Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 517
Alerts This Week
Warning Icon 1 517

SUSE Linux Micro 7.2 Critical Alert for Major OpenSSL Memory Leak Risk

suse
Calendar Grey March 24, 2026
Dist Suse Esm H88
This update resolves two issues in sqlite3, including an integer overflow and memory disclosure risk.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for sqlite3 fixes the following issues: Update to sqlite3 3.51.3: * CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). * CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. Update to version 3.51.2: * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release

References

* bsc#1254670

* bsc#1259619

Cross-

* CVE-2025-70873

* CVE-2025-7709

CVSS scores:

* CVE-2025-70873 ( SUSE ): 5.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-70873 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

* CVE-2025-70873 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-7709 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-7709 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

* CVE-2025-7709 ( NVD ): 6.9

Announcement ID: SUSE-SU-2026:20771-1
Release Date: 2026-03-23T09:50:28Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.