------------------------------------------------------------------------- Debian LTS Advisory DLA-3431-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Tobias Frost May 22, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : sqlite Version : 2.8.17-15+deb10u1 CVE ID : CVE-2016-6153 CVE-2018-8740 Debian Bug : Two vulnerabilities have been fixed in sqlite (V2) which which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact. CVE-2016-6153 sqlite improperly implemented the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. CVE-2018-8740 Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, For Debian 10 buster, these problems have been fixed in version 2.8.17-15+deb10u1. We recommend that you upgrade your sqlite packages. For the detailed security status of sqlite please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sqlite Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature