| |||||||||||||||||||
Pardus alert 2010-18 (sqlite)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-18 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-02-04 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been found in sqlite, which can be exploited by malicious people to gather deleted information on sqlite database. [UPDATE] The issue is fixed in Pardus 2008 Description =========== Sqlite leaves a trace on the disk when using DELETE query. Although the deleted information cannot be seen with sqlite query, it can be seen with a text editor. This applies to all applications which use sqlite. For example, when Firefox clear private data feature is used, the deleted history data can be seen in "~/.mozilla/*.default/places.sqlite" with a text editor. Affected packages: Pardus 2009: sqlite, all before 3.6.20-21-9 Pardus 2008: sqlite, all before 3.5.9-17-5 Resolution ========== There are update(s) for sqlite. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up sqlite Pardus 2009: pisi up sqlite References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12137 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566326 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||