Oval Definition:oval:org.opensuse.security:def:73852
Revision Date:2021-07-14Version:1
Title:Security update for sqlite3 (Important)
Description:

This update for sqlite3 fixes the following issues:

- Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
Family:unixClass:patch
Status:Reference(s):1146608
1157818
1158812
1158958
1158959
1158960
1159491
1159715
1159847
1159850
1160309
1160438
1160439
1164719
1172091
1172115
1172234
1172236
1172240
1173641
1178387
928700
928701
CVE-2015-3414
CVE-2015-3415
CVE-2019-14973
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-25692
CVE-2020-9327
SUSE-SU-2020:3313-1
SUSE-SU-2021:2320-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • libtiff-devel-32bit-4.0.9-5.30 is installed
  • OR tiff-4.0.9-5.30 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND Package Information
  • openldap2-2.4.46-9.40 is installed
  • OR openldap2-devel-32bit-2.4.46-9.40 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND Package Information
  • libsqlite3-0-3.36.0-3.12.1 is installed
  • OR libsqlite3-0-32bit-3.36.0-3.12.1 is installed
  • OR sqlite3-3.36.0-3.12.1 is installed
  • OR sqlite3-devel-3.36.0-3.12.1 is installed
  • BACK