openSUSE-SU-2019:1426

http://marc.info/?l=sqlite-users&m=149933696214713&w=2

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

99502

1039427

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405

https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937

[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update

https://sqlite.org/src/info/66de6f4a

https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26

https://support.apple.com/HT208112

https://support.apple.com/HT208113

https://support.apple.com/HT208115

https://support.apple.com/HT208144

It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2518, CVE-2017-2520)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-20505)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153)

It was discovered that SQLite incorrectly handled certain databases.
An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-10989)

It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2519).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for sqlite3 fixes the following issues :

Security issue fixed :

CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976).

CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).

CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for sqlite3 fixes the following issues :

Security issue fixed :

  - CVE-2018-8740: Fixed a NULL pointer dereference related     to corrupted databases schemas (bsc#1085790).

  - CVE-2017-10989: Fixed a heap-based buffer over-read in     getNodeSize() (bsc#1132045).

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This update for sqlite3 fixes the following issues :

Security issue fixed :

CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).

CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Apple iOS running on the mobile device is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208143 security advisory.

The remote host is running a version of macOS that is prior to 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Apache
 - AppSandbox
 - AppleScript
 - Application Firewall
 - ATS
 - Audio
 - CFNetwork
 - CFNetwork Proxies
 - CFString
 - Captive Network Assistant
 - CoreAudio
 - CoreText
 - DesktopServices
 - Directory Utility
 - file
 - Fonts
 - fsck_msdos
 - HFS
 - Heimdal
 - HelpViewer
 - IOFireWireFamily
 - ImageIO
 - Installer
 - Kernel
 - kext tools
 - libarchive
 - libc
 - libexpat
 - Mail
 - Mail Drafts
 - ntp
 - Open Scripting Architecture
 - PCRE
 - Postfix
 - Quick Look
 - QuickTime
 - Remote Management
 - SQLite
 - Sandbox
 - Screen Lock
 - Security
 - Spotlight
 - WebKit
 - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - os_unix.c in SQLite before 3.13.0 improperly implements     the temporary directory search algorithm, which might     allow local users to obtain sensitive information,     cause a denial of service (application crash), or have     unspecified other impact by leveraging use of the     current working directory for temporary     files.(CVE-2016-6153)

  - The getNodeSize function in ext/rtree/rtree.c in SQLite     through 3.19.3, as used in GDAL and other products,     mishandles undersized RTree blobs in a crafted     database, leading to a heap-based buffer over-read or     possibly unspecified other impact.(CVE-2017-10989)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the sqlite package has been released.

Several flaws were corrected in SQLite, a SQL database engine.

CVE-2017-2518

A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement.

CVE-2017-2519

Insufficient size of the reference count on Table objects could lead to a denial of service or arbitrary code execution.

CVE-2017-2520

The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial of service.

CVE-2017-10989

SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact.

CVE-2018-8740

Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference.

For Debian 8 'Jessie', these problems have been fixed in version 3.8.7.1-1+deb8u4.

We recommend that you upgrade your sqlite3 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [linux,sqlite-autoconf,libxslt] packages for PhotonOS has been released.

The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - AppSandbox
  - AppleScript
  - Application Firewall
  - ATS
  - Audio
  - CFNetwork
  - CFNetwork Proxies
  - CFString
  - Captive Network Assistant
  - CoreAudio
  - CoreText
  - DesktopServices
  - Directory Utility
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - IOFireWireFamily
  - ImageIO
  - Installer
  - Kernel
  - kext tools
  - libarchive
  - libc
  - libexpat
  - Mail
  - Mail Drafts
  - ntp
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - SQLite
  - Sandbox
  - Screen Lock
  - Security
  - Spotlight
  - WebKit
  - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Google reports :

A heap-buffer overflow (sometimes a crash) can arise when running a SQL request on malformed sqlite3 databases.

Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function

Additionally sqlite has been updated to version 3.19.3, and spatialite-tools rebuilt for the update.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a heap-based buffer over-read vulnerability in SQLite, a lightweight database engine. The getNodeSize function in ext/rtree/rtree.c mishandled undersized RTree blobs in a specially crafted database,

For Debian 7 'Wheezy', this issue has been fixed in sqlite3 version 3.7.13-1+deb7u4.

We recommend that you upgrade your sqlite3 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
126065	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : sqlite3 vulnerabilities (USN-4019-1)	Nessus	Ubuntu Local Security Checks	high
125986	SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)	Nessus	SuSE Local Security Checks	high
125325	openSUSE Security Update : sqlite3 (openSUSE-2019-1426)	Nessus	SuSE Local Security Checks	high
124856	SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1208-1)	Nessus	SuSE Local Security Checks	high
700542	Apple iOS < 11.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
700511	macOS < 10.13 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
123743	EulerOS Virtualization 2.5.3 : sqlite (EulerOS-SA-2019-1275)	Nessus	Huawei Local Security Checks	high
121717	Photon OS 1.0: Sqlite PHSA-2017-0025	Nessus	PhotonOS Local Security Checks	high
121133	Debian DLA-1633-1 : sqlite3 security update	Nessus	Debian Local Security Checks	high
111874	Photon OS 1.0: Libxslt / Linux / Sqlite PHSA-2017-0025 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
103598	macOS < 10.13 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
102279	FreeBSD : sqlite3 -- heap-buffer overflow (9245681c-7c3c-11e7-b5af-a4badb2f4699)	Nessus	FreeBSD Local Security Checks	high
101868	Fedora 24 : sqlite (2017-9b752904ed)	Nessus	Fedora Local Security Checks	high
101776	Fedora 25 : sqlite (2017-447e926933)	Nessus	Fedora Local Security Checks	high
101607	Fedora 26 : spatialite-tools / sqlite (2017-357f9df699)	Nessus	Fedora Local Security Checks	high
101319	Debian DLA-1018-1 : sqlite3 security update	Nessus	Debian Local Security Checks	high

CVE-2017-10989

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins