Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 7: MGASA-2021-0303 Moderate: SQLite3 Denial Of Service

mageia
Calendar Grey June 30, 2021
Dist Mageia Esm H88
The new sqlite3 updates address multiple security flaws, encompassing denial of service threats and pointer-related concerns.
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327)

Summary

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327).
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled (CVE-2020-11655).
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c (CVE-2020-13434).
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c (CVE-2020-13435).
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature (CVE-2020-13630).
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c (CVE-2020-13631).
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query (CVE-2020-13632).
SQLite 3...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26270

- https://access.redhat.com/errata/RHSA-2020:4442

- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/

- https://ubuntu.com/security/notices/USN-4438-1

- https://sqlite.org/releaselog/3_32_3.html

- https://sqlite.org/releaselog/3_32_2.html

- https://sqlite.org/releaselog/3_32_1.html

- https://sqlite.org/releaselog/3_32_0.html

- https://ubuntu.com/security/notices/USN-4394-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/

- https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html

- https://www.cve.org/CVERecord?id=CVE-2020-9327

- https://www.cve.org/CVERecord?id=CVE-2020-11655

- https://www.cve.org/CVERecord?id=CVE-2020-13434

- https://www.cve.org/CVERecord?id=CVE-2020-13435

- https://www.cve.org/CVERecord?id=CVE-2020-13630

- https://www.cve.org/CVERecord?id=CVE-2020-13631

- https://www.cve.org/CVERecord?id=CVE-2020-13632

- https://www.cve.org/CVERecord?id=CVE-2020-13871

- https://www.cve.org/CVERecord?id=CVE-2020-15358

Topics%20covered

Topics Covered

security advisory moderate segmentation fault Denial Of Service SQLite Mageia

Resolution

SRPMS

- 7/core/sqlite3-3.31.1-1.1.mga7

Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0303.html
Type: security
CVE: CVE-2020-9327, CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871, CVE-2020-15358

Topics%20covered

Topics Covered

security advisory moderate segmentation fault Denial Of Service SQLite Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here