Rapid7 Vulnerability & Exploit Database

RHSA-2015:1634: sqlite security update

Back to Search

RHSA-2015:1634: sqlite security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
04/24/2015
Created
07/25/2018
Added
08/18/2015
Modified
07/04/2017

Description

SQLite is a C library that implements an SQL database engine. A largesubset of SQL92 is supported. A complete database is stored in a singledisk file. The API is designed for convenience and ease of use.Applications that link against SQLite can enjoy the power and flexibilityof an SQL database without the administrative hassles of supporting aseparate database server.It was found that SQLite's sqlite3VXPrintf() function did not properlyhandle precision and width values during floating-point conversions.A local attacker could submit a specially crafted SELECT statement thatwould crash the SQLite process, or have other unspecified impacts.(CVE-2015-3416)All sqlite users are advised to upgrade to this updated package, whichcontains a backported patch to correct this issue.

Solution(s)

  • redhat-upgrade-lemon
  • redhat-upgrade-sqlite
  • redhat-upgrade-sqlite-debuginfo
  • redhat-upgrade-sqlite-devel
  • redhat-upgrade-sqlite-doc
  • redhat-upgrade-sqlite-tcl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;