Executive Summary
Summary | |
---|---|
Title | sqlite security update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:1634 | First vendor Publication | 2015-08-17 |
Vendor | RedHat | Last vendor Modification | 2015-08-17 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated sqlite package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-1634.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-09-24 | IAVM : 2015-A-0222 - Multiple Security Vulnerabilities in Apple iOS Severity : Category I - VMSKEY : V0061471 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-05-08 | Name : The remote host contains an application that is affected by multiple vulnerab... File : macos_itunes_12_6.nasl - Type : ACT_GATHER_INFO |
2017-05-08 | Name : An application running on the remote host is affected by multiple vulnerabili... File : itunes_12_6_banner.nasl - Type : ACT_GATHER_INFO |
2017-05-08 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : itunes_12_6.nasl - Type : ACT_GATHER_INFO |
2016-06-08 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16950.nasl - Type : ACT_GATHER_INFO |
2015-10-05 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11.nasl - Type : ACT_GATHER_INFO |
2015-09-03 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-591.nasl - Type : ACT_GATHER_INFO |
2015-08-19 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0115.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1635.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150817_sqlite_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150817_sqlite_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1635.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1634.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1635.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1634.nasl - Type : ACT_GATHER_INFO |
2015-08-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1634.nasl - Type : ACT_GATHER_INFO |
2015-07-31 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2698-1.nasl - Type : ACT_GATHER_INFO |
2015-07-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-198-02.nasl - Type : ACT_GATHER_INFO |
2015-07-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-563.nasl - Type : ACT_GATHER_INFO |
2015-07-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-562.nasl - Type : ACT_GATHER_INFO |
2015-07-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-561.nasl - Type : ACT_GATHER_INFO |
2015-07-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201507-05.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_10.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_26.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_4_42.nasl - Type : ACT_GATHER_INFO |
2015-05-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3252.nasl - Type : ACT_GATHER_INFO |
2015-05-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-217.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dec3164f312145efaf18bb113ac5082f.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-12-05 13:28:16 |
|
2015-08-19 13:30:23 |
|
2015-08-17 17:26:59 |
|