Originally posted by: andrewgriffin

Just FYI for anyone using yum on AIX - a fairly serious vulnerability has been identified in versions of SQLite (one of yum's prerequisites) prior to 3.25.3:

https://nvd.nist.gov/vuln/detail/CVE-2018-20346

The vulnerability was fixed in SQLite 3.26, however the latest version of SQLite on IBM's AIX Toolbox repository is 3.23.  I've asked IBM and they were clear that they will not be publishing an updated SQLite rpm on the AIX Toolbox repository.  If you want to remediate this vulnerability you'll have to build your own rpm, or remove the SQLite rpm (and by extension yum as well).  The latest version (3.27) can be downloaded at https://sqlite.org

Originally posted by: Ravikanth.sh

Hi, Sqlite-3.27.1 is already uploaded, only web page needs to be updated which we will be doing soon. So that you can update your sqlite using yum. 

Originally posted by: Nitish Mishra

Hi ! You can update Sqlite-3.27.1  using yum. Toolbox webpage is not updated yet.

Originally posted by: AyappanP

https://www.ibm.com/developerworks/community/forums/html/topic?id=d6ff28d6-183d-4889-81b9-73a598241af1&ps=25

For the records, AIX Toolbox Sqlite 3.23 is not affected by the vulnerability. Please check the above thread.

Originally posted by: andrewgriffin

Thanks for the info!  The impression I got from support was that there wasn't a plan to update it