Advisories ยป MGASA-2023-0208

Updated sqlite packages fix security vulnerability

Publication date: 28 Jun 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2016-6153 , CVE-2018-8740


os_unix.c in SQLite before 3.13.0 improperly implements the temporary
directory search algorithm, which might allow local users to obtain
sensitive information, cause a denial of service (application crash), or
have unspecified other impact by leveraging use of the current working
directory for temporary files. (CVE-2016-6153)
In SQLite through 3.22.0, databases whose schema is corrupted using a
CREATE TABLE AS statement could cause a NULL pointer dereference,
related to build.c and prepare (CVE-2018-8740)