[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2340-1] sqlite3 security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-2340-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
August 22, 2020                               https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : sqlite3
Version        : 3.16.2-5+deb9u2
CVE ID         : CVE-2018-8740 CVE-2018-20346 CVE-2018-20506 CVE-2019-5827 
                 CVE-2019-9936 CVE-2019-9937 CVE-2019-16168 CVE-2019-20218 
                 CVE-2020-11655 CVE-2020-13434 CVE-2020-13630 CVE-2020-13632 
                 CVE-2020-13871
Debian Bug     : 

Several vulnerabilities have been discovered in sqlite3, a C library that
implements an SQL database engine.

CVE-2018-8740

    Databases whose schema is corrupted using a CREATE TABLE AS statement
    could cause a NULL pointer dereference.

CVE-2018-20346

    When the FTS3 extension is enabled, sqlite3 encounters an integer
    overflow (and resultant buffer overflow) for FTS3 queries that occur
    after crafted changes to FTS3 shadow tables, allowing remote
    attackers to execute arbitrary code by leveraging the ability to run
    arbitrary SQL statements.

CVE-2018-20506

    When the FTS3 extension is enabled, sqlite3 encounters an integer
    overflow (and resultant buffer overflow) for FTS3 queries in a
    "merge" operation that occurs after crafted changes to FTS3 shadow
    tables, allowing remote attackers to execute arbitrary code by
    leveraging the ability to run arbitrary SQL statements

CVE-2019-5827

    Integer overflow allowed a remote attacker to potentially exploit
    heap corruption via a crafted HTML page, primarily impacting
    chromium.

CVE-2019-9936

    Running fts5 prefix queries inside a transaction could trigger a
    heap-based buffer over-read, which may lead to an information leak.

CVE-2019-9937

    Interleaving reads and writes in a single transaction with an fts5
    virtual table will lead to a NULL Pointer Dereference.

CVE-2019-16168

    A browser or other application can be triggered to crash because of
    inadequate parameter validation which could lead to a divide-by-zero
    error.

CVE-2019-20218

    WITH stack unwinding proceeds even after a parsing error, resulting
    in a possible application crash.

CVE-2020-13630

    The code related to the snippet feature exhibits a use-after-free
    defect.

CVE-2020-13632

    A crafted matchinfo() query can lead to a NULL pointer dereference.

CVE-2020-13871

    The parse tree rewrite for window functions is too late, leading to
    a use-after-free defect.

CVE-2020-11655

    An improper initialization of AggInfo objects allows attackers to
    cause a denial of service (segmentation fault) via a malformed
    window-function query.

CVE-2020-13434

    The code in sqlite3_str_vappendf in printf.c contains an integer
    overflow defect.

For Debian 9 stretch, these problems have been fixed in version
3.16.2-5+deb9u2.

We recommend that you upgrade your sqlite3 packages.

For the detailed security status of sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sqlite3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: