Описание
Security update for sqliteodbc
This update for sqliteodbc fixes the following issues:
Security issue fixed:
- CVE-2020-12050: Fixed a privilege escalation vulnerability (boo#1171041).
Non-security issues fixed:
- Update to version 0.9996
- update to SQLite 3.22.0
- fixes in handling DDL in SQLExecDirect() et.al., thanks Andre Mikulec for testing
- cleanup utf8/unicode conversion functions
Список пакетов
openSUSE Leap 15.1
sqliteodbc-0.9996-lp151.3.3.1
sqliteodbc-doc-0.9996-lp151.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0628-1
- SUSE Security Ratings
- SUSE Bug 1171041
- SUSE CVE CVE-2020-12050 page
Описание
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.
Затронутые продукты
openSUSE Leap 15.1:sqliteodbc-0.9996-lp151.3.3.1
openSUSE Leap 15.1:sqliteodbc-doc-0.9996-lp151.3.3.1
Ссылки
- CVE-2020-12050
- SUSE Bug 1171041