Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:3401-1 Moderate: sqlite3 Array-Bounds Overflow

suse
Calendar Grey September 26, 2022
Dist Suse Esm H88
The latest revision addresses various concerns within sqlite3, bolstering both security and reliability for systems running on SUSE Linux.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite3 was update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2:

Topics%20covered

Topics Covered

security advisory moderate DoS overflow SUSE sqlite3 array-bounds

References

#1189802 #1195773 #1201783

Cross- CVE-2021-36690 CVE-2022-35737

CVSS scores:

CVE-2021-36690 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-36690 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-35737 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-35737 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud C...

Read the Full Advisory

Announcement ID: SUSE-SU-2022:3401-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate DoS overflow SUSE sqlite3 array-bounds

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here