|
|
Subscribe / Log in / New account

Ubuntu alert USN-7679-1 (sqlite3)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7679-1] SQLite vulnerabilities


Date:
              Wed, 30 Jul 2025 13:51:55 +0000


Message-ID:
              <E1uh7Dn-00064h-33@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7679-1
July 29, 2025

sqlite3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in SQLite.

Software Description:
- sqlite3: C library that implements an SQL database engine

Details:

It was discovered that SQLite incorrectly handled aggregate terms. An
attacker could use this issue to cause SQLite to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-6965)

It was discovered that SQLite incorrectly handled certain argument values
to sqlite3_db_config(). An attacker could use this issue to cause SQLite to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This update fixes the issue in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS. This issue was previously fixed in Ubuntu 20.04 LTS via
USN-7528-1. (CVE-2025-29088)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libsqlite3-0                    3.31.1-4ubuntu0.7+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libsqlite3-0                    3.22.0-1ubuntu0.7+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libsqlite3-0                    3.11.0-1ubuntu1.5+esm3
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libsqlite3-0                    3.8.2-1ubuntu2.2+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7679-1
  CVE-2025-29088, CVE-2025-6965




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmiKItoACgkQcpJm3tlz
hgFvKw/+I7CgF+2eELlah1nYWBWT9K+z38pfHscGoK6zIQaOwBZsv5zim045W/a5
0iI5ySFzhx3NiPctEAD5jG+ezqozagL+tEqJ4xfClKVKS/N51Bd8FTHUxzNTW8rW
VnuDJtK/KmV6/2XX/ufqQKq1vHO5am3hhjxLcg1aQQJ45w7UP47ywKaP984AvImk
TPQuYV4S4jVu0G4aCciCdDHtkaWCq2hdt7HA3jFIoVpfS6SmY1ov4gk4GZvy24a5
zJJkajqSuXTJS1wCKtpUqdK4PVDsY1NGnpLqOLOEkeFQv1QjevCRaltwdndBEtd5
Nq1UQy7VZNwFHcPbwvxEO8QvypGZC0FgZO3JzAfr25MT2CIBxt0ieF1b5TWj+6Ps
JU931B5Gd8OJvkzcGEpeQqThUIwBN3LnX6LjMLaGqcdNDXSDKz6Jvt4cPBa4U0XI
7SYcuLzlfEEpyt053KOnOkjdAwrzGPhcV5Uc5CjwMann0kJQQZ9O05umc4TRE1lN
WXBoN01EEgI2IYZmkhs5Stv7aheQS4CNwHCddpTlxycgKRD8Dm8M9QJiO5hKjBxQ
zfhbNgnZJpL+tx1NPZjf5rF+7Z5kTCTRQsV+BtAkwcvYRgGB/lTWApw5t+3h/nCb
hKvCiGq7pa1Osi4FvV0Ed5SYdHPg/TM6fU9HBNFp7gYaGhkfN3I=
=mjan
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds