[Security Announce] [ MDKSA-2007:091 ] - Updated sqlite packages fix vulnerability
Posted on: 04/19/2007 09:35 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:091
http://www.mandriva.com/security/
_______________________________________________________________________

Package : sqlite
Date : April 18, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A buffer overflow in sqlite could allow context-dependent attackers
to execute arbitrary code via an empty value of the 'in' parameter.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1888
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
2e406be8ce05a67e481b0100791d1c27 2007.0/i586/libsqlite0-2.8.17-5.1mdv2007.0.i586.rpm
1a028c248b42f429d32d2ae6dacfac85 2007.0/i586/libsqlite0-devel-2.8.17-5.1mdv2007.0.i586.rpm
43fb4503583f6f7eef72c7318e80368d 2007.0/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.0.i586.rpm
327064ab9c808db9ab413fbe3beb6a6f 2007.0/i586/sqlite-tools-2.8.17-5.1mdv2007.0.i586.rpm
5df9576e9e320a86dc22426fe47a1b85 2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
70703690ed3dbbc678ab7e0c0831de46 2007.0/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.0.x86_64.rpm
e9d133f9bed317abe5862b10050ad06d 2007.0/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.0.x86_64.rpm
497f82c060fd2e7c1b3dbaf862cb3371 2007.0/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.0.x86_64.rpm
8c3a909b462cac73e5287a97a61e48d1 2007.0/x86_64/sqlite-tools-2.8.17-5.1mdv2007.0.x86_64.rpm
5df9576e9e320a86dc22426fe47a1b85 2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
ef3a736cb35778d7ba62f09d16fbdeb6 2007.1/i586/libsqlite0-2.8.17-5.1mdv2007.1.i586.rpm
3f925f2ffb3b824783418d48e05c1a08 2007.1/i586/libsqlite0-devel-2.8.17-5.1mdv2007.1.i586.rpm
ca2b601fcd4d03b200aa1d57344503db 2007.1/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.1.i586.rpm
ac72680762722065321b4e1b5526b42a 2007.1/i586/sqlite-tools-2.8.17-5.1mdv2007.1.i586.rpm
41181d8d5767577a7aadf6847d0e6001 2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
c3325217fc33dd3e9d934777db30fdd2 2007.1/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.1.x86_64.rpm
3cfd8765924887ab082ed902b09a5577 2007.1/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.1.x86_64.rpm
64ec9faa0b6d1f31d118b188984bfebf 2007.1/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.1.x86_64.rpm
6391fdadf99aca86ad746b86a5724cf1 2007.1/x86_64/sqlite-tools-2.8.17-5.1mdv2007.1.x86_64.rpm
41181d8d5767577a7aadf6847d0e6001 2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm

Corporate 3.0:
884a85d61c019447a996d2dc5e74f831 corporate/3.0/i586/libsqlite0-2.8.6-1.1.C30mdk.i586.rpm
2b7ebd04232c8dd1f16c15ae9e3ca246 corporate/3.0/i586/libsqlite0-devel-2.8.6-1.1.C30mdk.i586.rpm
6ff596f03bf586a8a1817b5879219ef6 corporate/3.0/i586/libsqlite0-static-devel-2.8.6-1.1.C30mdk.i586.rpm
cbb31f524ca0dc532241a70f643f260d corporate/3.0/i586/sqlite-tools-2.8.6-1.1.C30mdk.i586.rpm
591320e6f66d0e11462691b504538c75 corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
e44aecce58d89d6e9c572bb1b54d21bb corporate/3.0/x86_64/lib64sqlite0-2.8.6-1.1.C30mdk.x86_64.rpm
6eb545a83235f228d6c6ff7f64a9e31d corporate/3.0/x86_64/lib64sqlite0-devel-2.8.6-1.1.C30mdk.x86_64.rpm
46bad07156a3b7b00e6d90e7e39c226e corporate/3.0/x86_64/lib64sqlite0-static-devel-2.8.6-1.1.C30mdk.x86_64.rpm
f84a83b0c7c59e9a23344ef25acc39bc corporate/3.0/x86_64/sqlite-tools-2.8.6-1.1.C30mdk.x86_64.rpm
591320e6f66d0e11462691b504538c75 corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm

Corporate 4.0:
d0f9f18d41cf8ec6c0dca0843d540f36 corporate/4.0/i586/libsqlite0-2.8.16-1.1.20060mlcs4.i586.rpm
daa4deabc744564029f7e6c1fb41f8f8 corporate/4.0/i586/libsqlite0-devel-2.8.16-1.1.20060mlcs4.i586.rpm
8ec49fe224ac080833dde12d785a4100 corporate/4.0/i586/libsqlite0-static-devel-2.8.16-1.1.20060mlcs4.i586.rpm
fb5c6833f75cd5038817a5e392f29fa0 corporate/4.0/i586/sqlite-tools-2.8.16-1.1.20060mlcs4.i586.rpm
36684a0c204b9bb2a9fadd2fa3bf9623 corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
bc4ffea8cb466d25735875e6623580c1 corporate/4.0/x86_64/lib64sqlite0-2.8.16-1.1.20060mlcs4.x86_64.rpm
1b145271b1a30cdfe07b3c01026b95ee corporate/4.0/x86_64/lib64sqlite0-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm
3a3418515f799275748feab6e7bf3c0e corporate/4.0/x86_64/lib64sqlite0-static-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm
43d492190968a3cfd4903670944d6156 corporate/4.0/x86_64/sqlite-tools-2.8.16-1.1.20060mlcs4.x86_64.rpm
36684a0c204b9bb2a9fadd2fa3bf9623 corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGJt70mqjQ0CJFipgRAimNAJ0Ww+tU3ol8WRVzZn+YXfOrpmOFvQCgmbJw
INyPPbd8fuFsrVj7FtNIlio=
=s+p3
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007091__updated_sqlite_packages_fix_vulnerability.html)