SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2021:3215-1)

critical Nessus Plugin ID 153643
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3215-1 advisory.

- SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. (CVE-2015-3414)

- The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O;>O) in a CREATE TABLE statement. (CVE-2015-3415)

- os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
(CVE-2016-6153)

- The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over- read or possibly unspecified other impact. (CVE-2017-10989)

- An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the SQLite component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. (CVE-2017-2518)

- SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. (CVE-2018-20346)

- In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. (CVE-2018-8740)

- In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query planner. (CVE-2019-16168)

- sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. (CVE-2019-19244)

- lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
(CVE-2019-19317)

- SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. (CVE-2019-19603)

- alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self- referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)

- pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. (CVE-2019-19646)

- exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)

- flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). (CVE-2019-19923)

- SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)

- zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. (CVE-2019-19925)

- multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. (CVE-2019-19926)

- ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. (CVE-2019-19959)

- selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
(CVE-2019-20218)

- SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. (CVE-2019-8457)

- SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)

- SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)

- ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. (CVE-2020-13630)

- SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. (CVE-2020-13631)

- ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. (CVE-2020-13632)

- In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

- In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. (CVE-2020-9327)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsqlite3-0, libsqlite3-0-32bit, sqlite3 and / or sqlite3-devel packages.

See Also

https://bugzilla.suse.com/928700

https://bugzilla.suse.com/928701

https://bugzilla.suse.com/1157818

https://bugzilla.suse.com/1158812

https://bugzilla.suse.com/1158958

https://bugzilla.suse.com/1158959

https://bugzilla.suse.com/1158960

https://bugzilla.suse.com/1159491

https://bugzilla.suse.com/1159715

https://bugzilla.suse.com/1159847

https://bugzilla.suse.com/1159850

https://bugzilla.suse.com/1160309

https://bugzilla.suse.com/1160438

https://bugzilla.suse.com/1160439

https://bugzilla.suse.com/1164719

https://bugzilla.suse.com/1172091

https://bugzilla.suse.com/1172115

https://bugzilla.suse.com/1172234

https://bugzilla.suse.com/1172236

https://bugzilla.suse.com/1172240

https://bugzilla.suse.com/1173641

http://www.nessus.org/u?b948800c

https://www.suse.com/security/cve/CVE-2015-3414

https://www.suse.com/security/cve/CVE-2015-3415

https://www.suse.com/security/cve/CVE-2016-6153

https://www.suse.com/security/cve/CVE-2017-10989

https://www.suse.com/security/cve/CVE-2017-2518

https://www.suse.com/security/cve/CVE-2018-20346

https://www.suse.com/security/cve/CVE-2018-8740

https://www.suse.com/security/cve/CVE-2019-16168

https://www.suse.com/security/cve/CVE-2019-19244

https://www.suse.com/security/cve/CVE-2019-19317

https://www.suse.com/security/cve/CVE-2019-19603

https://www.suse.com/security/cve/CVE-2019-19645

https://www.suse.com/security/cve/CVE-2019-19646

https://www.suse.com/security/cve/CVE-2019-19880

https://www.suse.com/security/cve/CVE-2019-19923

https://www.suse.com/security/cve/CVE-2019-19924

https://www.suse.com/security/cve/CVE-2019-19925

https://www.suse.com/security/cve/CVE-2019-19926

https://www.suse.com/security/cve/CVE-2019-19959

https://www.suse.com/security/cve/CVE-2019-20218

https://www.suse.com/security/cve/CVE-2019-8457

https://www.suse.com/security/cve/CVE-2020-13434

https://www.suse.com/security/cve/CVE-2020-13435

https://www.suse.com/security/cve/CVE-2020-13630

https://www.suse.com/security/cve/CVE-2020-13631

https://www.suse.com/security/cve/CVE-2020-13632

https://www.suse.com/security/cve/CVE-2020-15358

https://www.suse.com/security/cve/CVE-2020-9327

Plugin Details

Severity: Critical

ID: 153643

File Name: suse_SU-2021-3215-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/24/2021

Updated: 9/24/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2019-8457

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libsqlite3-0, p-cpe:/a:novell:suse_linux:libsqlite3-0-32bit, p-cpe:/a:novell:suse_linux:sqlite3, p-cpe:/a:novell:suse_linux:sqlite3-devel, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/23/2021

Vulnerability Publication Date: 3/19/2015

Reference Information

CVE: CVE-2015-3414, CVE-2015-3415, CVE-2016-6153, CVE-2017-2518, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2019-8457, CVE-2019-16168, CVE-2019-19244, CVE-2019-19317, CVE-2019-19603, CVE-2019-19645, CVE-2019-19646, CVE-2019-19880, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, CVE-2019-20218, CVE-2020-9327, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358

SuSE: SUSE-SU-2021:3215-1

IAVA: 2020-A-0021-S, 2019-A-0383-S, 2020-A-0051-S, 2020-A-0358