Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 20: FEDORA-2015-6349 Moderate Sqlite Library Update

fedora
Calendar Grey April 26, 2015
Dist Fedora Esm H88
Fedora 20 introduces an updated sqlite package alongside spatialite-tools, addressing various security vulnerabilities found in the most recent release.
Update of sqlite to latest upstream version, with spatialite-tools rebuild.

Summary

SQLite is a C library that implements an SQL database engine. A large

subset of SQL92 is supported. A complete database is stored in a

single disk file. The API is designed for convenience and ease of use.

Applications that link against SQLite can enjoy the power and

flexibility of an SQL database without the administrative hassles of

supporting a separate database server. Version 2 and version 3 binaries

are named to permit each to be installed on a single host

Update Information:

Update of sqlite to latest upstream version, with spatialite-tools rebuild.

Topics%20covered

Topics Covered

security advisory moderate update Fedora sql database sqlite spatialite-tools

Change Log

* Tue Apr 14 2015 Jan Stanek - 3.8.9-1 - Updated to version 3.8.9 (https://www.sqlite.org/releaselog/3_8_9.html) * Thu Feb 26 2015 Jan Stanek - 3.8.8.3-1 - Updated to version 3.8.8.3 (https://sqlite.org/releaselog/3_8_8_3.html) * Sat Feb 21 2015 Till Maas - 3.8.8-3 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code * Tue Feb 3 2015 Jan Stanek - 3.8.8-2 - Fixed out-of-date source URLs (rhbz#1188092) * Tue Jan 20 2015 Jan Stanek - 3.8.8-1 - Updated to version 3.8.8 (https://sqlite.org/releaselog/3_8_8.html) - Recreated patches to work on current version. * Fri Dec 12 2014 Jan Stanek - 3.8.7.4-1 - Updated to version 3.8.7.4 () * Tue Nov 25 2014 Jan Stanek - 3.8.7.2-1 - Updated to version 3.8.7.2 (http://sqlite.org/releaselog/3_8_7_2.html) * Tue Oct 21 2014 Jan Stanek - 3.8.7-1 - Updated to version 3.8.7 (http://sqlite.org/releaselog/3_8_7.html) - Dropped patch for problem fixed upstream * Tue Aug 19 2014 Jan Stanek - 3.8.6-2 - Added auto-selection of Tcl version based on Fedora version * Tue Aug 19 2014 Jan Stanek - 3.8.6-1 - Updated to version 3.8.6 () * Mon Aug 18 2014 Fedora Release Engineering - 3.8.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Jun 11 2014 Peter Robinson 3.8.5-2 - Re-enable tests on aarch64 now they pass again * Tue Jun 10 2014 Jan Stanek - 3.8.5-1 - Update to version 3.8.5 () - Dropped patch already included upstream * Sun Jun 8 2014 Fedora Release Engineering - 3.8.4.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jun 5 2014 Peter Robinson 3.8.4.3-4 - Don't make tests fail the build on aarch64 like some of the other arches * Wed May 28 2014 Jan Stanek - 3.8.4.3-3 - Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86 with correct tcl_version * Wed May 21 2014 Jaroslav Å karvada - 3.8.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86 * Tue Apr 29 2014 Jan Stanek - 3.8.4.3-1 - Update to version 3.8.4.3 () - Changed patch for rhbz#1075889 to upstream version Related: #1075889 * Fri Apr 25 2014 Honza Horak - 3.8.4.2-3 - Revert part of the upstream commit dca1945aeb3fb005, since it causes nautilus to crash Related: #1075889 * Wed Apr 2 2014 Jan Stanek 3.8.4.2-2 - Added building and shipping of sqlite3_analyzer (#1007159) * Fri Mar 28 2014 Jan Stanek 3.8.4.2-1 - Update to 3.8.4 () * Tue Mar 11 2014 Jan Stanek 3.8.4-1 - Update to 3.8.4 () * Sun Feb 23 2014 Peter Robinson 3.8.3-2 - Re-enable check on ARM/aarch64 as failing test fixed upstream for non x86 arches - Modernise spec * Tue Feb 11 2014 Jan Stanek 3.8.3-1 - Update to 3.8.3 () - Dropped man-page patch - included upstream * Mon Jan 6 2014 Peter Robinson 3.8.2-2 - Add aarch64 to all the other arch excludes for tests * Tue Dec 10 2013 Jan Stanek - 3.8.2-1 - Update to 3.8.2 ()

References


[ 1 ] Bug #1212353 - sqlite: use of uninitialized memory when parsing collation sequences in src/where.c https://bugzilla.redhat.com/show_bug.cgi?id=1212353 [ 2 ] Bug #1212356 - sqlite: invalid free() in src/vdbe.c https://bugzilla.redhat.com/show_bug.cgi?id=1212356 [ 3 ] Bug #1212357 - sqlite: stack buffer overflow in src/printf.c https://bugzilla.redhat.com/show_bug.cgi?id=1212357

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update sqlite' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: sqlite
Product: Fedora 20
Version: 3.8.9
Release: 1.fc20
URL: https://www.sqlite.org/index.html
Summary: Library that implements an embeddable SQL database engine

Topics%20covered

Topics Covered

security advisory moderate update Fedora sql database sqlite spatialite-tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here