Security update for sqlite3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2041-1 Final 1 1 2016-08-11T11:53:27Z current 2016-08-11T11:53:27Z 2016-08-11T11:53:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sqlite3 This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html E-Mail link for openSUSE-SU-2016:2041-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libsqlite3-0-3.8.10.2-7.1 libsqlite3-0-32bit-3.8.10.2-7.1 sqlite3-3.8.10.2-7.1 sqlite3-devel-3.8.10.2-7.1 sqlite3-doc-3.8.10.2-7.1 libsqlite3-0-3.8.10.2-7.1 as a component of openSUSE Leap 42.1 libsqlite3-0-32bit-3.8.10.2-7.1 as a component of openSUSE Leap 42.1 sqlite3-3.8.10.2-7.1 as a component of openSUSE Leap 42.1 sqlite3-devel-3.8.10.2-7.1 as a component of openSUSE Leap 42.1 sqlite3-doc-3.8.10.2-7.1 as a component of openSUSE Leap 42.1 os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. CVE-2016-6153 openSUSE Leap 42.1:libsqlite3-0-3.8.10.2-7.1 openSUSE Leap 42.1:libsqlite3-0-32bit-3.8.10.2-7.1 openSUSE Leap 42.1:sqlite3-3.8.10.2-7.1 openSUSE Leap 42.1:sqlite3-devel-3.8.10.2-7.1 openSUSE Leap 42.1:sqlite3-doc-3.8.10.2-7.1 low 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html https://www.suse.com/security/cve/CVE-2016-6153.html CVE-2016-6153 https://bugzilla.suse.com/1149969 SUSE Bug 1149969 https://bugzilla.suse.com/987394 SUSE Bug 987394