Oracle Linux 6 : sqlite (ELSA-2015-1634)
High Nessus Plugin ID 85490
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionFrom Red Hat Security Advisory 2015:1634 :
An updated sqlite package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
SQLite is a C library that implements a SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and flexibility of a SQL database without the administrative hassles of supporting a separate database server.
It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.
All sqlite users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
SolutionUpdate the affected sqlite packages.