Lucene search

Gentoo FoundationMGASA-2016-0255

HistoryJul 14, 2016 - 11:33 p.m.

Updated sqlite3 packages fix security vulnerability

2016-07-1423:33:59

Gentoo Foundation

advisories.mageia.org

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.7%

JSON

It was discovered that sqlite3 would reject a temporary directory (e.g., as specified by the TMPDIR environment variable) to which the executing user did not have read permissions. This could result in information leakage as less secure global temporary directories (e.g., /var/tmp or /tmp) would be used instead (CVE-2016-6153).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchsqlite3< 3.8.10.2-1.2sqlite3-3.8.10.2-1.2.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	sqlite3	< 3.8.10.2-1.2	sqlite3-3.8.10.2-1.2.mga5

References

lwn.net/Alerts/693549/

bugs.mageia.org/show_bug.cgi?id=18869

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for MGASA-2016-0255