Описание
Security update for sqlite3
This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:
- CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326).
- CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libsqlite3-0-3.28.0-lp150.2.6.1
libsqlite3-0-32bit-3.28.0-lp150.2.6.1
sqlite3-3.28.0-lp150.2.6.1
sqlite3-devel-3.28.0-lp150.2.6.1
sqlite3-doc-3.28.0-lp150.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1372-1
- SUSE Security Ratings
- SUSE Bug 1130325
- SUSE Bug 1130326
- SUSE CVE CVE-2019-9936 page
- SUSE CVE CVE-2019-9937 page
Описание
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
Затронутые продукты
openSUSE Leap 15.0:libsqlite3-0-3.28.0-lp150.2.6.1
openSUSE Leap 15.0:libsqlite3-0-32bit-3.28.0-lp150.2.6.1
openSUSE Leap 15.0:sqlite3-3.28.0-lp150.2.6.1
openSUSE Leap 15.0:sqlite3-devel-3.28.0-lp150.2.6.1
Ссылки
- CVE-2019-9936
- SUSE Bug 1130326
- SUSE Bug 1154162
Описание
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
Затронутые продукты
openSUSE Leap 15.0:libsqlite3-0-3.28.0-lp150.2.6.1
openSUSE Leap 15.0:libsqlite3-0-32bit-3.28.0-lp150.2.6.1
openSUSE Leap 15.0:sqlite3-3.28.0-lp150.2.6.1
openSUSE Leap 15.0:sqlite3-devel-3.28.0-lp150.2.6.1
Ссылки
- CVE-2019-9937
- SUSE Bug 1130325
- SUSE Bug 1154162