MGASA-2023-0094 - Updated sqlite3 packages fix security vulnerability Publication date: 18 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0094.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-46908 SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. (CVE-2022-46908) References: - https://bugs.mageia.org/show_bug.cgi?id=31312 - https://lists.suse.com/pipermail/sle-security-updates/2022-December/013303.html - https://lists.opensuse.org/archives/list/[email protected]/thread/XNUCFJDJQRYX6KHGSM7ODVW7QJMN7GP5/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46908 SRPMS: - 8/core/sqlite3-3.39.2-1.1.mga8
Mageia 2023-0094: sqlite3 security update
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allo...
Summary
SQLite through 3.40.0, when relying on --safe for execution of an
untrusted CLI script, does not properly implement the
azProhibitedFunctions protection mechanism, and instead allows UDF
functions such as WRITEFILE. (CVE-2022-46908)
References
- https://bugs.mageia.org/show_bug.cgi?id=31312
- https://lists.suse.com/pipermail/sle-security-updates/2022-December/013303.html
- https://lists.opensuse.org/archives/list/[email protected]/thread/XNUCFJDJQRYX6KHGSM7ODVW7QJMN7GP5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46908
Resolution
MGASA-2023-0094 - Updated sqlite3 packages fix security vulnerability
SRPMS
- 8/core/sqlite3-3.39.2-1.1.mga8
Severity
Publication date: 18 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0094.html
Type: security
CVE: CVE-2022-46908
News
HOWTOs
About Us
Powered By
