Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.
5e917bb7e6f9edc636297d6a5ef7728eaba569232b19fbb441916d312716221aApple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.
e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.
92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509Red Hat Security Advisory 2015-1635-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.
a0efdeb75f1c30ee358397a36729d3fe23e95d4dc3424a9aa6ec32de06cdaf97Red Hat Security Advisory 2015-1634-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.
e2762eea5beb5fd075760c1b0b8af959cd5f3c3de8d5ef879e22ec6715b97e02Ubuntu Security Notice 2698-1 - It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Michal Zalewski discovered that SQLite incorrectly handled dequoting of collation-sequence names. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
937b9f09e2a968893a7d63eceeef3020011624592253a0fec716f4b4f447004fSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
a878dedbe56e20804e45f7a781334aab7ec38b4450537c6f93add15127d7748fGentoo Linux Security Advisory 201507-5 - Multiple vulnerabilities have been found in SQLite, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 3.8.9 are affected.
25bb7312d841f5f3b900c3e5c0ec81e6d09713156772856e0dd985686dcd1bd2Debian Linux Security Advisory 3252-2 - Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or possibly have unspecified other impact.
7a0685c71c1b4c39a53b4d0bcb788d4af7b3ae6a988220dc6050e5abb4394346Debian Linux Security Advisory 3252-1 - Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.
01ae9047c854e748060299f3f75e074a966d61e0722075a6d13479ca38341ab9Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.
d7abd24a5ede0ffb411a19c7b4916189dd8611c728e2fd9900a0d2d4bb39756e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed