You are here
Home > Preporuke > Ranjivosti programskog paketa sqlite3

Ranjivosti programskog paketa sqlite3

  • Detalji os-a: LMV
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LMV

Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:217

Package : sqlite3
Date : April 30, 2015
Affected: Business Server 1.0, Business Server 2.0

Problem Description:

Multiple vulnerabilities has been found and corrected in sqlite3:

SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to
cause a denial of service (uninitialized memory access and application
crash) or possibly have unspecified other impact via a crafted COLLATE
clause, as demonstrated by COLLATE at the end of a SELECT statement

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9
does not properly implement comparison operators, which allows
context-dependent attackers to cause a denial of service (invalid
free operation) or possibly have unspecified other impact via a
crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE
TABLE statement (CVE-2015-3415).

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does
not properly handle precision and width values during floating-point
conversions, which allows context-dependent attackers to cause a
denial of service (integer overflow and stack-based buffer overflow)
or possibly have unspecified other impact via large integers in a
crafted printf function call in a SELECT statement (CVE-2015-3416).

The updated packages provides a solution for these security issues.


Updated Packages:

Mandriva Business Server 1/X86_64:
adb7e2731d814af7948c8a65662e7c71 mbs1/x86_64/lemon-3.8.9-1.mbs1.x86_64.rpm
8c9620460c62d0f7d07bd5fee68ac038 mbs1/x86_64/lib64sqlite3_0-3.8.9-1.mbs1.x86_64.rpm
f060fd3ca68302f59e47e9bc1b336d4b mbs1/x86_64/lib64sqlite3-devel-3.8.9-1.mbs1.x86_64.rpm
0fdd2e8a7456b51773b2a131534b9867 mbs1/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs1.x86_64.rpm
14682c0d09a3dc73f4405ee136c6115d mbs1/x86_64/sqlite3-tcl-3.8.9-1.mbs1.x86_64.rpm
c2fc81b9162865ecdcef85aaa805507f mbs1/x86_64/sqlite3-tools-3.8.9-1.mbs1.x86_64.rpm
474e6b9bc6a7299f8ab34a90893bbd96 mbs1/SRPMS/sqlite3-3.8.9-1.mbs1.src.rpm

Mandriva Business Server 2/X86_64:
44c4a002a3480388751603981327a21d mbs2/x86_64/lemon-3.8.9-1.mbs2.x86_64.rpm
9d2ded51447e5f133c37257635ef4f22 mbs2/x86_64/lib64sqlite3_0-3.8.9-1.mbs2.x86_64.rpm
42c8fce0126487fa0a72b4f5f1b5e852 mbs2/x86_64/lib64sqlite3-devel-3.8.9-1.mbs2.x86_64.rpm
a93c0f348006f6675779bf7cd5c9f547 mbs2/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs2.x86_64.rpm
792f42a7a38d7947e7b5d0ea67510de2 mbs2/x86_64/sqlite3-tcl-3.8.9-1.mbs2.x86_64.rpm
947e30fcb8c4f19b1398d6e29adc29ac mbs2/x86_64/sqlite3-tools-3.8.9-1.mbs2.x86_64.rpm
150cb2acc870d5ca8a343f21edef4248 mbs2/SRPMS/sqlite3-3.8.9-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver 0x22458A98

You can view other update advisories for Mandriva Linux at:

If you want to report vulnerabilities, please contact


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.12 (GNU/Linux)


To unsubscribe, send a email to
with this subject : unsubscribe security-announce
Want to buy your Pack or Services from Mandriva?
Go to

AutorTomislav Protega
Cert idNCERT-REF-2015-05-0009-ADV
CveCVE-2015-3414 CVE-2015-3415 CVE-2015-3416
ID izvornikaMDVSA-2015:217
More in Preporuke
Sigurnosni propust programskog paketa wpa_supplicant

Otkriven je sigurnosni propust u načinu kojim je wpa_supplicant upravljao SSID informacijama prilikom kreiranja ili ažuriranja P2P peer unosa. Potencijalni...