| Package | sqlite |
|---|---|
| Version | 2.8.17-12+deb8u1 (jessie), 2.8.17-14+deb9u1 (stretch) |
| Related CVEs | CVE-2016-6153 CVE-2018-8740 |
Two vulnerabilities have been fixed in sqlite (V2) which which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact.
CVE-2016-6153
sqlite improperly implemented the temporary directory search algorithm, which
might allow local users to obtain sensitive information, cause a denial of
service (application crash), or have unspecified other impact by leveraging use
of the current working directory for temporary files.
CVE-2018-8740
Databases whose schema is corrupted using a CREATE TABLE AS statement could
cause a NULL pointer dereference,
For Debian 8 jessie, these problems have been fixed in version 2.8.17-12+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 2.8.17-14+deb9u1.
We recommend that you upgrade your sqlite packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.