RedHat: RHSA-2021-1968:01 Moderate: mingw packages security and bug fix
Summary
MinGW is a free and open source software development environment to create
Microsoft Windows applications.
The following packages have been upgraded to a later upstream version:
mingw-sqlite (3.26.0.0). (BZ#1845475)
Security Fix(es):
* sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
(CVE-2019-16168)
* sqlite: Integer overflow in sqlite3_str_vappendf function in printf.c
(CVE-2020-13434)
* sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c
(CVE-2020-13630)
* sqlite: Virtual table can be renamed into the name of one of its shadow
tables (CVE-2020-13631)
* sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted
matchinfo() query (CVE-2020-13632)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
Package List
Red Hat CodeReady Linux Builder (v. 8):
Source:
mingw-binutils-2.30-3.el8.src.rpm
mingw-bzip2-1.0.6-14.el8.src.rpm
mingw-filesystem-104-2.el8.src.rpm
mingw-sqlite-3.26.0.0-1.el8.src.rpm
aarch64:
mingw-binutils-debuginfo-2.30-3.el8.aarch64.rpm
mingw-binutils-debugsource-2.30-3.el8.aarch64.rpm
mingw-binutils-generic-2.30-3.el8.aarch64.rpm
mingw-binutils-generic-debuginfo-2.30-3.el8.aarch64.rpm
mingw32-binutils-2.30-3.el8.aarch64.rpm
mingw32-binutils-debuginfo-2.30-3.el8.aarch64.rpm
mingw64-binutils-2.30-3.el8.aarch64.rpm
mingw64-binutils-debuginfo-2.30-3.el8.aarch64.rpm
noarch:
mingw-filesystem-base-104-2.el8.noarch.rpm
mingw32-bzip2-1.0.6-14.el8.noarch.rpm
mingw32-bzip2-debuginfo-1.0.6-14.el8.noarch.rpm
mingw32-bzip2-static-1.0.6-14.el8.noarch.rpm
mingw32-filesystem-104-2.el8.noarch.rpm
mingw32-sqlite-3.26.0.0-1.el8.noarch.rpm
mingw32-sqlite-debuginfo-3.26.0.0-1.el8.noarch.rpm
mingw32-sqlite-static-3.26.0.0-1.el8.noarch.rpm
mingw64-bzip2-1.0.6-14.el8.noarch.rpm
mingw64-bzip2-debuginfo-1.0.6-14.el8.noarch.rpm
mingw64-bzip2-static-1.0.6-14.el8.noarch.rpm
mingw64-filesystem-104-2.el8.noarch.rpm
mingw64-sqlite-3.26.0.0-1.el8.noarch.rpm
mingw64-sqlite-debuginfo-3.26.0.0-1.el8.noarch.rpm
mingw64-sqlite-static-3.26.0.0-1.el8.noarch.rpm
ppc64le:
mingw-binutils-debuginfo-2.30-3.el8.ppc64le.rpm
mingw-binutils-debugsource-2.30-3.el8.ppc64le.rpm
mingw-binutils-generic-2.30-3.el8.ppc64le.rpm
mingw-binutils-generic-debuginfo-2.30-3.el8.ppc64le.rpm
mingw32-binutils-2.30-3.el8.ppc64le.rpm
mingw32-binutils-debuginfo-2.30-3.el8.ppc64le.rpm
mingw64-binutils-2.30-3.el8.ppc64le.rpm
mingw64-binutils-debuginfo-2.30-3.el8.ppc64le.rpm
s390x:
mingw-binutils-debuginfo-2.30-3.el8.s390x.rpm
mingw-binutils-debugsource-2.30-3.el8.s390x.rpm
mingw-binutils-generic-2.30-3.el8.s390x.rpm
mingw-binutils-generic-debuginfo-2.30-3.el8.s390x.rpm
mingw32-binutils-2.30-3.el8.s390x.rpm
mingw32-binutils-debuginfo-2.30-3.el8.s390x.rpm
mingw64-binutils-2.30-3.el8.s390x.rpm
mingw64-binutils-debuginfo-2.30-3.el8.s390x.rpm
x86_64:
mingw-binutils-debuginfo-2.30-3.el8.x86_64.rpm
mingw-binutils-debugsource-2.30-3.el8.x86_64.rpm
mingw-binutils-generic-2.30-3.el8.x86_64.rpm
mingw-binutils-generic-debuginfo-2.30-3.el8.x86_64.rpm
mingw32-binutils-2.30-3.el8.x86_64.rpm
mingw32-binutils-debuginfo-2.30-3.el8.x86_64.rpm
mingw64-binutils-2.30-3.el8.x86_64.rpm
mingw64-binutils-debuginfo-2.30-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for mingw-binutils, mingw-bzip2, mingw-filesystem, andmingw-sqlite is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1768986 - CVE-2019-16168 sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
1841223 - CVE-2020-13434 sqlite: integer overflow in sqlite3_str_vappendf function in printf.c
1841562 - CVE-2020-13630 sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c
1841568 - CVE-2020-13631 sqlite: Virtual table can be renamed into the name of one of its shadow tables
1841574 - CVE-2020-13632 sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query
1918306 - Do not use __global_cflags for %mingw{32,64}_meson in macros.mingw{32,64}