A sqlite security update has been released for AlmaLinux.
ALSA-2021:4396 Moderate: sqlite security update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description
Security Fix(es):
* sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)
* sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)
* sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)
* sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)
* sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
CVE-2019-5827
CVE-2019-13750
CVE-2019-13751
CVE-2019-19603
CVE-2020-13435
Updates packages:
lemon-3.26.0-15.el8.x86_64.rpm
sqlite-3.26.0-15.el8.i686.rpm
sqlite-3.26.0-15.el8.x86_64.rpm
sqlite-devel-3.26.0-15.el8.i686.rpm
sqlite-devel-3.26.0-15.el8.x86_64.rpm
sqlite-doc-3.26.0-15.el8.noarch.rpm
sqlite-libs-3.26.0-15.el8.i686.rpm
sqlite-libs-3.26.0-15.el8.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
