|
|
Subscribe / Log in / New account

Ubuntu alert USN-5712-1 (sqlite3)



From:
              Ian Constantin <ian.constantin@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-5712-1] SQLite vulnerability


Date:
              Thu, 03 Nov 2022 11:23:24 -0400


Message-ID:
              <2c5a090c-c880-8187-3982-f8d21868d3e0@canonical.com>


==========================================================================
Ubuntu Security Notice USN-5712-1
November 03, 2022

sqlite3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

SQLite could be made to crash or run programs as your login if it
received specially crafted input.

Software Description:
- sqlite3: C library that implements an SQL database engine

Details:

It was discovered that SQLite did not properly handle large string
inputs in certain circumstances. An attacker could possibly use this
issue to cause a denial of service or arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libsqlite3-0                    3.11.0-1ubuntu1.5+esm2
   sqlite3                          3.11.0-1ubuntu1.5+esm2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5712-1
   CVE-2022-35737
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds