Oval Definition:oval:org.opensuse.security:def:51669
Revision Date:2021-09-23Version:1
Title:Security update for sqlite3 (Important)
Description:

This update for sqlite3 fixes the following issues:

sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).

The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far:

bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
Family:unixClass:patch
Status:Reference(s):1027519
1044231
1051510
1051858
1056686
1060463
1065600
1065729
1071995
1083647
1085030
1089524
1103990
1103992
1104353
1104745
1109837
1109911
1111666
1111974
1112178
1112374
1113956
1114279
1114685
1115916
1115917
1117998
1118338
1118367
1118368
1119680
1120386
1123919
1127611
1133021
1134078
1134090
1136157
1136333
1136572
1137325
1138687
1139083
1141895
1142685
1144333
1145051
1145929
1146539
1148868
1154401
1156188
1156510
1157424
1157818
1158187
1158812
1158958
1158959
1158960
1158983
1159037
1159198
1159199
1159285
1159491
1159715
1159847
1159850
1160309
1160438
1160439
1160659
1161561
1161951
1162171
1162929
1162931
1163403
1163897
1163971
1164078
1164284
1164507
1164705
1164712
1164719
1164727
1164728
1164729
1164730
1164731
1164732
1164733
1164734
1164735
1164777
1164780
1164893
1165019
1165111
1165182
1165185
1165211
1165404
1165488
1165527
1165741
1165813
1165823
1165873
1165929
1165949
1165950
1165980
1165984
1165985
1166003
1166101
1166102
1166103
1166104
1166632
1166658
1166730
1166731
1166732
1166733
1166734
1166735
1166780
1166860
1166861
1166862
1166864
1166866
1166867
1166868
1166870
1166940
1166982
1167005
1167216
1167288
1167290
1167316
1167421
1167423
1167627
1167629
1168075
1168202
1168273
1168276
1168295
1168367
1168424
1168443
1168486
1168552
1168760
1168762
1168763
1168764
1168765
1168829
1168854
1168881
1168884
1168952
1169013
1169057
1169307
1169308
1169390
1169514
1169625
1172091
1172115
1172234
1172236
1172240
1172402
1173455
1173641
1175664
1175665
1175671
1177950
1178591
928700
928701
CVE-2011-2895
CVE-2011-3146
CVE-2012-0862
CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2013-1881
CVE-2013-2492
CVE-2013-4342
CVE-2013-6462
CVE-2014-0209
CVE-2014-0210
CVE-2014-0211
CVE-2014-3675
CVE-2014-3676
CVE-2014-3677
CVE-2015-1802
CVE-2015-1803
CVE-2015-1804
CVE-2015-3414
CVE-2015-3415
CVE-2016-6153
CVE-2017-10989
CVE-2017-2518
CVE-2017-5731
CVE-2017-5732
CVE-2017-5733
CVE-2017-5734
CVE-2017-5735
CVE-2018-20346
CVE-2018-3613
CVE-2018-8740
CVE-2019-12900
CVE-2019-16168
CVE-2019-18804
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19768
CVE-2019-19770
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2019-3701
CVE-2019-6470
CVE-2019-6471
CVE-2019-8457
CVE-2019-9458
CVE-2020-10942
CVE-2020-11494
CVE-2020-11669
CVE-2020-12398
CVE-2020-12405
CVE-2020-12406
CVE-2020-12410
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15049
CVE-2020-15358
CVE-2020-15810
CVE-2020-15811
CVE-2020-24606
CVE-2020-2732
CVE-2020-28368
CVE-2020-8647
CVE-2020-8649
CVE-2020-8834
CVE-2020-9327
CVE-2020-9383
SUSE-SU-2018:4155-1
SUSE-SU-2019:1846-1
SUSE-SU-2019:2550-1
SUSE-SU-2019:2657-1
SUSE-SU-2019:3033-2
SUSE-SU-2019:3087-1
SUSE-SU-2020:1087-1
SUSE-SU-2020:1591-1
SUSE-SU-2020:2442-1
SUSE-SU-2020:3412-1
SUSE-SU-2021:3215-1
Platform(s):openSUSE Leap 15.0
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • avahi-0.6.32-lp150.3 is installed
  • OR avahi-lang-0.6.32-lp150.3 is installed
  • OR libavahi-client3-0.6.32-lp150.3 is installed
  • OR libavahi-common3-0.6.32-lp150.3 is installed
  • OR libavahi-core7-0.6.32-lp150.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • MozillaFirefox-10.0.10-0.3 is installed
  • OR MozillaFirefox-translations-10.0.10-0.3 is installed
  • OR mozilla-nspr-4.9.3-0.2 is installed
  • OR mozilla-nspr-32bit-4.9.3-0.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • xen-4.2.5_04-0.9 is installed
  • OR xen-doc-html-4.2.5_04-0.9 is installed
  • OR xen-doc-pdf-4.2.5_04-0.9 is installed
  • OR xen-kmp-default-4.2.5_04_3.0.101_0.47.52-0.9 is installed
  • OR xen-kmp-pae-4.2.5_04_3.0.101_0.47.52-0.9 is installed
  • OR xen-libs-4.2.5_04-0.9 is installed
  • OR xen-libs-32bit-4.2.5_04-0.9 is installed
  • OR xen-tools-4.2.5_04-0.9 is installed
  • OR xen-tools-domU-4.2.5_04-0.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • orca-2.28.3-0.5 is installed
  • OR orca-lang-2.28.3-0.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • gdk-pixbuf-loader-rsvg-2.40.2-1 is installed
  • OR librsvg-2-2-2.40.2-1 is installed
  • OR librsvg-2-2-32bit-2.40.2-1 is installed
  • OR rsvg-view-2.40.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND shim-0.9-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND libXfont1-1.5.1-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • dia-0.97.3-15 is installed
  • OR dia-lang-0.97.3-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND binutils-2.31-9.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed
  • AND djvulibre-3.5.27-3.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • bzip2-1.0.6-5.6 is installed
  • OR bzip2-doc-1.0.6-5.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND Package Information
  • kernel-azure-4.12.14-8.30 is installed
  • OR kernel-azure-base-4.12.14-8.30 is installed
  • OR kernel-azure-devel-4.12.14-8.30 is installed
  • OR kernel-devel-azure-4.12.14-8.30 is installed
  • OR kernel-source-azure-4.12.14-8.30 is installed
  • OR kernel-syms-azure-4.12.14-8.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
  • AND Package Information
  • python-libxml2-python-2.9.7-3.12 is installed
  • OR python2-libxml2-python-2.9.7-3.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • ovmf-2017+git1510945757.b2662641d5-5.11 is installed
  • OR ovmf-tools-2017+git1510945757.b2662641d5-5.11 is installed
  • OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.11 is installed
  • OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • dhcp-4.3.5-6.3 is installed
  • OR dhcp-relay-4.3.5-6.3 is installed
  • OR dhcp-server-4.3.5-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • xen-4.13.2_02-3.16 is installed
  • OR xen-devel-4.13.2_02-3.16 is installed
  • OR xen-tools-4.13.2_02-3.16 is installed
  • OR xen-tools-xendomains-wait-disk-4.13.2_02-3.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND kbd-1.15.5-8.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_57-default-9-2 is installed
  • OR kgraft-patch-3_12_74-60_64_57-xen-9-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_20-9-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND ipsec-tools-0.8.0-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • ntp-4.2.8p12-64.8 is installed
  • OR ntp-doc-4.2.8p12-64.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-60.3.0-109.50 is installed
  • OR MozillaFirefox-devel-60.3.0-109.50 is installed
  • OR MozillaFirefox-translations-common-60.3.0-109.50 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • MozillaFirefox-52.2.0esr-108 is installed
  • OR MozillaFirefox-translations-52.2.0esr-108 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libsystemd0-228-150.53 is installed
  • OR libsystemd0-32bit-228-150.53 is installed
  • OR libudev1-228-150.53 is installed
  • OR libudev1-32bit-228-150.53 is installed
  • OR systemd-228-150.53 is installed
  • OR systemd-32bit-228-150.53 is installed
  • OR systemd-bash-completion-228-150.53 is installed
  • OR systemd-sysvinit-228-150.53 is installed
  • OR udev-228-150.53 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cron-4.2-58 is installed
  • OR cronie-1.4.11-58 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • AND Package Information
  • libsqlite3-0-3.36.0-9.18.1 is installed
  • OR libsqlite3-0-32bit-3.36.0-9.18.1 is installed
  • OR sqlite3-3.36.0-9.18.1 is installed
  • OR sqlite3-devel-3.36.0-9.18.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND squid-4.13-5.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-68.9.0-3.85 is installed
  • OR MozillaThunderbird-translations-common-68.9.0-3.85 is installed
  • OR MozillaThunderbird-translations-other-68.9.0-3.85 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • postgresql96-9.6.10-3.22 is installed
  • OR postgresql96-contrib-9.6.10-3.22 is installed
  • OR postgresql96-docs-9.6.10-3.22 is installed
  • OR postgresql96-libs-9.6.10-3.22 is installed
  • OR postgresql96-server-9.6.10-3.22 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ansible-2.4.6.0-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ucode-intel-20190618-13.47 is installed
    • BACK