What Are You Looking For?

Sign Up
MGASA-2021-0303 - Updated sqlite3 packages fix security vulnerabilities

Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0303.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-9327,
     CVE-2020-11655,
     CVE-2020-13434,
     CVE-2020-13435,
     CVE-2020-13630,
     CVE-2020-13631,
     CVE-2020-13632,
     CVE-2020-13871,
     CVE-2020-15358

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL
pointer dereference and segmentation fault because of generated column
optimizations (CVE-2020-9327).

SQLite through 3.31.1 allows attackers to cause a denial of service
(segmentation fault) via a malformed window-function query because the
AggInfo object's initialization is mishandled
(CVE-2020-11655).

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in
printf.c (CVE-2020-13434).

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in
expr.c (CVE-2020-13435).

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow,
related to the snippet feature (CVE-2020-13630).

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one
of its shadow tables, related to alter.c and build.c (CVE-2020-13631).

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference
via a crafted matchinfo() query (CVE-2020-13632).

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the
parse tree rewrite for window functions is too late (CVE-2020-13871).

In SQLite before 3.32.3, select.c mishandles query-flattener optimization,
leading to a multiSelectOrderBy heap overflow because of misuse of transitive
properties for constant propagation (CVE-2020-15358).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26270
- https://access.redhat.com/errata/RHSA-2020:4442
- https://www.debian.org/lts/security/2020/dla-2340
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/
- https://ubuntu.com/security/notices/USN-4438-1
- https://www.sqlite.org/releaselog/3_32_3.html
- https://www.sqlite.org/releaselog/3_32_2.html
- https://www.sqlite.org/releaselog/3_32_1.html
- https://www.sqlite.org/releaselog/3_32_0.html
- https://usn.ubuntu.com/4394-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://www.debian.org/lts/security/2020/dla-2221
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9327
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358

SRPMS:
- 7/core/sqlite3-3.31.1-1.1.mga7

Mageia 2021-0303: sqlite3 security update

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327)

Summary

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327).
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled (CVE-2020-11655).
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c (CVE-2020-13434).
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c (CVE-2020-13435).
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature (CVE-2020-13630).
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c (CVE-2020-13631).
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query (CVE-2020-13632).
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late (CVE-2020-13871).
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation (CVE-2020-15358).

References

- https://bugs.mageia.org/show_bug.cgi?id=26270

- https://access.redhat.com/errata/RHSA-2020:4442

- https://www.debian.org/lts/security/2020/dla-2340

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/

- https://ubuntu.com/security/notices/USN-4438-1

- https://www.sqlite.org/releaselog/3_32_3.html

- https://www.sqlite.org/releaselog/3_32_2.html

- https://www.sqlite.org/releaselog/3_32_1.html

- https://www.sqlite.org/releaselog/3_32_0.html

- https://usn.ubuntu.com/4394-1/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/

- https://www.debian.org/lts/security/2020/dla-2221

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9327

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13871

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358

Resolution

MGASA-2021-0303 - Updated sqlite3 packages fix security vulnerabilities

SRPMS

- 7/core/sqlite3-3.31.1-1.1.mga7

Severity
Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0303.html
Type: security
CVE: CVE-2020-9327, CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871, CVE-2020-15358

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Pros And Cons Of Linux Programming

Oct 1, 2023

SQLite 3.42 Released With "Secure Delete" Command

May 23, 2023

An IBM Hacker Breaks Down High-Profile Attacks

Jan 24, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo