操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2024-1047)

摘要:

sqlite security update

安全等级: High

公告ID: KylinSec-SA-2024-1047

发布日期: 2024年1月12日

关联CVE: CVE-2023-7104

详细介绍

1. 漏洞描述

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools.

Security Fix(es):

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-7104	KY3.4-4A	sqlite	Fixed
CVE-2023-7104	KY3.4-5A	sqlite	Fixed
CVE-2023-7104	KY3.5.1	sqlite	Fixed
CVE-2023-7104	KY3.5.2	sqlite	Fixed

3. 影响组件

sqlite

4. 修复版本

KY3.5.1

软件名称	架构	版本号
sqlite-help	noarch	3.37.2-7.kb1.ky3_5
sqlite	x86_64	3.37.2-7.kb1.ky3_5
sqlite-devel	x86_64	3.37.2-7.kb1.ky3_5
sqlite-devel	aarch64	3.37.2-7.kb1.ky3_5
sqlite	aarch64	3.37.2-7.kb1.ky3_5

KY3.4-4A

软件名称	架构	版本号
sqlite-help	noarch	3.32.3-7.kb1.ky3_4
sqlite-devel	x86_64	3.32.3-7.kb1.ky3_4
sqlite	x86_64	3.32.3-7.kb1.ky3_4
sqlite-devel	aarch64	3.32.3-7.kb1.ky3_4
sqlite	aarch64	3.32.3-7.kb1.ky3_4

KY3.4-5A

软件名称	架构	版本号
sqlite-help	noarch	3.32.3-7.kb1.ky3_4
sqlite	x86_64	3.32.3-7.kb1.ky3_4
sqlite-devel	x86_64	3.32.3-7.kb1.ky3_4
sqlite	aarch64	3.32.3-7.kb1.ky3_4
sqlite-devel	aarch64	3.32.3-7.kb1.ky3_4