{"id":"MGASA-2023-0208","summary":"Updated sqlite packages fix security vulnerability","details":"os_unix.c in SQLite before 3.13.0 improperly implements the temporary\ndirectory search algorithm, which might allow local users to obtain\nsensitive information, cause a denial of service (application crash), or\nhave unspecified other impact by leveraging use of the current working\ndirectory for temporary files. (CVE-2016-6153)\nIn SQLite through 3.22.0, databases whose schema is corrupted using a\nCREATE TABLE AS statement could cause a NULL pointer dereference,\nrelated to build.c and prepare (CVE-2018-8740)\n","modified":"2026-04-16T04:43:50.603759133Z","published":"2023-06-28T05:21:41Z","upstream":["CVE-2016-6153","CVE-2018-8740"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0208.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32018"},{"type":"WEB","url":"https://www.debian.org/lts/security/2023/dla-3431"}],"affected":[{"package":{"name":"sqlite","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/sqlite?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.17-26.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0208.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}