PublicDateAtUSN: 2016-09-26
Candidate: CVE-2016-6153
PublicDate: 2016-09-26 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153
 https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
 https://www.sqlite.org/releaselog/3_13_0.html
 https://ubuntu.com/security/notices/USN-4019-1
 https://ubuntu.com/security/notices/USN-4019-2
Description:
 os_unix.c in SQLite before 3.13.0 improperly implements the temporary
 directory search algorithm, which might allow local users to obtain
 sensitive information, cause a denial of service (application crash), or
 have unspecified other impact by leveraging use of the current working
 directory for temporary files.
Ubuntu-Description:
Notes:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [5.9 MEDIUM]

Patches_sqlite:
upstream_sqlite: needs-triage
precise_sqlite: ignored (reached end-of-life)
precise/esm_sqlite: DNE (precise was needs-triage)
trusty_sqlite: not-affected (code not present)
trusty/esm_sqlite: not-affected (code not present)
vivid/ubuntu-core_sqlite: DNE
vivid/stable-phone-overlay_sqlite: DNE
wily_sqlite: ignored (reached end-of-life)
xenial_sqlite: not-affected (code not present)
yakkety_sqlite: ignored (reached end-of-life)
zesty_sqlite: ignored (reached end-of-life)
artful_sqlite: ignored (reached end-of-life)
bionic_sqlite: not-affected (code not present)
cosmic_sqlite: not-affected (code not present)
disco_sqlite: not-affected (code not present)
devel_sqlite: not-affected (code not present)

Patches_sqlite3:
 upstream: https://www.sqlite.org/cgi/src/info/67985761aa93fb61
 upstream: https://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
 upstream: https://www.sqlite.org/cgi/src/info/614bb709d34e1148
upstream_sqlite3: released (3.13.0-1)
precise_sqlite3: ignored (reached end-of-life)
precise/esm_sqlite3: released (3.7.9-2ubuntu1.3)
trusty_sqlite3: ignored (reached end-of-life)
trusty/esm_sqlite3: released (3.8.2-1ubuntu2.2+esm1)
vivid/ubuntu-core_sqlite3: ignored (reached end-of-life)
vivid/stable-phone-overlay_sqlite3: ignored (reached end-of-life)
wily_sqlite3: ignored (reached end-of-life)
xenial_sqlite3: released (3.11.0-1ubuntu1.2)
esm-infra/xenial_sqlite3: released (3.11.0-1ubuntu1.2)
yakkety_sqlite3: not-affected (3.13.0-1)
zesty_sqlite3: not-affected (3.13.0-1)
artful_sqlite3: not-affected (3.13.0-1)
bionic_sqlite3: not-affected (3.13.0-1)
cosmic_sqlite3: not-affected (3.13.0-1)
disco_sqlite3: not-affected (3.13.0-1)
devel_sqlite3: not-affected (3.13.0-1)