USN-6566-2: SQLite vulnerability
24759
22 August 2024
22 August 2024
CLOSED
MEDIUM
CVE-2023-7104
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 18.04
- Cflinuxfs3
Description
USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly use this issue to cause SQLite to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6566-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.7+esm1 libsqlite3-0 - 3.22.0-1ubuntu0.7+esm1 libsqlite3-dev - 3.22.0-1ubuntu0.7+esm1 libsqlite3-tcl - 3.22.0-1ubuntu0.7+esm1 sqlite3 - 3.22.0-1ubuntu0.7+esm1 sqlite3-doc - 3.22.0-1ubuntu0.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
Fixed VMware Products and Versions
- Cflinuxfs3
- 0.390.0 or greater
- Platform Automation Toolkit
- 4.4.32 or greater
- 5.0.25 or greater
- 5.1 or greater
- CF Deployment
- 30.0.0
References
https://ubuntu.com/security/notices/USN-6566-2
https://www.cloudfoundry.org/blog/usn-6566-2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6566-2
History
2024-06-26: Initial vulnerability report published.