Debian 9 Stretch: DLA-2018-2 Critical: PostgreSQL Memory Corruption Risks
debian lts
January 11, 2019
Several flaws were corrected in SQLite, an SQL database engine
Summary
A use-after-free bug in the query optimizer may cause a
buffer overflow and application crash via a crafted SQL statement.
CVE-2017-2519
Insufficient size of the reference count on Table objects
could lead to a denial-of-service or arbitrary code execution.
CVE-2017-2520
The sqlite3_value_text() interface returned a buffer that was not
large enough to hold the complete string plus zero terminator when
the input was a zeroblob. This could lead to arbitrary code
execution or a denial-of-service.
CVE-2017-10989
SQLite mishandles undersized RTree blobs in a crafted database
leading to a heap-based buffer over-read or possibly unspecified
other impact.
CVE-2018-8740
Databases whose schema is corrupted using a CREATE TABLE AS
statement could cause a NULL pointer dereference.
For Debian 8 "Jessie", these problems have been fixed in version
3.8.7.1-1+deb8u4.
We recommend that you upgrade your sqlite3 packages.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: sqlite3
Version: 3.8.7.1-1+deb8u4
CVE ID: CVE-2017-2518 CVE-2017-2519 CVE-2017-2520
Debian Bug: 867618 893195
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!