Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1222-1

Опубликовано: 17 апр. 2019
Источник: suse-cvrf

Описание

Security update for sqlite3

This update for sqlite3 fixes the following issues:

Security issues fixed:

  • CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).
  • CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576).

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.3
libsqlite3-0-3.8.10.2-11.3.1
libsqlite3-0-32bit-3.8.10.2-11.3.1
sqlite3-3.8.10.2-11.3.1
sqlite3-devel-3.8.10.2-11.3.1
sqlite3-doc-3.8.10.2-11.3.1

Ссылки

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Затронутые продукты
openSUSE Leap 42.3:libsqlite3-0-3.8.10.2-11.3.1
openSUSE Leap 42.3:libsqlite3-0-32bit-3.8.10.2-11.3.1
openSUSE Leap 42.3:sqlite3-3.8.10.2-11.3.1
openSUSE Leap 42.3:sqlite3-devel-3.8.10.2-11.3.1
Ссылки

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Затронутые продукты
openSUSE Leap 42.3:libsqlite3-0-3.8.10.2-11.3.1
openSUSE Leap 42.3:libsqlite3-0-32bit-3.8.10.2-11.3.1
openSUSE Leap 42.3:sqlite3-3.8.10.2-11.3.1
openSUSE Leap 42.3:sqlite3-devel-3.8.10.2-11.3.1
Ссылки