MGASA-2020-0070
- Source
- https://advisories.mageia.org/MGASA-2020-0070.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0070.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2020-0070
- Related
- Published
- 2020-01-30T18:28:34Z
- Modified
- 2020-01-30T18:03:30Z
- Summary
- Updated sqlite3 packages fix security vulnerabilities
- Details
-
Updated sqlite3 packages fix security vulnerabilities:
An out of bounds write flaw (CVE-2019-13734), insufficient data validation flaw (CVE-2019-13750), uninitialized use flaw (CVE-2019-13751), and out of bounds read flaws (CVE-2019-13752, CVE-2019-13753) in SQLite before 3.31.0.
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service (CVE-2019-16168).
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions (CVE-2019-19242).
It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-19244).
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled (CVE-2019-19880).
For other changes in this update, see the referenced releaaselogs.
- References
-
- https://advisories.mageia.org/MGASA-2020-0070.html
- https://bugs.mageia.org/show_bug.cgi?id=26104
- https://www.sqlite.org/releaselog/3_29_0.html
- https://www.sqlite.org/releaselog/3_30_0.html
- https://www.sqlite.org/releaselog/3_30_1.html
- https://www.sqlite.org/releaselog/3_31_0.html
- https://www.sqlite.org/releaselog/3_31_1.html
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://usn.ubuntu.com/4205-1/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / sqlite3
Package
- Name
- sqlite3
- Purl
- pkg:rpm/mageia/sqlite3?distro=mageia-7