SCIENTIFIC-LINUX-ERRATA Archives

August 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: sqlite on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 17 Aug 2015 15:38:17 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (40 lines) 
Synopsis:          Moderate: sqlite security update
Advisory ID:       SLSA-2015:1635-1
Issue Date:        2015-08-17
CVE Numbers:       CVE-2015-3414
                   CVE-2015-3415
                   CVE-2015-3416
--

A flaw was found in the way SQLite handled dequoting of collation-sequence
names. A local attacker could submit a specially crafted COLLATE statement
that would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3414)

It was found that SQLite's sqlite3VdbeExec() function did not properly
implement comparison operators. A local attacker could submit a specially
crafted CHECK statement that would crash the SQLite process, or have other
unspecified impacts. (CVE-2015-3415)

It was found that SQLite's sqlite3VXPrintf() function did not properly
handle precision and width values during floating-point conversions. A
local attacker could submit a specially crafted SELECT statement that
would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3416)
--

SL7
  x86_64
    sqlite-3.7.17-6.el7_1.1.i686.rpm
    sqlite-3.7.17-6.el7_1.1.x86_64.rpm
    sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
    sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
    lemon-3.7.17-6.el7_1.1.x86_64.rpm
    sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
    sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
    sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
  noarch
    sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2