lemon, sqlite security update

2015-08-1715:33:32

CentOS Project

lists.centos.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON

CentOS Errata and Security Advisory CESA-2015:1634

SQLite is a C library that implements an SQL database engine. A large
subset of SQL92 is supported. A complete database is stored in a single
disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and flexibility
of an SQL database without the administrative hassles of supporting a
separate database server.

It was found that SQLite’s sqlite3VXPrintf() function did not properly
handle precision and width values during floating-point conversions.
A local attacker could submit a specially crafted SELECT statement that
would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3416)

All sqlite users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-August/083494.html

Affected packages:
lemon
sqlite
sqlite-devel
sqlite-doc
sqlite-tcl

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1634

OSVersionArchitecturePackageVersionFilename
CentOS6i686lemon< 3.6.20-1.el6_7.2lemon-3.6.20-1.el6_7.2.i686.rpm
CentOS6i686sqlite< 3.6.20-1.el6_7.2sqlite-3.6.20-1.el6_7.2.i686.rpm
CentOS6i686sqlite-devel< 3.6.20-1.el6_7.2sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
CentOS6i686sqlite-doc< 3.6.20-1.el6_7.2sqlite-doc-3.6.20-1.el6_7.2.i686.rpm
CentOS6i686sqlite-tcl< 3.6.20-1.el6_7.2sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm
CentOS6x86_64lemon< 3.6.20-1.el6_7.2lemon-3.6.20-1.el6_7.2.x86_64.rpm
CentOS6i686sqlite< 3.6.20-1.el6_7.2sqlite-3.6.20-1.el6_7.2.i686.rpm
CentOS6x86_64sqlite< 3.6.20-1.el6_7.2sqlite-3.6.20-1.el6_7.2.x86_64.rpm
CentOS6i686sqlite-devel< 3.6.20-1.el6_7.2sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
CentOS6x86_64sqlite-devel< 3.6.20-1.el6_7.2sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	6	i686	lemon	< 3.6.20-1.el6_7.2	lemon-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	i686	sqlite	< 3.6.20-1.el6_7.2	sqlite-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	i686	sqlite-devel	< 3.6.20-1.el6_7.2	sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	i686	sqlite-doc	< 3.6.20-1.el6_7.2	sqlite-doc-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	i686	sqlite-tcl	< 3.6.20-1.el6_7.2	sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	x86_64	lemon	< 3.6.20-1.el6_7.2	lemon-3.6.20-1.el6_7.2.x86_64.rpm
CentOS	6	i686	sqlite	< 3.6.20-1.el6_7.2	sqlite-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	x86_64	sqlite	< 3.6.20-1.el6_7.2	sqlite-3.6.20-1.el6_7.2.x86_64.rpm
CentOS	6	i686	sqlite-devel	< 3.6.20-1.el6_7.2	sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
CentOS	6	x86_64	sqlite-devel	< 3.6.20-1.el6_7.2	sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm