Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  SQLite resetAccumulator and Heap Buffer Overflow Vulnerability

    Posted Mon December 13, 2021 01:11 PM
    Hello, 

    I am having below vulnerability on my AIX7.1 TL5 machine.
    "SQLite resetAccumulator and Heap Buffer Overflow Vulnerability"
     

    $ rpm -qa|grep -i sqlite
    sqlite-3.15.2-1.ppc

    I have tried to upgrade the version with yum but for some reason it's giving me this weird error. 


    AIX_Toolbox | 2.6 kB 00:00
    Traceback (most recent call last):
    File "/usr/bin/yum", line 32, in <module>
    yummain.user_main(sys.argv[1:], exit_code=True)
    File "/opt/freeware/share/yum-cli/yummain.py", line 288, in user_main
    errcode = main(args)
    File "/opt/freeware/share/yum-cli/yummain.py", line 140, in main
    result, resultmsgs = base.doCommands()
    File "/opt/freeware/share/yum-cli/cli.py", line 436, in doCommands
    self._getTs(needTsRemove)
    File "/opt/freeware/lib/python2.7/site-packages/yum/depsolve.py", line 101, in _getTs
    self._getTsInfo(remove_only)
    File "/opt/freeware/lib/python2.7/site-packages/yum/depsolve.py", line 112, in _getTsInfo
    pkgSack = self.pkgSack
    File "/opt/freeware/lib/python2.7/site-packages/yum/__init__.py", line 900, in <lambda>
    pkgSack = property(fget=lambda self: self._getSacks(),
    File "/opt/freeware/lib/python2.7/site-packages/yum/__init__.py", line 681, in _getSacks
    self.repos.populateSack(which=repos)
    File "/opt/freeware/lib/python2.7/site-packages/yum/repos.py", line 294, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 164, in populate
    if self._check_db_version(repo, mydbtype):
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 222, in _check_db_version
    return repo._check_db_version(mdtype)
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1264, in _check_db_version
    repoXML = self.repoXML
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1463, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1455, in _getRepoXML
    self._loadRepoXML(text=self)
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1445, in _loadRepoXML
    return self._groupLoadRepoXML(text, self._mdpolicy2mdtypes())
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1420, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1238, in _commonLoadRepoXML
    result = self._getFileRepoXML(local, text)
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1016, in _getFileRepoXML
    size=102400) # setting max size as 100K
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 838, in _getFile
    size=size
    File "/opt/freeware/lib/python2.7/site-packages/urlgrabber/mirror.py", line 448, in urlgrab
    return self._mirror_try(func, url, kw)
    File "/opt/freeware/lib/python2.7/site-packages/urlgrabber/mirror.py", line 425, in _mirror_try
    return func_ref( *(fullurl,), opts=opts, **kw )
    File "/opt/freeware/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1172, in urlgrab
    return self._retry(opts, retryfunc, url, filename)
    File "/opt/freeware/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1064, in _retry
    r = apply(func, (opts,) + args, {})
    File "/opt/freeware/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1166, in retryfunc
    _run_callback(opts.checkfunc, obj)
    File "/opt/freeware/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1032, in _run_callback
    return cb(obj, *arg, **karg)
    File "/opt/freeware/lib/python2.7/site-packages/yum/yumRepo.py", line 1502, in _checkRepoXML
    repoXML = repoMDObject.RepoMD(self.id, filepath)
    File "/opt/freeware/lib/python2.7/site-packages/yum/repoMDObject.py", line 124, in __init__
    self.parse(srcfile)
    File "/opt/freeware/lib/python2.7/site-packages/yum/repoMDObject.py", line 140, in parse
    parser = iterparse(infile)
    File "/opt/freeware/lib/python2.7/site-packages/yum/misc.py", line 1188, in cElementTree_iterparse
    _cElementTree_import()
    File "/opt/freeware/lib/python2.7/site-packages/yum/misc.py", line 1183, in _cElementTree_import
    import cElementTree
    ImportError: No module named cElementTree

    what could be the issue here? Can someone please help here? 

    I need to fix the vulnerability. 

    Thanks,
    Sanket

    ------------------------------
    Sanket Mehta
    ------------------------------

    #AIXOpenSource


  • 2.  RE: SQLite resetAccumulator and Heap Buffer Overflow Vulnerability

    Posted Thu December 16, 2021 03:44 AM
    Hi Sanket,

    Please check this
    https://community.ibm.com/community/user/power/communities/community-home/digestviewer/viewthread?GroupId=6211&MID=142714&CommunityKey=10c1d831-47ee-4d92-a138-b03f7896f7c9&tab=digestviewer

    ------------------------------
    SANGAMESH
    ------------------------------

    Original Message


Related Content