QID 239830
Date Published: 2021-11-10
QID 239830: Red Hat Update for sqlite (RHSA-2021:4396)
sqlite is a c library that implements an sql database engine.
A large subset of sql92 is supported.
A complete database is stored in a single disk file.
The api is designed for convenience and ease of use.
Applications that link against sqlite can enjoy the power and flexibility of an sql database without the administrative hassles of supporting a separate database server.
- sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (cve-2019-5827)
- sqlite: dropping of shadow tables not restricted in defensive mode (cve-2019-13750)
- sqlite: fts3: improve detection of corrupted records (cve-2019-13751)
- sqlite: mishandling of certain select statements with non-existent view can lead to dos (cve-2019-19603)
- sqlite: null pointer dereference in sqlite3exprcodetarget() (cve-2020-13435)
Affected Products:
- Red Hat enterprise linux for x86_64 8 x86_64
- Red Hat enterprise linux for ibm z systems 8 s390x
- Red Hat enterprise linux for power, little endian 8 ppc64le
- Red Hat enterprise linux for arm 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch.
Refer to Refer to :
Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2021:4396 Update to address this issue and obtain more information.
Vendor References
- RHSA-2021:4396 -
access.redhat.com/errata/RHSA-2021:4396
CVEs related to QID 239830
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:4396 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:4396 |