sqlite-3.26.0-13.el8

エラータID: AXSA:2021-1806:01

Release date: 
Monday, June 7, 2021 - 12:40
Subject: 
sqlite-3.26.0-13.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Security Fix(es):

* sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)
* sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (CVE-2020-15358)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.4 Release Notes linked from the References section.

CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Solution: 

Update packages.

CVEs: 
CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Additional Info: 

N/A

Download: 

SRPMS
  1. sqlite-3.26.0-13.el8.src.rpm
    MD5: 8bbaeb597a9cc1c6fb643ea2c7e854f9
    SHA-256: 7e482a477417d9a1fbeec0e827f39fd7d479fb896119da8c492d5237052150fa
    Size: 22.48 MB

Asianux Server 8 for x86_64
  1. lemon-3.26.0-13.el8.x86_64.rpm
    MD5: edf9d046d313b2a1f73e62d88b33a311
    SHA-256: 489e114a995b21fd3b680da749b335f12011cffb19845aef7c722c5b44c782a5
    Size: 75.67 kB
  2. sqlite-3.26.0-13.el8.x86_64.rpm
    MD5: d66d296a96b3b4977559e3fd3eb8f0da
    SHA-256: a7777f83b6a1289090ce81be564d9e015ef02f1e8b85cdd57153942d0f21c129
    Size: 666.43 kB
  3. sqlite-devel-3.26.0-13.el8.x86_64.rpm
    MD5: 561bef9c8f9eedd55b9d52b1c105cafc
    SHA-256: e0447694e85d04762744b1a56b07a96e430774e5f9c3738f1289e2170283199a
    Size: 163.50 kB
  4. sqlite-doc-3.26.0-13.el8.noarch.rpm
    MD5: 1004cc55affb684df6206e8311c3e26f
    SHA-256: 873d7106c689b369e1ab4a0e52270600091cc12d3f2f8c09a0e8cb69ee7dc2f7
    Size: 6.76 MB
  5. sqlite-libs-3.26.0-13.el8.x86_64.rpm
    MD5: 0d897be30379c4d00692945736cfd676
    SHA-256: 44028d90bf124aa7353c9dfd08cbdd025a7f4179263195e5b5085ff273fd14e7
    Size: 579.16 kB
  6. sqlite-3.26.0-13.el8.i686.rpm
    MD5: 30a8be57f86d5fd1a2bdc738f211cb87
    SHA-256: 5107ac2cab7e62b06f137c34498a938712ef6cfa7388cba759d8cf5831764c5c
    Size: 712.82 kB
  7. sqlite-devel-3.26.0-13.el8.i686.rpm
    MD5: 5816a25599741523e3e17a05a23a20e4
    SHA-256: 92848ef458f51c3b5f6f18a8fe511c50c469f0dc86a39651e211103c6af8010e
    Size: 163.52 kB
  8. sqlite-libs-3.26.0-13.el8.i686.rpm
    MD5: b5fc3f0d4c66a932c27fdabcdbd4ff6d
    SHA-256: b18179e7a6b4b67be3213671fb02193b3375483767092c1646c63e6f5b539a76
    Size: 619.46 kB