ArchLinux: 202006-11: sqlite: arbitrary code execution

    Date 30 Jun 2020
    46
    Posted By LinuxSecurity Advisories
    The package sqlite before version 3.32.3-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-202006-11
    ==========================================
    
    Severity: High
    Date    : 2020-06-28
    CVE-ID  : CVE-2020-13871
    Package : sqlite
    Type    : arbitrary code execution
    Remote  : No
    Link    : https://security.archlinux.org/AVG-1182
    
    Summary
    =======
    
    The package sqlite before version 3.32.3-1 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 3.32.3-1.
    
    # pacman -Syu "sqlite>=3.32.3-1"
    
    The problem has been fixed upstream in version 3.32.3.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
    because the parse tree rewrite for window functions is too late.
    
    Impact
    ======
    
    An attacker might be able to crash the application or execute arbitrary
    code by running a crafted query.
    
    References
    ==========
    
    https://www.sqlite.org/src/info/c8d3b9f0a750a529
    https://www.sqlite.org/src/info/cd708fa84d2aaaea
    https://www.sqlite.org/src/info/44a58d6cb135a104
    https://security.archlinux.org/CVE-2020-13871
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":37.5,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"4","type":"x","order":"2","pct":50,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.