[CLSA-2026:1781557794] Fix CVE(s): CVE-2026-11822, CVE-2026-11824
Type:
security
Severity:
Important
Release date:
2026-06-15 22:13:44 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in FTS5 corrupt-record handling - debian/patches/CVE-2026-11822-and-11824.patch: reject leaf pages with szLeaf < 4 in fts5LeafRead() in ext/fts5/fts5_index.c, closing the out-of-bounds read / heap buffer overflow paths in fts5ChunkIterate() and fts5LeafSeek(). - CVE-2026-11822 - CVE-2026-11824
Updated packages:
  • lemon_3.31.1-4ubuntu0.7+tuxcare.els2_amd64.deb
    sha:a6e2661f3288658cb4ae5b89a1cc4527f8e1c484
  • libsqlite3-0_3.31.1-4ubuntu0.7+tuxcare.els2_amd64.deb
    sha:d7e39e0b0cf052d10355eec76aa236c93b363b20
  • libsqlite3-dev_3.31.1-4ubuntu0.7+tuxcare.els2_amd64.deb
    sha:3280709bcd663d65ace5981c4253e82ad8895806
  • libsqlite3-tcl_3.31.1-4ubuntu0.7+tuxcare.els2_amd64.deb
    sha:37bee208ca00ad6ee4f47ea9c11378d0810e7210
  • sqlite3_3.31.1-4ubuntu0.7+tuxcare.els2_amd64.deb
    sha:f3b6da3104dffa5e97b344fb26332425833b71de
  • sqlite3-doc_3.31.1-4ubuntu0.7+tuxcare.els2_all.deb
    sha:ebe4b69a129ff07190f8cb516ec198bad12acf43
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.