Advisories ยป MGASA-2017-0238

Updated sqlite3 packages fix security vulnerability

Publication date: 03 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7000 , CVE-2017-10989

Description

Pointer disclosure in SQLite (CVE-2017-7000).

The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized
RTree blobs in a crafted database, leading to a heap-based buffer over-read or
possibly unspecified other impact (CVE-2017-10989).

Note: the CVE-2017-10989 issue only affected Mageia 5.
                

References

SRPMS

5/core

6/core