Описание
Security update for sqlite3
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
Список пакетов
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2021:2320-1
- SUSE Security Ratings
- SUSE Bug 1157818
- SUSE Bug 1158812
- SUSE Bug 1158958
- SUSE Bug 1158959
- SUSE Bug 1158960
- SUSE Bug 1159491
- SUSE Bug 1159715
- SUSE Bug 1159847
- SUSE Bug 1159850
- SUSE Bug 1160309
- SUSE Bug 1160438
- SUSE Bug 1160439
- SUSE Bug 1164719
- SUSE Bug 1172091
- SUSE Bug 1172115
- SUSE Bug 1172234
- SUSE Bug 1172236
- SUSE Bug 1172240
Описание
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Затронутые продукты
Ссылки
- CVE-2015-3414
- SUSE Bug 1085790
- SUSE Bug 1190372
- SUSE Bug 1193078
- SUSE Bug 928700
- SUSE Bug 928701
- SUSE Bug 928702
Описание
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Затронутые продукты
Ссылки
- CVE-2015-3415
- SUSE Bug 1190372
- SUSE Bug 928700
- SUSE Bug 928701
- SUSE Bug 928702
Описание
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
Затронутые продукты
Ссылки
- CVE-2019-19244
- SUSE Bug 1157817
- SUSE Bug 1157818
Описание
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2019-19317
- SUSE Bug 1158812
- SUSE Bug 1196773
- SUSE Bug 1196775
Описание
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
Затронутые продукты
Ссылки
- CVE-2019-19603
- SUSE Bug 1158960
- SUSE Bug 1193078
Описание
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Затронутые продукты
Ссылки
- CVE-2019-19645
- SUSE Bug 1158958
Описание
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Затронутые продукты
Ссылки
- CVE-2019-19646
- SUSE Bug 1158959
Описание
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Затронутые продукты
Ссылки
- CVE-2019-19880
- SUSE Bug 1159491
- SUSE Bug 1159715
- SUSE Bug 1162833
Описание
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
Затронутые продукты
Ссылки
- CVE-2019-19923
- SUSE Bug 1160309
- SUSE Bug 1162833
Описание
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
Затронутые продукты
Ссылки
- CVE-2019-19924
- SUSE Bug 1159850
Описание
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
Затронутые продукты
Ссылки
- CVE-2019-19925
- SUSE Bug 1159847
- SUSE Bug 1162833
Описание
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Затронутые продукты
Ссылки
- CVE-2019-19926
- SUSE Bug 1159491
- SUSE Bug 1159715
- SUSE Bug 1162833
Описание
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
Затронутые продукты
Ссылки
- CVE-2019-19959
- SUSE Bug 1160438
Описание
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
Затронутые продукты
Ссылки
- CVE-2019-20218
- SUSE Bug 1160439
- SUSE Bug 1189840
- SUSE Bug 1190372
- SUSE Bug 1192495
- SUSE Bug 1193078
Описание
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Затронутые продукты
Ссылки
- CVE-2020-13434
- SUSE Bug 1172115
Описание
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Затронутые продукты
Ссылки
- CVE-2020-13435
- SUSE Bug 1172091
Описание
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Затронутые продукты
Ссылки
- CVE-2020-13630
- SUSE Bug 1172234
Описание
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Затронутые продукты
Ссылки
- CVE-2020-13631
- SUSE Bug 1172236
Описание
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Затронутые продукты
Ссылки
- CVE-2020-13632
- SUSE Bug 1172240
Описание
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Затронутые продукты
Ссылки
- CVE-2020-15358
- SUSE Bug 1173641
Описание
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Затронутые продукты
Ссылки
- CVE-2020-9327
- SUSE Bug 1164719