Описание
Security update for sqlite3
This update for sqlite3 fixes the following issues:
sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).
The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far:
- bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization
- bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator
- bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error
- bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input
- bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference
- bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite()
- bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive
- bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c
- bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
- bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name
- bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns
- bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements
- bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service
- bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage
- bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability
- bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names
- CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf
- CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables
- CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
Список пакетов
HPE Helion OpenStack 8
Image SLES12-SP4-Azure-BYOS
Image SLES12-SP4-EC2-HVM-BYOS
Image SLES12-SP4-GCE-BYOS
Image SLES12-SP4-SAP-Azure
Image SLES12-SP4-SAP-Azure-BYOS
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES12-SP4-SAP-EC2-HVM
Image SLES12-SP4-SAP-EC2-HVM-BYOS
Image SLES12-SP4-SAP-GCE
Image SLES12-SP4-SAP-GCE-BYOS
Image SLES12-SP5-Azure-BYOS
Image SLES12-SP5-Azure-Basic-On-Demand
Image SLES12-SP5-Azure-HPC-BYOS
Image SLES12-SP5-Azure-HPC-On-Demand
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-Azure-SAP-On-Demand
Image SLES12-SP5-Azure-Standard-On-Demand
Image SLES12-SP5-EC2-BYOS
Image SLES12-SP5-EC2-ECS-On-Demand
Image SLES12-SP5-EC2-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-BYOS
Image SLES12-SP5-GCE-On-Demand
Image SLES12-SP5-GCE-SAP-BYOS
Image SLES12-SP5-GCE-SAP-On-Demand
Image SLES12-SP5-OCI-BYOS-BYOS
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:3215-1
- E-Mail link for SUSE-SU-2021:3215-1
- SUSE Security Ratings
- SUSE Bug 1157818
- SUSE Bug 1158812
- SUSE Bug 1158958
- SUSE Bug 1158959
- SUSE Bug 1158960
- SUSE Bug 1159491
- SUSE Bug 1159715
- SUSE Bug 1159847
- SUSE Bug 1159850
- SUSE Bug 1160309
- SUSE Bug 1160438
- SUSE Bug 1160439
- SUSE Bug 1164719
- SUSE Bug 1172091
- SUSE Bug 1172115
- SUSE Bug 1172234
- SUSE Bug 1172236
Описание
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Затронутые продукты
Ссылки
- CVE-2015-3414
- SUSE Bug 1085790
- SUSE Bug 1190372
- SUSE Bug 1193078
- SUSE Bug 928700
- SUSE Bug 928701
- SUSE Bug 928702
Описание
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Затронутые продукты
Ссылки
- CVE-2015-3415
- SUSE Bug 1190372
- SUSE Bug 928700
- SUSE Bug 928701
- SUSE Bug 928702
Описание
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Затронутые продукты
Ссылки
- CVE-2016-6153
- SUSE Bug 1149969
- SUSE Bug 987394
Описание
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2017-10989
- SUSE Bug 1131919
- SUSE Bug 1132045
Описание
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
Затронутые продукты
Ссылки
- CVE-2017-2518
- SUSE Bug 1155787
- SUSE Bug 1194085
Описание
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Затронутые продукты
Ссылки
- CVE-2018-20346
- SUSE Bug 1119687
- SUSE Bug 1120335
- SUSE Bug 1131576
- SUSE Bug 1131918
- SUSE Bug 1131919
- SUSE Bug 1148893
- SUSE Bug 1169664
Описание
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
Затронутые продукты
Ссылки
- CVE-2018-8740
- SUSE Bug 1085790
- SUSE Bug 1131919
Описание
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Затронутые продукты
Ссылки
- CVE-2019-16168
- SUSE Bug 1150137
- SUSE Bug 1160968
Описание
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
Затронутые продукты
Ссылки
- CVE-2019-19244
- SUSE Bug 1157817
- SUSE Bug 1157818
Описание
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2019-19317
- SUSE Bug 1158812
- SUSE Bug 1196773
- SUSE Bug 1196775
Описание
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
Затронутые продукты
Ссылки
- CVE-2019-19603
- SUSE Bug 1158960
- SUSE Bug 1193078
Описание
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Затронутые продукты
Ссылки
- CVE-2019-19645
- SUSE Bug 1158958
Описание
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Затронутые продукты
Ссылки
- CVE-2019-19646
- SUSE Bug 1158959
Описание
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Затронутые продукты
Ссылки
- CVE-2019-19880
- SUSE Bug 1159491
- SUSE Bug 1159715
- SUSE Bug 1162833
Описание
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
Затронутые продукты
Ссылки
- CVE-2019-19923
- SUSE Bug 1160309
- SUSE Bug 1162833
Описание
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
Затронутые продукты
Ссылки
- CVE-2019-19924
- SUSE Bug 1159850
Описание
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
Затронутые продукты
Ссылки
- CVE-2019-19925
- SUSE Bug 1159847
- SUSE Bug 1162833
Описание
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Затронутые продукты
Ссылки
- CVE-2019-19926
- SUSE Bug 1159491
- SUSE Bug 1159715
- SUSE Bug 1162833
Описание
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
Затронутые продукты
Ссылки
- CVE-2019-19959
- SUSE Bug 1160438
Описание
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
Затронутые продукты
Ссылки
- CVE-2019-20218
- SUSE Bug 1160439
- SUSE Bug 1189840
- SUSE Bug 1190372
- SUSE Bug 1192495
- SUSE Bug 1193078
Описание
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Затронутые продукты
Ссылки
- CVE-2019-8457
- SUSE Bug 1136976
- SUSE Bug 1145004
- SUSE Bug 1154162
Описание
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Затронутые продукты
Ссылки
- CVE-2020-13434
- SUSE Bug 1172115
Описание
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Затронутые продукты
Ссылки
- CVE-2020-13435
- SUSE Bug 1172091
Описание
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Затронутые продукты
Ссылки
- CVE-2020-13630
- SUSE Bug 1172234
Описание
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Затронутые продукты
Ссылки
- CVE-2020-13631
- SUSE Bug 1172236
Описание
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Затронутые продукты
Ссылки
- CVE-2020-13632
- SUSE Bug 1172240
Описание
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Затронутые продукты
Ссылки
- CVE-2020-15358
- SUSE Bug 1173641
Описание
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Затронутые продукты
Ссылки
- CVE-2020-9327
- SUSE Bug 1164719