Advisories

Mandriva Advisories

Package name	sqlite
Date	April 18th, 2007
Advisory ID	MDKSA-2007:091
Affected versions	CS3.0, 2007.0, CS4.0, 2007.1
Synopsis	Updated sqlite packages fix vulnerability

Problem Description

A buffer overflow in sqlite could allow context-dependent attackers
to execute arbitrary code via an empty value of the 'in' parameter.

Updated packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 884a85d61c019447a996d2dc5e74f831  corporate/3.0/i586/libsqlite0-2.8.6-1.1.C30mdk.i586.rpm
 2b7ebd04232c8dd1f16c15ae9e3ca246  corporate/3.0/i586/libsqlite0-devel-2.8.6-1.1.C30mdk.i586.rpm
 6ff596f03bf586a8a1817b5879219ef6  corporate/3.0/i586/libsqlite0-static-devel-2.8.6-1.1.C30mdk.i586.rpm
 cbb31f524ca0dc532241a70f643f260d  corporate/3.0/i586/sqlite-tools-2.8.6-1.1.C30mdk.i586.rpm 
 591320e6f66d0e11462691b504538c75  corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 e44aecce58d89d6e9c572bb1b54d21bb  corporate/3.0/x86_64/lib64sqlite0-2.8.6-1.1.C30mdk.x86_64.rpm
 6eb545a83235f228d6c6ff7f64a9e31d  corporate/3.0/x86_64/lib64sqlite0-devel-2.8.6-1.1.C30mdk.x86_64.rpm
 46bad07156a3b7b00e6d90e7e39c226e  corporate/3.0/x86_64/lib64sqlite0-static-devel-2.8.6-1.1.C30mdk.x86_64.rpm
 f84a83b0c7c59e9a23344ef25acc39bc  corporate/3.0/x86_64/sqlite-tools-2.8.6-1.1.C30mdk.x86_64.rpm 
 591320e6f66d0e11462691b504538c75  corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm

Mandriva Linux 2007

 2e406be8ce05a67e481b0100791d1c27  2007.0/i586/libsqlite0-2.8.17-5.1mdv2007.0.i586.rpm
 1a028c248b42f429d32d2ae6dacfac85  2007.0/i586/libsqlite0-devel-2.8.17-5.1mdv2007.0.i586.rpm
 43fb4503583f6f7eef72c7318e80368d  2007.0/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.0.i586.rpm
 327064ab9c808db9ab413fbe3beb6a6f  2007.0/i586/sqlite-tools-2.8.17-5.1mdv2007.0.i586.rpm 
 5df9576e9e320a86dc22426fe47a1b85  2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 70703690ed3dbbc678ab7e0c0831de46  2007.0/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.0.x86_64.rpm
 e9d133f9bed317abe5862b10050ad06d  2007.0/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.0.x86_64.rpm
 497f82c060fd2e7c1b3dbaf862cb3371  2007.0/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.0.x86_64.rpm
 8c3a909b462cac73e5287a97a61e48d1  2007.0/x86_64/sqlite-tools-2.8.17-5.1mdv2007.0.x86_64.rpm 
 5df9576e9e320a86dc22426fe47a1b85  2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm

Corporate Server 4.0

 d0f9f18d41cf8ec6c0dca0843d540f36  corporate/4.0/i586/libsqlite0-2.8.16-1.1.20060mlcs4.i586.rpm
 daa4deabc744564029f7e6c1fb41f8f8  corporate/4.0/i586/libsqlite0-devel-2.8.16-1.1.20060mlcs4.i586.rpm
 8ec49fe224ac080833dde12d785a4100  corporate/4.0/i586/libsqlite0-static-devel-2.8.16-1.1.20060mlcs4.i586.rpm
 fb5c6833f75cd5038817a5e392f29fa0  corporate/4.0/i586/sqlite-tools-2.8.16-1.1.20060mlcs4.i586.rpm 
 36684a0c204b9bb2a9fadd2fa3bf9623  corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 bc4ffea8cb466d25735875e6623580c1  corporate/4.0/x86_64/lib64sqlite0-2.8.16-1.1.20060mlcs4.x86_64.rpm
 1b145271b1a30cdfe07b3c01026b95ee  corporate/4.0/x86_64/lib64sqlite0-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm
 3a3418515f799275748feab6e7bf3c0e  corporate/4.0/x86_64/lib64sqlite0-static-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm
 43d492190968a3cfd4903670944d6156  corporate/4.0/x86_64/sqlite-tools-2.8.16-1.1.20060mlcs4.x86_64.rpm 
 36684a0c204b9bb2a9fadd2fa3bf9623  corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 ef3a736cb35778d7ba62f09d16fbdeb6  2007.1/i586/libsqlite0-2.8.17-5.1mdv2007.1.i586.rpm
 3f925f2ffb3b824783418d48e05c1a08  2007.1/i586/libsqlite0-devel-2.8.17-5.1mdv2007.1.i586.rpm
 ca2b601fcd4d03b200aa1d57344503db  2007.1/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.1.i586.rpm
 ac72680762722065321b4e1b5526b42a  2007.1/i586/sqlite-tools-2.8.17-5.1mdv2007.1.i586.rpm 
 41181d8d5767577a7aadf6847d0e6001  2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 c3325217fc33dd3e9d934777db30fdd2  2007.1/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.1.x86_64.rpm
 3cfd8765924887ab082ed902b09a5577  2007.1/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.1.x86_64.rpm
 64ec9faa0b6d1f31d118b188984bfebf  2007.1/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.1.x86_64.rpm
 6391fdadf99aca86ad746b86a5724cf1  2007.1/x86_64/sqlite-tools-2.8.17-5.1mdv2007.1.x86_64.rpm 
 41181d8d5767577a7aadf6847d0e6001  2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1888

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer