Bug 1469672 (CVE-2017-10989)
Summary: | CVE-2017-10989 sqlite: Heap-buffer overflow in the getNodeSize function | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | alex, bmcclain, cfergeau, databases-maint, drizt72, eedri, erik-fedora, fedora-mingw, fedora, hhorak, jakub.dornak, lsurette, mgoldboi, michal.skrivanek, mschorm, pkubat, praiskup, rh-spice-bugs, rjones, sardella, srevivo, wilmer5, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 11:54:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1469677, 1469673, 1469674, 1469675, 1469676 | ||
Bug Blocks: | 1469678 |
Description
Andrej Nemec
2017-07-11 15:27:50 UTC
Created mingw-sqlite tracking bugs for this issue: Affects: epel-7 [bug 1469674] Affects: fedora-all [bug 1469676] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1469673] Created sqlite2 tracking bugs for this issue: Affects: epel-all [bug 1469677] Affects: fedora-all [bug 1469675] This seems to only affect sqlite versions older than 3.17 as, according to the sqlite developers and the reporter of the Ubuntu bug, the issue has been indirectly fixed in version 3.17. For later versions the patch serves only to detect the issue earlier and to provide the user with a more useful error message. |