Mageia: 2020-0070 Moderate: sqlite3 Denial of Service Risk

mageia

January 30, 2020

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw (CVE-2019-13734), insufficient data validation flaw (CVE-2019-13750), uninitialized use flaw (CV...

Summary

Updated sqlite3 packages fix security vulnerabilities:
An out of bounds write flaw (CVE-2019-13734), insufficient data validation flaw (CVE-2019-13750), uninitialized use flaw (CVE-2019-13751), and out of bounds read flaws (CVE-2019-13752, CVE-2019-13753) in SQLite before 3.31.0.
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service (CVE-2019-16168).
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions (CVE-2019-19242).
It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-19244).
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled (CVE-2019-19880).
For other changes in this update, s...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26104

- https://www.sqlite.org/releaselog/3_29_0.html

- https://www.sqlite.org/releaselog/3_30_0.html

- https://www.sqlite.org/releaselog/3_30_1.html

- https://www.sqlite.org/releaselog/3_31_0.html

- https://www.sqlite.org/releaselog/3_31_1.html

- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html

- https://ubuntu.com/security/notices/USN-4205-1

- https://www.cve.org/CVERecord?id=CVE-2019-13734

- https://www.cve.org/CVERecord?id=CVE-2019-13750

- https://www.cve.org/CVERecord?id=CVE-2019-13751

- https://www.cve.org/CVERecord?id=CVE-2019-13752

- https://www.cve.org/CVERecord?id=CVE-2019-13753

- https://www.cve.org/CVERecord?id=CVE-2019-16168

- https://www.cve.org/CVERecord?id=CVE-2019-19242

- https://www.cve.org/CVERecord?id=CVE-2019-19244

- https://www.cve.org/CVERecord?id=CVE-2019-19880

Topics Covered

security advisory denial of service coding error sqlite3 Mageia

Resolution

SRPMS

- 7/core/sqlite3-3.31.1-1.mga7

Publication date: 30 Jan 2020

URL: https://advisories.mageia.org/MGASA-2020-0070.html

Type: security

CVE: CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-16168, CVE-2019-19242, CVE-2019-19244, CVE-2019-19880

Topics Covered

security advisory denial of service coding error sqlite3 Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks