3.49.1-150000.3.27.1
Ссылки
- CVE-2025-3277
- SUSE Bug 1241189