An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for sqlite3 fixes the following issues:
CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are
used in a string argument to a C API (bnc#1201783).
CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a
column has no collating sequence (bsc#1189802).
Package the Tcl bindings here again so that we only ship one copy of
SQLite (bsc#1195773).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or âzypper patchâ.
Alternatively you can run the command listed for your product:
openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3307=1
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3307=1
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3307=1
SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3307=1
SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3307=1
SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3307=1
SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3307=1