openSUSE-SU-2019:2300-1

Опубликовано: 08 окт. 2019

Источник: suse-cvrf

Описание

Security update for sqlite3

This update for sqlite3 fixes the following issues:

Security issue fixed:

CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libsqlite3-0-3.28.0-lp151.2.3.1

libsqlite3-0-32bit-3.28.0-lp151.2.3.1

sqlite3-3.28.0-lp151.2.3.1

sqlite3-devel-3.28.0-lp151.2.3.1

sqlite3-doc-3.28.0-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BOJI6OIA57HPKASWCXNQ6VZE3OG6FN6B/#BOJI6OIA57HPKASWCXNQ6VZE3OG6FN6B
E-Mail link for openSUSE-SU-2019:2300-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1150137
SUSE Bug 1150137
https://www.suse.com/security/cve/CVE-2019-16168/
SUSE CVE CVE-2019-16168 page

Описание

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Затронутые продукты

openSUSE Leap 15.1:libsqlite3-0-3.28.0-lp151.2.3.1

openSUSE Leap 15.1:libsqlite3-0-32bit-3.28.0-lp151.2.3.1

openSUSE Leap 15.1:sqlite3-3.28.0-lp151.2.3.1

openSUSE Leap 15.1:sqlite3-devel-3.28.0-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16168.html
CVE-2019-16168
https://bugzilla.suse.com/1150137
SUSE Bug 1150137
https://bugzilla.suse.com/1160968
SUSE Bug 1160968

openSUSE-SU-2019:2300-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-16168

Описание

Затронутые продукты

Ссылки