Описание
Security update for sqlite3
This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:
- CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).
Release notes: https://www.sqlite.org/releaselog/3_27_2.html
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libsqlite3-0-3.27.2-lp150.2.3.1
libsqlite3-0-32bit-3.27.2-lp150.2.3.1
sqlite3-3.27.2-lp150.2.3.1
sqlite3-devel-3.27.2-lp150.2.3.1
sqlite3-doc-3.27.2-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1159-1
- SUSE Security Ratings
- SUSE Bug 1119687
- SUSE CVE CVE-2018-20346 page
Описание
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Затронутые продукты
openSUSE Leap 15.0:libsqlite3-0-3.27.2-lp150.2.3.1
openSUSE Leap 15.0:libsqlite3-0-32bit-3.27.2-lp150.2.3.1
openSUSE Leap 15.0:sqlite3-3.27.2-lp150.2.3.1
openSUSE Leap 15.0:sqlite3-devel-3.27.2-lp150.2.3.1
Ссылки
- CVE-2018-20346
- SUSE Bug 1119687
- SUSE Bug 1120335
- SUSE Bug 1131576
- SUSE Bug 1131918
- SUSE Bug 1131919
- SUSE Bug 1148893
- SUSE Bug 1169664