Updated sqlite3 packages fix security vulnerability
Publication date: 03 Aug 2017Modification date: 03 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7000 , CVE-2017-10989
Description
Pointer disclosure in SQLite (CVE-2017-7000).
The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized
RTree blobs in a crafted database, leading to a heap-based buffer over-read or
possibly unspecified other impact (CVE-2017-10989).
Note: the CVE-2017-10989 issue only affected Mageia 5.
References
- https://bugs.mageia.org/show_bug.cgi?id=21200
- https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5LTI7HXMO72BGOW6GWY4GIWPZBXLF3UH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989
SRPMS
5/core
- sqlite3-3.10.2-1.1.mga5
6/core
- sqlite3-3.17.0-2.1.mga6