lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HeQ0n-0006iU-4T@artemis.annvix.ca>
Date: Thu, 19 Apr 2007 00:20:57 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:091 ] - Updated sqlite packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:091
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : sqlite
 Date    : April 18, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A buffer overflow in sqlite could allow context-dependent attackers
 to execute arbitrary code via an empty value of the 'in' parameter.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1888
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2e406be8ce05a67e481b0100791d1c27  2007.0/i586/libsqlite0-2.8.17-5.1mdv2007.0.i586.rpm
 1a028c248b42f429d32d2ae6dacfac85  2007.0/i586/libsqlite0-devel-2.8.17-5.1mdv2007.0.i586.rpm
 43fb4503583f6f7eef72c7318e80368d  2007.0/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.0.i586.rpm
 327064ab9c808db9ab413fbe3beb6a6f  2007.0/i586/sqlite-tools-2.8.17-5.1mdv2007.0.i586.rpm 
 5df9576e9e320a86dc22426fe47a1b85  2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 70703690ed3dbbc678ab7e0c0831de46  2007.0/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.0.x86_64.rpm
 e9d133f9bed317abe5862b10050ad06d  2007.0/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.0.x86_64.rpm
 497f82c060fd2e7c1b3dbaf862cb3371  2007.0/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.0.x86_64.rpm
 8c3a909b462cac73e5287a97a61e48d1  2007.0/x86_64/sqlite-tools-2.8.17-5.1mdv2007.0.x86_64.rpm 
 5df9576e9e320a86dc22426fe47a1b85  2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 ef3a736cb35778d7ba62f09d16fbdeb6  2007.1/i586/libsqlite0-2.8.17-5.1mdv2007.1.i586.rpm
 3f925f2ffb3b824783418d48e05c1a08  2007.1/i586/libsqlite0-devel-2.8.17-5.1mdv2007.1.i586.rpm
 ca2b601fcd4d03b200aa1d57344503db  2007.1/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.1.i586.rpm
 ac72680762722065321b4e1b5526b42a  2007.1/i586/sqlite-tools-2.8.17-5.1mdv2007.1.i586.rpm 
 41181d8d5767577a7aadf6847d0e6001  2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 c3325217fc33dd3e9d934777db30fdd2  2007.1/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.1.x86_64.rpm
 3cfd8765924887ab082ed902b09a5577  2007.1/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.1.x86_64.rpm
 64ec9faa0b6d1f31d118b188984bfebf  2007.1/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.1.x86_64.rpm
 6391fdadf99aca86ad746b86a5724cf1  2007.1/x86_64/sqlite-tools-2.8.17-5.1mdv2007.1.x86_64.rpm 
 41181d8d5767577a7aadf6847d0e6001  2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm

 Corporate 3.0:
 884a85d61c019447a996d2dc5e74f831  corporate/3.0/i586/libsqlite0-2.8.6-1.1.C30mdk.i586.rpm
 2b7ebd04232c8dd1f16c15ae9e3ca246  corporate/3.0/i586/libsqlite0-devel-2.8.6-1.1.C30mdk.i586.rpm
 6ff596f03bf586a8a1817b5879219ef6  corporate/3.0/i586/libsqlite0-static-devel-2.8.6-1.1.C30mdk.i586.rpm
 cbb31f524ca0dc532241a70f643f260d  corporate/3.0/i586/sqlite-tools-2.8.6-1.1.C30mdk.i586.rpm 
 591320e6f66d0e11462691b504538c75  corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e44aecce58d89d6e9c572bb1b54d21bb  corporate/3.0/x86_64/lib64sqlite0-2.8.6-1.1.C30mdk.x86_64.rpm
 6eb545a83235f228d6c6ff7f64a9e31d  corporate/3.0/x86_64/lib64sqlite0-devel-2.8.6-1.1.C30mdk.x86_64.rpm
 46bad07156a3b7b00e6d90e7e39c226e  corporate/3.0/x86_64/lib64sqlite0-static-devel-2.8.6-1.1.C30mdk.x86_64.rpm
 f84a83b0c7c59e9a23344ef25acc39bc  corporate/3.0/x86_64/sqlite-tools-2.8.6-1.1.C30mdk.x86_64.rpm 
 591320e6f66d0e11462691b504538c75  corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm

 Corporate 4.0:
 d0f9f18d41cf8ec6c0dca0843d540f36  corporate/4.0/i586/libsqlite0-2.8.16-1.1.20060mlcs4.i586.rpm
 daa4deabc744564029f7e6c1fb41f8f8  corporate/4.0/i586/libsqlite0-devel-2.8.16-1.1.20060mlcs4.i586.rpm
 8ec49fe224ac080833dde12d785a4100  corporate/4.0/i586/libsqlite0-static-devel-2.8.16-1.1.20060mlcs4.i586.rpm
 fb5c6833f75cd5038817a5e392f29fa0  corporate/4.0/i586/sqlite-tools-2.8.16-1.1.20060mlcs4.i586.rpm 
 36684a0c204b9bb2a9fadd2fa3bf9623  corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 bc4ffea8cb466d25735875e6623580c1  corporate/4.0/x86_64/lib64sqlite0-2.8.16-1.1.20060mlcs4.x86_64.rpm
 1b145271b1a30cdfe07b3c01026b95ee  corporate/4.0/x86_64/lib64sqlite0-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm
 3a3418515f799275748feab6e7bf3c0e  corporate/4.0/x86_64/lib64sqlite0-static-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm
 43d492190968a3cfd4903670944d6156  corporate/4.0/x86_64/sqlite-tools-2.8.16-1.1.20060mlcs4.x86_64.rpm 
 36684a0c204b9bb2a9fadd2fa3bf9623  corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGJt70mqjQ0CJFipgRAimNAJ0Ww+tU3ol8WRVzZn+YXfOrpmOFvQCgmbJw
INyPPbd8fuFsrVj7FtNIlio=
=s+p3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ