Amazon Linux 1 Security Advisory: ALAS-2015-591
Advisory Release Date: 2015-09-02 12:00 Pacific
Advisory Updated Date: 2015-09-02 12:00 Pacific
A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)
It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)
It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416)
Affected Packages:
sqlite
Issue Correction:
Run yum update sqlite to update your system.
i686:
sqlite-tcl-3.7.17-6.13.amzn1.i686
sqlite-3.7.17-6.13.amzn1.i686
sqlite-devel-3.7.17-6.13.amzn1.i686
lemon-3.7.17-6.13.amzn1.i686
sqlite-debuginfo-3.7.17-6.13.amzn1.i686
noarch:
sqlite-doc-3.7.17-6.13.amzn1.noarch
src:
sqlite-3.7.17-6.13.amzn1.src
x86_64:
sqlite-3.7.17-6.13.amzn1.x86_64
sqlite-devel-3.7.17-6.13.amzn1.x86_64
lemon-3.7.17-6.13.amzn1.x86_64
sqlite-tcl-3.7.17-6.13.amzn1.x86_64
sqlite-debuginfo-3.7.17-6.13.amzn1.x86_64