Stay Secure with the Latest Linux Advisories

security advisoryfedorasoftware update

Fedora 30: FEDORA-2019-02b81266b7 Critical: sqlite Heap Read Issue

Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-02b81266b7 2019-07-27 01:39:06.745657 --------------------------------------------------------------------------------Name : sqlite Product : Fedora 30 Version : 3.26.0 Release : 6.fc30 URL : https://sqlite.org/index.html Summary : Library that implements an embeddable SQL database engine Description : SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Version 2 and version 3 binaries are named to permit each to be installed on a single host --------------------------------------------------------------------------------Update Information: Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. --------------------------------------------------------------------------------ChangeLog: * Wed Jun 26 2019 Ondrej Dubaj - 3.26.0-6 - Fixed CVE-2019-8457 (#1719121) * Thu May 16 2019 Petr Kubat - 3.26.0-5 - Fixed CVE-2019-9937 (#1692358) - Fixed CVE-2019-9936 (#1692366) * Thu May 16 2019 Petr Kubat - 3.26.0-4 - Fixed CVE-2019-5827 (#1710212) --------------------------------------------------------------------------------References: [ 1 ] Bug #1719121 - CVE-2019-8457 sqlite: sqlite3: heap out-of-bound read in function rtreenode()[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1719121 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-02b81266b7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Correction of out-of-range heap read within sqlite's rtreenode() function to boost efficiency. Update now accessible for Fedora 30 users.. Fedora Update, sqlite Heap Fix, Security Advisory, Software Update. . Severity: Critical. LinuxSecurity.com Team

Jul 26, 2019 •Critical Fedora