-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:091 http://www.mandriva.com/security/ _______________________________________________________________________ Package : sqlite Date : April 18, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A buffer overflow in sqlite could allow context-dependent attackers to execute arbitrary code via an empty value of the 'in' parameter. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1888 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 2e406be8ce05a67e481b0100791d1c27 2007.0/i586/libsqlite0-2.8.17-5.1mdv2007.0.i586.rpm 1a028c248b42f429d32d2ae6dacfac85 2007.0/i586/libsqlite0-devel-2.8.17-5.1mdv2007.0.i586.rpm 43fb4503583f6f7eef72c7318e80368d 2007.0/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.0.i586.rpm 327064ab9c808db9ab413fbe3beb6a6f 2007.0/i586/sqlite-tools-2.8.17-5.1mdv2007.0.i586.rpm 5df9576e9e320a86dc22426fe47a1b85 2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 70703690ed3dbbc678ab7e0c0831de46 2007.0/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.0.x86_64.rpm e9d133f9bed317abe5862b10050ad06d 2007.0/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.0.x86_64.rpm 497f82c060fd2e7c1b3dbaf862cb3371 2007.0/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.0.x86_64.rpm 8c3a909b462cac73e5287a97a61e48d1 2007.0/x86_64/sqlite-tools-2.8.17-5.1mdv2007.0.x86_64.rpm 5df9576e9e320a86dc22426fe47a1b85 2007.0/SRPMS/sqlite-2.8.17-5.1mdv2007.0.src.rpm Mandriva Linux 2007.1: ef3a736cb35778d7ba62f09d16fbdeb6 2007.1/i586/libsqlite0-2.8.17-5.1mdv2007.1.i586.rpm 3f925f2ffb3b824783418d48e05c1a08 2007.1/i586/libsqlite0-devel-2.8.17-5.1mdv2007.1.i586.rpm ca2b601fcd4d03b200aa1d57344503db 2007.1/i586/libsqlite0-static-devel-2.8.17-5.1mdv2007.1.i586.rpm ac72680762722065321b4e1b5526b42a 2007.1/i586/sqlite-tools-2.8.17-5.1mdv2007.1.i586.rpm 41181d8d5767577a7aadf6847d0e6001 2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: c3325217fc33dd3e9d934777db30fdd2 2007.1/x86_64/lib64sqlite0-2.8.17-5.1mdv2007.1.x86_64.rpm 3cfd8765924887ab082ed902b09a5577 2007.1/x86_64/lib64sqlite0-devel-2.8.17-5.1mdv2007.1.x86_64.rpm 64ec9faa0b6d1f31d118b188984bfebf 2007.1/x86_64/lib64sqlite0-static-devel-2.8.17-5.1mdv2007.1.x86_64.rpm 6391fdadf99aca86ad746b86a5724cf1 2007.1/x86_64/sqlite-tools-2.8.17-5.1mdv2007.1.x86_64.rpm 41181d8d5767577a7aadf6847d0e6001 2007.1/SRPMS/sqlite-2.8.17-5.1mdv2007.1.src.rpm Corporate 3.0: 884a85d61c019447a996d2dc5e74f831 corporate/3.0/i586/libsqlite0-2.8.6-1.1.C30mdk.i586.rpm 2b7ebd04232c8dd1f16c15ae9e3ca246 corporate/3.0/i586/libsqlite0-devel-2.8.6-1.1.C30mdk.i586.rpm 6ff596f03bf586a8a1817b5879219ef6 corporate/3.0/i586/libsqlite0-static-devel-2.8.6-1.1.C30mdk.i586.rpm cbb31f524ca0dc532241a70f643f260d corporate/3.0/i586/sqlite-tools-2.8.6-1.1.C30mdk.i586.rpm 591320e6f66d0e11462691b504538c75 corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: e44aecce58d89d6e9c572bb1b54d21bb corporate/3.0/x86_64/lib64sqlite0-2.8.6-1.1.C30mdk.x86_64.rpm 6eb545a83235f228d6c6ff7f64a9e31d corporate/3.0/x86_64/lib64sqlite0-devel-2.8.6-1.1.C30mdk.x86_64.rpm 46bad07156a3b7b00e6d90e7e39c226e corporate/3.0/x86_64/lib64sqlite0-static-devel-2.8.6-1.1.C30mdk.x86_64.rpm f84a83b0c7c59e9a23344ef25acc39bc corporate/3.0/x86_64/sqlite-tools-2.8.6-1.1.C30mdk.x86_64.rpm 591320e6f66d0e11462691b504538c75 corporate/3.0/SRPMS/sqlite-2.8.6-1.1.C30mdk.src.rpm Corporate 4.0: d0f9f18d41cf8ec6c0dca0843d540f36 corporate/4.0/i586/libsqlite0-2.8.16-1.1.20060mlcs4.i586.rpm daa4deabc744564029f7e6c1fb41f8f8 corporate/4.0/i586/libsqlite0-devel-2.8.16-1.1.20060mlcs4.i586.rpm 8ec49fe224ac080833dde12d785a4100 corporate/4.0/i586/libsqlite0-static-devel-2.8.16-1.1.20060mlcs4.i586.rpm fb5c6833f75cd5038817a5e392f29fa0 corporate/4.0/i586/sqlite-tools-2.8.16-1.1.20060mlcs4.i586.rpm 36684a0c204b9bb2a9fadd2fa3bf9623 corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: bc4ffea8cb466d25735875e6623580c1 corporate/4.0/x86_64/lib64sqlite0-2.8.16-1.1.20060mlcs4.x86_64.rpm 1b145271b1a30cdfe07b3c01026b95ee corporate/4.0/x86_64/lib64sqlite0-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm 3a3418515f799275748feab6e7bf3c0e corporate/4.0/x86_64/lib64sqlite0-static-devel-2.8.16-1.1.20060mlcs4.x86_64.rpm 43d492190968a3cfd4903670944d6156 corporate/4.0/x86_64/sqlite-tools-2.8.16-1.1.20060mlcs4.x86_64.rpm 36684a0c204b9bb2a9fadd2fa3bf9623 corporate/4.0/SRPMS/sqlite-2.8.16-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGJt70mqjQ0CJFipgRAimNAJ0Ww+tU3ol8WRVzZn+YXfOrpmOFvQCgmbJw INyPPbd8fuFsrVj7FtNIlio= =s+p3 -----END PGP SIGNATURE-----