Univention Bugzilla – Bug 51900
sqlite3: Multiple issues (4.4)
Last modified: 2020-08-26 16:35:43 CEST
New Debian sqlite3 3.16.2-5+deb9u2 fixes: This update addresses the following issues: * NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service (CVE-2018-8740) * Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) (CVE-2018-20346) * Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) (CVE-2018-20506) * out-of-bounds access in SQLite (CVE-2019-5827) * heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (CVE-2019-9936) * null-pointer dereference in function fts5ChunkIterate in sqlite3.c (CVE-2019-9937) * division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168) * selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (CVE-2019-20218) * malformed window-function query leads to DoS (CVE-2020-11655) * integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434) * use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630) * NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632) * use-after-free in resetAccumulator in select.c (CVE-2020-13871)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/sqlite3_3.16.2-5+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/sqlite3_3.16.2-5+deb9u2.dsc @@ -1,3 +1,30 @@ +3.16.2-5+deb9u2 [Tue, 04 Aug 2020 19:07:43 -0400] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS + statement could cause a NULL pointer dereference. + * CVE-2018-20346, CVE-2018-20506: Add extra defenses against strategically + corrupt databases to fts3/4. + * CVE-2019-5827: Integer overflow allowed a remote attacker to potentially + exploit heap corruption via a crafted HTML page, primarily impacting + chromium. + * CVE-2019-9936: Potential information leak when running fts5 prefix queries + inside a transaction, which could trigger a heap-based buffer over-read. + * CVE-2019-9937: interleaving reads and writes in a single transaction with + an fts5 virtual table will lead to a NULL Pointer Dereference + * CVE-2019-16168: Missing validation resulting in a potential division by + zero, which can crash a browser or other application + * CVE-2019-20218: Do not attempt to unwind the WITH stack in the event of a + parse error + * CVE-2020-13630: Fix use-after-free in fts3EvalNextRow, related to the + snippet feature + * CVE-2020-13632: Fix NULL pointer dereference via a crafted matchinfo() + query + * CVE-2020-13871: Fix use-after-free in resetAccumulator in select.c + * CVE-2020-11655: Fix denial of service resulting from segmentation fault + via a malformed window-function query. + * CVE-2020-13434: Fix integer overflow in sqlite3_str_vappendf. + 3.16.2-5+deb9u1 [Tue, 03 Oct 2017 16:13:44 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>: * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree <http://10.200.17.11/4.4-5/#7978020642591040982>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 9a3f15e1e7 Bug #51900: sqlite3 3.16.2-5+deb9u2 doc/errata/staging/sqlite3.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) [4.4-5] f5d16b67ea Bug #51900: sqlite3 3.16.2-5+deb9u2 doc/errata/staging/sqlite3.yaml | 44 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x720>