SUSE: 2019:1127-1 Moderate: sqlite3 Denial Of Service And Heap Overflow
suse
May 2, 2019
An update that fixes two vulnerabilities is now available
Summary
This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1127=1 - SUSE Linux Enterprise Module for Basesystem 15:
References
#1130325 #1130326
Cross- CVE-2019-9936 CVE-2019-9937
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2019-9936.html
https://www.suse.com/security/cve/CVE-2019-9937.html
https://bugzilla.suse.com/1130325
https://bugzilla.suse.com/1130326
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2019:1127-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!