USN-6566-1: SQLite vulnerabilities
3 January 2024
Several security issues were fixed in SQLite.
Releases
Packages
- sqlite3 - C library that implements an SQL database engine
Details
It was discovered that SQLite incorrectly handled certain protection
mechanisms when using a CLI script with the --safe option, contrary to
expectations. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-46908)
It was discovered that SQLite incorrectly handled certain memory operations
in the sessions extension. A remote attacker could possibly use this issue
to cause SQLite to crash, resulting in a denial of service. (CVE-2023-7104)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
Ubuntu 23.04
Ubuntu 22.04
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6566-2: libsqlite3-tcl, libsqlite3-0, sqlite3-doc, libsqlite3-dev, sqlite3, lemon