Magelllan 570x300 Esm W900

Are you a RHEL user? Severe bugs in the ubiquitous SQLite engine – used in thousands of software applications – continue to pose a major security threat, security researchers say, with Red Hat admitting that its flagship Red Hat Enterprise Linux (RHEL) 8 remains vulnerable, despite patching other products this week.

Red Hat said in a security update it had now inoculated RHEL 7 and its “RHEL 8.0 Update Services for SAP Solutions”, but RHEL 8 itself remains affected by one of the vulnerabilities, first disclosed to the Chromium team by China’s Tencent Blade – which dubbed them “Magellan 2.0” – in October 2019.

The vulnerability in question,CVE-2019-13734, was reported by Tencent Blade in early December as one of a series of exploitable holes in the SQLite engine. It is described as “out of bounds write in SQLite… [that] allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.”

The link for this article located at CBR Online is no longer available.