Advisories » MGASA-2023-0208

Updated sqlite packages fix security vulnerability

Publication date: 28 Jun 2023
Modification date: 28 Jun 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2016-6153 , CVE-2018-8740

Description

os_unix.c in SQLite before 3.13.0 improperly implements the temporary
directory search algorithm, which might allow local users to obtain
sensitive information, cause a denial of service (application crash), or
have unspecified other impact by leveraging use of the current working
directory for temporary files. (CVE-2016-6153)
In SQLite through 3.22.0, databases whose schema is corrupted using a
CREATE TABLE AS statement could cause a NULL pointer dereference,
related to build.c and prepare (CVE-2018-8740)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32018
• https://www.debian.org/lts/security/2023/dla-3431
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740

SRPMS

8/core

• sqlite-2.8.17-26.1.mga8