Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

SUSE: 2021:2320-1 Important Security Update for sqlite3

suse
Calendar Grey July 14, 2021
Scroller Suse Esm H88
Important release fixes 21 security flaws found in sqlite3. Make sure to review update guidelines for your environments.
An update that fixes 21 vulnerabilities, contains one feature is now available

Summary

This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309)

References

#1157818 #1158812 #1158958 #1158959 #1158960

#1159491 #1159715 #1159847 #1159850 #1160309

#1160438 #1160439 #1164719 #1172091 #1172115

#1172234 #1172236 #1172240 #1173641 #928700

#928701 SLE-16032

Cross- CVE-2015-3414 CVE-2015-3415 CVE-2019-19244

CVE-2019-19317 CVE-2019-19603 CVE-2019-19645

CVE-2019-19646 CVE-2019-19880 CVE-2019-19923

CVE-2019-19924 CVE-2019-19925 CVE-2019-19926

CVE-2019-19959 CVE-2019-20218 CVE-2020-13434

CVE-2020-13435 CVE-2020-13630 CVE-2020-13631

CVE-2020-13632 CVE-2020-15358 CVE-2020-9327

CVSS scores:

CVE-2019-19244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-19244 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-19317 (NVD) : 9.8 CVSS:3.1/AV:N/AC:...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2320-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.