2016-06-22
ALT-BU-2016-2845-1
Branch p8 update bulletin.
Closed vulnerabilities
Published: 2016-09-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-6153
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
- openSUSE-SU-2016:2041
- openSUSE-SU-2016:2041
- [oss-security] 20160701 SQLite Tempdir Selection Vulnerability
- [oss-security] 20160701 SQLite Tempdir Selection Vulnerability
- [oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability
- [oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability
- 91546
- 91546
- http://www.sqlite.org/cgi/src/info/67985761aa93fb61
- http://www.sqlite.org/cgi/src/info/67985761aa93fb61
- [debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update
- [debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update
- FEDORA-2016-0138339b54
- FEDORA-2016-0138339b54
- FEDORA-2019-49f80a78bc
- FEDORA-2019-49f80a78bc
- USN-4019-1
- USN-4019-1
- USN-4019-2
- USN-4019-2
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
- https://www.sqlite.org/releaselog/3_13_0.html
- https://www.sqlite.org/releaselog/3_13_0.html
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Closed bugs
apply the patch below to support -std=c++11