Oracle Linux 6 : sqlite (ELSA-2015-1634)

high Nessus Plugin ID 85490

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

From Red Hat Security Advisory 2015:1634 :

An updated sqlite package that fixes one security issue is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

SQLite is a C library that implements a SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and flexibility of a SQL database without the administrative hassles of supporting a separate database server.

It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3416)

All sqlite users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

Solution

Update the affected sqlite packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2015-August/005346.html

Plugin Details

Severity: High

ID: 85490

File Name: oraclelinux_ELSA-2015-1634.nasl

Version: 2.10

Type: local

Agent: unix

Published: 8/18/2015

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:lemon, p-cpe:/a:oracle:linux:sqlite, p-cpe:/a:oracle:linux:sqlite-devel, p-cpe:/a:oracle:linux:sqlite-doc, p-cpe:/a:oracle:linux:sqlite-tcl, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 8/17/2015

Vulnerability Publication Date: 4/24/2015

Reference Information

CVE: CVE-2015-3416

RHSA: 2015:1634