Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0238)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0238

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0238)

Resumen: The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2017-0238 advisory.

Descripción: Summary:
The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2017-0238 advisory.

Vulnerability Insight:
Pointer disclosure in SQLite (CVE-2017-7000).

The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized
RTree blobs in a crafted database, leading to a heap-based buffer over-read or
possibly unspecified other impact (CVE-2017-10989).

Note: the CVE-2017-10989 issue only affected Mageia 5.

Affected Software/OS:
'sqlite3' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-10989
BugTraq ID: 99502
http://www.securityfocus.com/bid/99502
http://marc.info/?l=sqlite-users&m=149933696214713&w=2
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
https://sqlite.org/src/info/66de6f4a
https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
http://www.securitytracker.com/id/1039427
SuSE Security Announcement: openSUSE-SU-2019:1426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7000
BugTraq ID: 98767
http://www.securityfocus.com/bid/98767
BugTraq ID: 99950
http://www.securityfocus.com/bid/99950
Debian Security Information: DSA-3926 (Google Search)
https://www.debian.org/security/2017/dsa-3926
https://security.gentoo.org/glsa/201709-15
RedHat Security Advisories: RHSA-2017:1833
https://access.redhat.com/errata/RHSA-2017:1833

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0238
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0238)
Resumen:	The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2017-0238 advisory.
Descripción:	Summary: The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2017-0238 advisory. Vulnerability Insight: Pointer disclosure in SQLite (CVE-2017-7000). The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact (CVE-2017-10989). Note: the CVE-2017-10989 issue only affected Mageia 5. Affected Software/OS: 'sqlite3' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10989 BugTraq ID: 99502 http://www.securityfocus.com/bid/99502 http://marc.info/?l=sqlite-users&m=149933696214713&w=2 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 https://sqlite.org/src/info/66de6f4a https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html http://www.securitytracker.com/id/1039427 SuSE Security Announcement: openSUSE-SU-2019:1426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html https://usn.ubuntu.com/4019-1/ https://usn.ubuntu.com/4019-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7000 BugTraq ID: 98767 http://www.securityfocus.com/bid/98767 BugTraq ID: 99950 http://www.securityfocus.com/bid/99950 Debian Security Information: DSA-3926 (Google Search) https://www.debian.org/security/2017/dsa-3926 https://security.gentoo.org/glsa/201709-15 RedHat Security Advisories: RHSA-2017:1833 https://access.redhat.com/errata/RHSA-2017:1833
Copyright	Copyright (C) 2022 Greenbone AG