Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 42: sqlite Critical CVE Fixes Advisory FEDORA-2025-3af464595a

cve fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3af464595a 2025-10-01 14:43:51.750546+00:00 -------------------------------------------------------------------------------- Name : sqlite Product : Fedora 42 Version : 3.47.2 Release : 5.fc42 URL : http://www.sqlite.org/ Summary : Library that implements an embeddable SQL database engine Description : SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Version 2 and version 3 binaries are named to permit each to be installed on a single host SQLite is built with some non-default settings: - Additional APIs for table's and query's metadata are enabled (SQLITE_ENABLE_COLUMN_METADATA) - Directory syncs are disabled (SQLITE_DISABLE_DIRSYNC) - `secure_delete` defaults to 'on', so deleted content is overwritten with zeros (SQLITE_SECURE_DELETE) - `sqlite3_unlock_notify()` is enabled - this feature allows to register a callback that's invoked when lock is removed (SQLITE_ENABLE_UNLOCK_NOTIFY) - `dbstat` virtual table with disk space usage is enabled - `dbpage` virtual table providing direct access to underlying database file is enabled (SQLITE_ENABLE_DBPAGE_VTAB) - Threadsafe mode is set to 1 - Serialized, so it is safe to use in a multithreaded environment (SQLITE_THREADSAFE=1) - FTS3, FTS4 and FTS5 are enabled so versions 3 to 5 of the full-text search engine are available (SQLITE_ENABLE_FTS3, SQLITE_ENABLE_FTS4, SQLITE_ENABLE_FTS5) - Pattern parser in FTS3 extension supports nested parenthesis and operators `AND`, `OR` (SQLITE_ENABLE_FTS3_PARENTHESIS) - R*Tree index extension isenabled (SQLITE_ENABLE_RTREE) - Extension loading is enabled - Sessions (sqlite-session feature) is enabled - Preupdate hook is enabled It is also important to note that shell has some extensions as its dependencies, so some extensions are enabled by default in SQLite shell, but not in the system libraries. Only the aforementioned extensions are available in the libraries: FTS3, FTS4, FTS5, R*Tree -------------------------------------------------------------------------------- Update Information: cve fixes -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 9 2024 Ales Nezbeda - 3.47.2-5 - Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2380241 - CVE-2025-6965 sqlite: Integer Truncation in SQLite [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2380241 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3af464595a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue . Explore the critical CVE fixes for sqlite in Fedora 42, ensuring database security and integrity.. sqlite upgrade,Fedora 42,SQL database,fixed vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Oct 01, 2025 •Critical Fedora