openSUSE-SU-2019:1372

107562

[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update

FEDORA-2019-8641591b3c

FEDORA-2019-a01751837d

GLSA-201908-09

https://security.netapp.com/advisory/ntap-20190416-0005/

https://sqlite.org/src/info/45c73deb440496e8

USN-4019-1

https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html

https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - In SQLite 3.27.2, interleaving reads and writes in a     single transaction with an fts5 virtual table will lead     to a NULL Pointer Dereference in fts5ChunkIterate in     sqlite3.c. This is related to ext/fts5/fts5_hash.c and     ext/fts5/fts5_index.c.(CVE-2019-9937)

  - In SQLite 3.27.2, running fts5 prefix queries inside a     transaction could trigger a heap-based buffer over-read     in fts5HashEntrySort in sqlite3.c, which may lead to an     information leak. This is related to     ext/fts5/fts5_hash.c.(CVE-2019-9936)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1     mishandles a NULL pathname during an update of a ZIP     archive.(CVE-2019-19925)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting,     related to expr.c, vdbeaux.c, and window.c. This is     caused by incorrect sqlite3WindowRewrite() error     handling.(CVE-2019-19924)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles     certain uses of SELECT DISTINCT involving a LEFT JOIN     in which the right-hand side is a view. This can cause     a NULL pointer dereference (or incorrect     results).(CVE-2019-19923)

  - multiSelect in select.c in SQLite 3.30.1 mishandles     certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this     vulnerability exists because of an incomplete fix for     CVE-2019-19880.(CVE-2019-19926)

  - selectExpander in select.c in SQLite 3.30.1 proceeds     with WITH stack unwinding even after a parsing     error.(CVE-2019-20218)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain     uses of INSERT INTO in situations involving embedded     '\0' characters in filenames, leading to a     memory-management error that can be detected by (for     example) valgrind.(CVE-2019-19959)

  - SQLite 3.25.2, when queries are run on a table with a     malformed PRIMARY KEY, allows remote attackers to cause     a denial of service (application crash) by leveraging     the ability to run arbitrary SQL statements (such as in     certain WebSQL use cases).(CVE-2018-20505)

  - In SQLite 3.31.1, isAuxiliaryVtabOperator allows     attackers to trigger a NULL pointer dereference and     segmentation fault because of generated column     optimizations.(CVE-2020-9327)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - multiSelect in select.c in SQLite 3.30.1 mishandles     certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this     vulnerability exists because of an incomplete fix for     CVE-2019-19880.(CVE-2019-19926)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles     certain uses of SELECT DISTINCT involving a LEFT JOIN     in which the right-hand side is a view. This can cause     a NULL pointer dereference (or incorrect     results).(CVE-2019-19923)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting,     related to expr.c, vdbeaux.c, and window.c. This is     caused by incorrect sqlite3WindowRewrite() error     handling.(CVE-2019-19924)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1     mishandles a NULL pathname during an update of a ZIP     archive.(CVE-2019-19925)

  - In SQLite 3.27.2, running fts5 prefix queries inside a     transaction could trigger a heap-based buffer over-read     in fts5HashEntrySort in sqlite3.c, which may lead to an     information leak. This is related to     ext/fts5/fts5_hash.c.(CVE-2019-9936)

  - In SQLite 3.27.2, interleaving reads and writes in a     single transaction with an fts5 virtual table will lead     to a NULL Pointer Dereference in fts5ChunkIterate in     sqlite3.c. This is related to ext/fts5/fts5_hash.c and     ext/fts5/fts5_index.c.(CVE-2019-9937)

  - selectExpander in select.c in SQLite 3.30.1 proceeds     with WITH stack unwinding even after a parsing     error.(CVE-2019-20218)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain     uses of INSERT INTO in situations involving embedded     '\0' characters in filenames, leading to a     memory-management error that can be detected by (for     example) valgrind.(CVE-2019-19959)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201908-09 (SQLite: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in SQLite. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could, by executing arbitrary SQL statements against a       vulnerable host, execute arbitrary code.
  Workaround :

    There is no known workaround at this time.

It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2518, CVE-2017-2520)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-20505)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153)

It was discovered that SQLite incorrectly handled certain databases.
An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-10989)

It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2519).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the sqlite package has been released.

This update for sqlite3 to version 3.28.0 fixes the following issues :

Security issues fixed :

  - CVE-2019-9936: Fixed a heap-based buffer over-read, when     running fts5 prefix queries inside transaction     (bsc#1130326).

  - CVE-2019-9937: Fixed a denial of service related to     interleaving reads and writes in a single transaction     with an fts5 virtual table (bsc#1130325).

This update was imported from the SUSE:SLE-15:Update update project.

This update for sqlite3 to version 3.28.0 fixes the following issues :

Security issues fixed :

CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326).

CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
135151	EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)	Nessus	Huawei Local Security Checks	high
134014	EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)	Nessus	Huawei Local Security Checks	high
127958	GLSA-201908-09 : SQLite: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
126065	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : SQLite vulnerabilities (USN-4019-1)	Nessus	Ubuntu Local Security Checks	critical
125685	Fedora 29 : sqlite (2019-a01751837d)	Nessus	Fedora Local Security Checks	high
125274	Fedora 30 : sqlite (2019-8641591b3c)	Nessus	Fedora Local Security Checks	high
125083	Photon OS 1.0: Sqlite PHSA-2019-1.0-0231	Nessus	PhotonOS Local Security Checks	high
124866	Photon OS 1.0: Sqlite PHSA-2019-1.0-0228	Nessus	PhotonOS Local Security Checks	critical
124849	openSUSE Security Update : sqlite3 (openSUSE-2019-1372)	Nessus	SuSE Local Security Checks	high
124681	Photon OS 2.0: Sqlite PHSA-2019-2.0-0157	Nessus	PhotonOS Local Security Checks	high
124586	SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2019:1127-1)	Nessus	SuSE Local Security Checks	high

CVE-2019-9937

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

critical

high

high

high

critical

high

high

high