SUSE alert SUSE-SU-2019:14228-1 (sqlite3)
| From: | sle-security-updates@lists.suse.com | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2019:14228-1: important: Security update for sqlite3 | |
| Date: | Mon, 25 Nov 2019 21:23:39 +0100 (CET) | |
| Message-ID: | <20191125202339.E1CDAF79E@maintenance.suse.de> |
SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14228-1 Rating: important References: #1085790 #1155787 Cross-References: CVE-2017-2518 CVE-2018-8740 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). - CVE-2018-8740: Fixed a null pointer dereference caused when CREATE TABLE AS statement is used (bsc#1085790). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sqlite3-14228=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): sqlite3-debugsource-3.6.4-4.8.1 References: https://www.suse.com/security/cve/CVE-2017-2518.html https://www.suse.com/security/cve/CVE-2018-8740.html https://bugzilla.suse.com/1085790 https://bugzilla.suse.com/1155787 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates