Описание
Security update for sqlite3
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).
- CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Список пакетов
openSUSE Leap 42.3
libsqlite3-0-3.8.10.2-11.7.1
libsqlite3-0-32bit-3.8.10.2-11.7.1
sqlite3-3.8.10.2-11.7.1
sqlite3-devel-3.8.10.2-11.7.1
sqlite3-doc-3.8.10.2-11.7.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1426-1
- SUSE Security Ratings
Описание
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Затронутые продукты
openSUSE Leap 42.3:libsqlite3-0-3.8.10.2-11.7.1
openSUSE Leap 42.3:libsqlite3-0-32bit-3.8.10.2-11.7.1
openSUSE Leap 42.3:sqlite3-3.8.10.2-11.7.1
openSUSE Leap 42.3:sqlite3-devel-3.8.10.2-11.7.1
Ссылки
- CVE-2017-10989
- SUSE Bug 1131919
- SUSE Bug 1132045
Описание
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
Затронутые продукты
openSUSE Leap 42.3:libsqlite3-0-3.8.10.2-11.7.1
openSUSE Leap 42.3:libsqlite3-0-32bit-3.8.10.2-11.7.1
openSUSE Leap 42.3:sqlite3-3.8.10.2-11.7.1
openSUSE Leap 42.3:sqlite3-devel-3.8.10.2-11.7.1
Ссылки
- CVE-2018-8740
- SUSE Bug 1085790
- SUSE Bug 1131919