Amazon Linux 2023 Security Advisory: ALAS2023-2025-971
Advisory Released Date: 2025-05-13
Advisory Updated Date: 2025-05-13
Severity:
Important
Issue Overview:
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. (CVE-2022-46908)
Affected Packages:
sqlite
Issue Correction:
Run dnf update sqlite --releasever 2023.7.20250512 to update your system.
New Packages:
aarch64:
sqlite-debuginfo-3.40.0-1.amzn2023.0.5.aarch64
sqlite-tcl-3.40.0-1.amzn2023.0.5.aarch64
sqlite-analyzer-debuginfo-3.40.0-1.amzn2023.0.5.aarch64
sqlite-analyzer-3.40.0-1.amzn2023.0.5.aarch64
lemon-debuginfo-3.40.0-1.amzn2023.0.5.aarch64
sqlite-debugsource-3.40.0-1.amzn2023.0.5.aarch64
sqlite-libs-debuginfo-3.40.0-1.amzn2023.0.5.aarch64
sqlite-tools-3.40.0-1.amzn2023.0.5.aarch64
sqlite-tcl-debuginfo-3.40.0-1.amzn2023.0.5.aarch64
sqlite-tools-debuginfo-3.40.0-1.amzn2023.0.5.aarch64
sqlite-devel-3.40.0-1.amzn2023.0.5.aarch64
lemon-3.40.0-1.amzn2023.0.5.aarch64
sqlite-libs-3.40.0-1.amzn2023.0.5.aarch64
sqlite-3.40.0-1.amzn2023.0.5.aarch64
noarch:
sqlite-doc-3.40.0-1.amzn2023.0.5.noarch
src:
sqlite-3.40.0-1.amzn2023.0.5.src
x86_64:
sqlite-libs-debuginfo-3.40.0-1.amzn2023.0.5.x86_64
sqlite-tools-debuginfo-3.40.0-1.amzn2023.0.5.x86_64
sqlite-debugsource-3.40.0-1.amzn2023.0.5.x86_64
sqlite-tcl-debuginfo-3.40.0-1.amzn2023.0.5.x86_64
sqlite-analyzer-3.40.0-1.amzn2023.0.5.x86_64
sqlite-devel-3.40.0-1.amzn2023.0.5.x86_64
sqlite-libs-3.40.0-1.amzn2023.0.5.x86_64
sqlite-analyzer-debuginfo-3.40.0-1.amzn2023.0.5.x86_64
lemon-debuginfo-3.40.0-1.amzn2023.0.5.x86_64
sqlite-debuginfo-3.40.0-1.amzn2023.0.5.x86_64
lemon-3.40.0-1.amzn2023.0.5.x86_64
sqlite-3.40.0-1.amzn2023.0.5.x86_64
sqlite-tools-3.40.0-1.amzn2023.0.5.x86_64
sqlite-tcl-3.40.0-1.amzn2023.0.5.x86_64