Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 2022-0175: Moderate Advisory on sqlite3 Command-Line Crash Issue

mageia
Calendar Grey May 12, 2022
Dist Mageia Esm H88
Recent updates to the sqlite3 packages remedy a security vulnerability in Mageia, which was triggering a segmentation fault when handling specially designed SQL queries.
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query

Summary

** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
As the cve assignment is disputed, this update may be changed in future from a security update to a bugfix update.

References

- https://bugs.mageia.org/show_bug.cgi?id=30384

-

- https://www.cve.org/CVERecord?id=CVE-2021-36690

Topics%20covered

Topics Covered

security advisory segmentation fault sqlite3 command-line issue Mageia

Resolution

SRPMS

- 8/core/sqlite3-3.34.1-1.2.mga8

Publication date: 12 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0175.html
Type: security
CVE: CVE-2021-36690

Topics%20covered

Topics Covered

security advisory segmentation fault sqlite3 command-line issue Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here