ELA-850-1 sqlite security update

multiple vulnerabilities

2023-05-13
Packagesqlite
Version2.8.17-12+deb8u1 (jessie), 2.8.17-14+deb9u1 (stretch)
Related CVEs CVE-2016-6153 CVE-2018-8740


Two vulnerabilities have been fixed in sqlite (V2) which which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact.

CVE-2016-6153

sqlite improperly implemented the temporary directory search algorithm, which
might allow local users to obtain sensitive information, cause a denial of
service (application crash), or have unspecified other impact by leveraging use
of the current working directory for temporary files.

CVE-2018-8740

Databases whose schema is corrupted using a CREATE TABLE AS statement could
cause a NULL pointer dereference,


For Debian 8 jessie, these problems have been fixed in version 2.8.17-12+deb8u1.

For Debian 9 stretch, these problems have been fixed in version 2.8.17-14+deb9u1.

We recommend that you upgrade your sqlite packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.