openSUSE 15.2: 2021:1058-1 Important: sqlite3 Heap Overflow Risk
opensuse
July 19, 2021
An update that fixes 21 vulnerabilities, contains one feature is now available
Description
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to
mishandling of query-flattener
optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because
of generated column optimizations in isAuxiliaryVtabOperator
(bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack
unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving
embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT
in flattenSubquery may lead to null pointer dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite()
(bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a
ZIP archive (bsc#1159847)
-...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1058=1
Package List
- openSUSE Leap 15.2 (i586 x86_64):
libsqlite3-0-3.36.0-lp152.4.3.1
libsqlite3-0-debuginfo-3.36.0-lp152.4.3.1
sqlite3-3.36.0-lp152.4.3.1
sqlite3-debuginfo-3.36.0-lp152.4.3.1
sqlite3-debugsource-3.36.0-lp152.4.3.1
sqlite3-devel-3.36.0-lp152.4.3.1
- openSUSE Leap 15.2 (x86_64):
libsqlite3-0-32bit-3.36.0-lp152.4.3.1
libsqlite3-0-32bit-debuginfo-3.36.0-lp152.4.3.1
- openSUSE Leap 15.2 (noarch):
sqlite3-doc-3.36.0-lp152.4.3.1
References
https://www.suse.com/security/cve/CVE-2015-3414.html
https://www.suse.com/security/cve/CVE-2015-3415.html
https://www.suse.com/security/cve/CVE-2019-19244.html
https://www.suse.com/security/cve/CVE-2019-19317.html
https://www.suse.com/security/cve/CVE-2019-19603.html
https://www.suse.com/security/cve/CVE-2019-19645.html
https://www.suse.com/security/cve/CVE-2019-19646.html
https://www.suse.com/security/cve/CVE-2019-19880.html
https://www.suse.com/security/cve/CVE-2019-19923.html
https://www.suse.com/security/cve/CVE-2019-19924.html
https://www.suse.com/security/cve/CVE-2019-19925.html
https://www.suse.com/security/cve/CVE-2019-19926.html
https://www.suse.com/security/cve/CVE-2019-19959.html
https://www.suse.com/security/cve/CVE-2019-20218.html
https://www.suse.com/security/cve/CVE-2020-13434.html
https://www.suse.com/security/cve/CVE-2020-13435.html
https://www.suse.com/security/cve/CVE-2020-13630.html
https://www.suse.com/security/cve/CVE-2020-13631.html
https://www.suse.com/security/cve/CVE-2020-13632...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:1058-1
Rating: important
Affected Products:
openSUSE Leap 15.2
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!