Bug 48455 - sqlite3: Multiple issues (4.2)
sqlite3: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-5-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-14 12:13 CET by Philipp Hahn
Modified: 2019-01-16 13:40 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 3.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2019-01-14 12:13:59 CET
New Debian sqlite3 3.8.7.1-1+deb8u4 fixes:
This update addresses the following issues:
* CVE-2017-2518: A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement.
* CVE-2017-2519: Insufficient size of the reference count on Table objects could lead to a denial-of-service or arbitrary code execution.
* CVE-2017-2520: The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial-of-service.
* CVE-2017-10989: SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact.
* CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference.
Comment 1 Quality Assurance univentionstaff 2019-01-14 12:47:49 CET
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/sqlite3_3.8.7.1-1+deb8u3.dsc
+++ apt/ucs_4.2-0-errata4.2-5/source/sqlite3_3.8.7.1-1+deb8u4.dsc
@@ -1,6 +1,23 @@
+3.8.7.1-1+deb8u4 [Fri, 11 Jan 2019 14:43:33 +0100] Markus Koschany <apo@debian.org>:
+
+  * Non-maintainer upload by the LTS team.
+  * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS
+    statement could cause a NULL pointer dereference.
+  * CVE-2017-2520: The sqlite3_value_text() interface returned a buffer that
+    was not large enough to hold the complete string plus zero terminator when
+    the input was a zeroblob. This could lead to arbitrary code execution or a
+    denial-of-service.
+  * CVE-2017-2519: Insufficient size of the reference count on Table objects
+    could lead to a denial-of-service or arbitrary code execution.
+  * CVE-2017-2518: A use-after-free bug in the query optimizer may cause a
+    buffer overflow and application crash via a crafted SQL statement.
+  * CVE-2017-10989: SQLite mishandles undersized RTree blobs in a crafted
+    database leading to a heap-based buffer over-read or possibly unspecified
+    other impact.
+
 3.8.7.1-1+deb8u3 [Sat, 22 Dec 2018 00:28:43 +0100] Mike Gabriel <sunweaver@debian.org>:
 
-  * Non-maintainer upload by the Debian LTS Team. 
+  * Non-maintainer upload by the Debian LTS Team.
   * CVE-2018-20346: Add extra defenses against strategically corrupt databases
-    to fts3/4. 
+    to fts3/4.
 

<http://10.200.17.11/4.2-5/#3615057425446014003>
Comment 2 Philipp Hahn univentionstaff 2019-01-14 13:11:10 CET
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.2-5] 48e1b13fd1 Bug #48455: sqlite3_3.8.7.1-1+deb8u4
 doc/errata/staging/sqlite3.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 3 Arvid Requate univentionstaff 2019-01-16 13:40:11 CET
<http://errata.software-univention.de/ucs/4.2/582.html>