Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 15.04 LTS: USN-2710-1 Vulnerability: OpenSSL Information Leak

ubuntu
Calendar Grey July 30, 2015
Scroller Ubuntu
SQLite vulnerabilities lead to potential crashes and code execution risks in Ubuntu systems. Ensure updates are applied promptly.
SQLite could be made to crash or run programs if it processed specially crafted queries.

Summary

SQLite could be made to crash or run programs if it processed specially

crafted queries.

Software Description:

- sqlite3: C library that implements an SQL database engine

Details:

It was discovered that SQLite incorrectly handled skip-scan optimization.

An attacker could use this issue to cause applications using SQLite to

crash, resulting in a denial of service, or possibly execute arbitrary

code. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7443)

Michal Zalewski discovered that SQLite incorrectly handled dequoting of

collation-sequence names. An attacker could use this issue to cause

applications using SQLite to crash, resulting in a denial of service, or

possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS

and Ubuntu 15.04. (CVE-2015-3414)

Michal Zalewski discovered that SQLite incorrectly implemented comparison

operators. An attacker could use this issue to cause applications using

SQLite to crash, resulting in a denial o...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  libsqlite3-0                    3.8.7.4-1ubuntu0.1

Ubuntu 14.04 LTS:
  libsqlite3-0                    3.8.2-1ubuntu2.1

Ubuntu 12.04 LTS:
  libsqlite3-0                    3.7.9-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2698-1

CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416

Severity
important
Lowest
Low
Medium
High
Critical

July 30, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.