ALAS-2015-591


Amazon Linux AMI Security Advisory: ALAS-2015-591
Advisory Release Date: 2015-09-02 12:00 Pacific
Severity: Medium

Issue Overview:

A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414 )

It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415 )

It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416 )


Affected Packages:

sqlite


Issue Correction:
Run yum update sqlite to update your system.

New Packages:
i686:
    sqlite-tcl-3.7.17-6.13.amzn1.i686
    sqlite-3.7.17-6.13.amzn1.i686
    sqlite-devel-3.7.17-6.13.amzn1.i686
    lemon-3.7.17-6.13.amzn1.i686
    sqlite-debuginfo-3.7.17-6.13.amzn1.i686

noarch:
    sqlite-doc-3.7.17-6.13.amzn1.noarch

src:
    sqlite-3.7.17-6.13.amzn1.src

x86_64:
    sqlite-3.7.17-6.13.amzn1.x86_64
    sqlite-devel-3.7.17-6.13.amzn1.x86_64
    lemon-3.7.17-6.13.amzn1.x86_64
    sqlite-tcl-3.7.17-6.13.amzn1.x86_64
    sqlite-debuginfo-3.7.17-6.13.amzn1.x86_64