[CLSA-2026:1782144113] Fix CVE(s): CVE-2026-11822, CVE-2026-11824
Type:
security
Severity:
Important
Release date:
2026-06-22 16:02:08 UTC
Description:
* SECURITY UPDATE: memory corruption in FTS5 full-text search extension - debian/patches/CVE-2026-11822-and-11824.patch: tighten leaf-page validation in fts5LeafRead() to reject pages with szLeaf < 4. Closes both the OOB read in fts5LeafSeek() (CVE-2026-11822) and the heap buffer overflow via integer underflow in fts5ChunkIterate() (CVE-2026-11824) at a single chokepoint. - CVE-2026-11822 - CVE-2026-11824
Updated packages:
  • lemon_3.22.0-1ubuntu0.7+tuxcare.els4_amd64.deb
    sha:e7ed1b8fab1f768a07204e1aee1e209e4a66c27e
  • libsqlite3-0_3.22.0-1ubuntu0.7+tuxcare.els4_amd64.deb
    sha:c5dbc405ffc3239ade23f8aad6cadf6892f4ac79
  • libsqlite3-dev_3.22.0-1ubuntu0.7+tuxcare.els4_amd64.deb
    sha:b1dc449dde0b26384fdbef50a136bafb73651d7f
  • libsqlite3-tcl_3.22.0-1ubuntu0.7+tuxcare.els4_amd64.deb
    sha:65c55c600d2eccb0e6ca9268a9066ad119e64527
  • sqlite3_3.22.0-1ubuntu0.7+tuxcare.els4_amd64.deb
    sha:7c3b241033d6f9096b5e0d5df0656a5b4f5b3db6
  • sqlite3-doc_3.22.0-1ubuntu0.7+tuxcare.els4_all.deb
    sha:627df802ad030a328236589c994442c094414556
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.