Oval Definition:oval:org.opensuse.security:def:64730
Revision Date:2021-07-14Version:1
Title:Security update for sqlite3 (Important)
Description:

This update for sqlite3 fixes the following issues:

- Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
Family:unixClass:patch
Status:Reference(s):1028975
1119832
1134598
1141322
1156309
1157818
1158527
1158812
1158958
1158959
1158960
1159491
1159715
1159819
1159847
1159850
1160309
1160438
1160439
1164719
1171437
1172091
1172115
1172234
1172236
1172240
1172307
1172906
1172935
1173159
1173160
1173161
1173197
1173274
1173304
1173359
1173641
1176705
1176707
928700
928701
CVE-2012-5784
CVE-2014-3596
CVE-2014-7823
CVE-2014-8131
CVE-2015-0236
CVE-2015-3414
CVE-2015-3415
CVE-2015-5247
CVE-2015-5313
CVE-2017-1000256
CVE-2017-2635
CVE-2017-5715
CVE-2018-1064
CVE-2018-13441
CVE-2018-13457
CVE-2018-13458
CVE-2018-18245
CVE-2018-18508
CVE-2018-3639
CVE-2018-5748
CVE-2019-11745
CVE-2019-17006
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2019-3698
CVE-2019-3886
CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-14059
CVE-2020-14093
CVE-2020-14154
CVE-2020-14303
CVE-2020-14422
CVE-2020-14954
CVE-2020-15358
CVE-2020-25039
CVE-2020-25040
CVE-2020-9327
openSUSE-SU-2020:0008-1
openSUSE-SU-2020:0500-1
openSUSE-SU-2020:0914-1
openSUSE-SU-2020:0915-1
openSUSE-SU-2020:0940-1
openSUSE-SU-2020:0984-1
openSUSE-SU-2020:1497-1
SUSE-SU-2019:1373-2
SUSE-SU-2021:2320-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • nagios-4.4.5-lp151.5.4 is installed
  • OR nagios-contrib-4.4.5-lp151.5.4 is installed
  • OR nagios-devel-4.4.5-lp151.5.4 is installed
  • OR nagios-theme-exfoliation-4.4.5-lp151.5.4 is installed
  • OR nagios-www-4.4.5-lp151.5.4 is installed
  • OR nagios-www-dch-4.4.5-lp151.5.4 is installed
  • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND singularity-3.6.3-lp152.2.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND Package Information
  • libsqlite3-0-3.36.0-3.12.1 is installed
  • OR libsqlite3-0-32bit-3.36.0-3.12.1 is installed
  • OR sqlite3-3.36.0-3.12.1 is installed
  • OR sqlite3-devel-3.36.0-3.12.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND axis-1.4-5.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libvirt-5.1.0-6 is installed
  • OR libvirt-admin-5.1.0-6 is installed
  • OR libvirt-bash-completion-5.1.0-6 is installed
  • OR libvirt-client-5.1.0-6 is installed
  • OR libvirt-daemon-5.1.0-6 is installed
  • OR libvirt-daemon-config-network-5.1.0-6 is installed
  • OR libvirt-daemon-config-nwfilter-5.1.0-6 is installed
  • OR libvirt-daemon-driver-interface-5.1.0-6 is installed
  • OR libvirt-daemon-driver-libxl-5.1.0-6 is installed
  • OR libvirt-daemon-driver-lxc-5.1.0-6 is installed
  • OR libvirt-daemon-driver-network-5.1.0-6 is installed
  • OR libvirt-daemon-driver-nodedev-5.1.0-6 is installed
  • OR libvirt-daemon-driver-nwfilter-5.1.0-6 is installed
  • OR libvirt-daemon-driver-qemu-5.1.0-6 is installed
  • OR libvirt-daemon-driver-secret-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-core-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-disk-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-iscsi-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-logical-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-mpath-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-rbd-5.1.0-6 is installed
  • OR libvirt-daemon-driver-storage-scsi-5.1.0-6 is installed
  • OR libvirt-daemon-hooks-5.1.0-6 is installed
  • OR libvirt-daemon-lxc-5.1.0-6 is installed
  • OR libvirt-daemon-qemu-5.1.0-6 is installed
  • OR libvirt-daemon-xen-5.1.0-6 is installed
  • OR libvirt-devel-5.1.0-6 is installed
  • OR libvirt-doc-5.1.0-6 is installed
  • OR libvirt-lock-sanlock-5.1.0-6 is installed
  • OR libvirt-nss-5.1.0-6 is installed
  • BACK