Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Scientific Linux SL7: SLSA-2015:1635-1 moderate: sqlite process crash

Scientific Large Esm H446
Moderate: sqlite security update
Date: Mon, 17 Aug 2015 15:38:17 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: sqlite on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20150817153817.9752.85838@slpackages.fnal.gov>

Synopsis: Moderate: sqlite security update
Advisory ID: SLSA-2015:1635-1
Issue Date: 2015-08-17
CVE Numbers: CVE-2015-3414
 CVE-2015-3415
 CVE-2015-3416
--

A flaw was found in the way SQLite handled dequoting of collation-sequence
names. A local attacker could submit a specially crafted COLLATE statement
that would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3414)

It was found that SQLite's sqlite3VdbeExec() function did not properly
implement comparison operators. A local attacker could submit a specially
crafted CHECK statement that would crash the SQLite process, or have other
unspecified impacts. (CVE-2015-3415)

It was found that SQLite's sqlite3VXPrintf() function did not properly
handle precision and width values during floating-point conversions. A
local attacker could submit a specially crafted SELECT statement that
would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3416)
--

SL7
 x86_64
 sqlite-3.7.17-6.el7_1.1.i686.rpm
 sqlite-3.7.17-6.el7_1.1.x86_64.rpm
 sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
 sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
 lemon-3.7.17-6.el7_1.1.x86_64.rpm
 sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
 sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
 sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
 noarch
 sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm

- Scientific Linux Development Team