|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause DOS | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Reinhard Max <max> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P5 - None | CC: | smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/228738/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexandros Toptsoglou
2019-04-04 13:15:39 UTC
After code review it was found that none of our codestreams is affected. Going through the version changes it seems that this vulnerability introduced in version 3.22.0 and fixed in version 3.26.0. The fix was also back-ported in version 3.25.3. Regarding our codestreams: SLE15 ships an already fixed version of sqlite3 All the other codestreams are older and are not affected. Regarding openSUSE: TW ships an already fixed version LEAP 15 is currently vulnerable but an update will be soon published (release request has already been created [1]) LEAP 42.3 is not affected [1] https://build.opensuse.org/request/show/689425 |