Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: [UPDATE] Sqlite: Information
Posted by Benjamin D. Thomas
A vulnerability has been found in sqlite, which can be exploited by malicious people to gather deleted information on sqlite database. [UPDATE] The issue is fixed in Pardus 2008
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-18 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2010-02-04
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability has been found in sqlite, which can be exploited by
malicious people to gather deleted information on sqlite database.
[UPDATE] The issue is fixed in Pardus 2008
Description
===========
Sqlite leaves a trace on the disk when using DELETE query. Although the
deleted information cannot be seen with sqlite query, it can be seen
with a text editor.
This applies to all applications which use sqlite. For example, when
Firefox clear private data feature is used, the deleted history data can
be seen in "~/.mozilla/*.default/places.sqlite" with a text editor.
Affected packages:
Pardus 2009:
sqlite, all before 3.6.20-21-9
Pardus 2008:
sqlite, all before 3.5.9-17-5
Resolution
==========
There are update(s) for sqlite. You can update them via Package Manager
or with a single command from console:
Pardus 2008:
pisi up sqlite
Pardus 2009:
pisi up sqlite
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12137
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566326
