Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 14.04 ESM: USN-4298-2 Moderate: SQLite Denial of Service

ubuntu
Calendar Grey August 3, 2020
Dist Ubuntu Esm H88
Several security concerns have been tackled in SQLite vulnerabilities for Ubuntu, impacting users who must perform updates.
Several security issues were fixed in SQLite.

Summary

Several security issues were fixed in SQLite.

Software Description:

- sqlite3: C library that implements an SQL database engine

Details:

USN-4298-1 fixed several vulnerabilities in SQLite. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that SQLite incorrectly handled certain shadow tables. An

attacker could use this issue to cause SQLite to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2019-13734,

CVE-2019-13750, CVE-2019-13752, CVE-2019-13753)

It was discovered that SQLite incorrectly handled certain corrupt records.

An attacker could use this issue to cause SQLite to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2019-13751)

It was discovered that SQLite incorrectly handled errors during parsing. An

attacker could use this issue to cause SQLite to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libsqlite3-0                    3.8.2-1ubuntu2.2+esm2
  sqlite3                         3.8.2-1ubuntu2.2+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4298-2

https://ubuntu.com/security/notices/USN-4298-1

CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752,

CVE-2019-13753, CVE-2019-19926

Severity
important
Lowest
Low
Medium
High
Critical

August 03, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here