Advisories ยป MGASA-2020-0070

Updated sqlite3 packages fix security vulnerabilities

Publication date: 30 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13734 , CVE-2019-13750 , CVE-2019-13751 , CVE-2019-13752 , CVE-2019-13753 , CVE-2019-16168 , CVE-2019-19242 , CVE-2019-19244 , CVE-2019-19880

Description

Updated sqlite3 packages fix security vulnerabilities:

An out of bounds write flaw (CVE-2019-13734), insufficient data validation
flaw (CVE-2019-13750), uninitialized use flaw (CVE-2019-13751), and out of
bounds read flaws (CVE-2019-13752, CVE-2019-13753) in SQLite before 3.31.0.

It was discovered that SQLite incorrectly handled certain schemas. An
attacker could possibly use this issue to cause a denial of service
(CVE-2019-16168).

It was discovered that SQLite incorrectly handled certain schemas. An
attacker could possibly use this issue to mishandles some expressions
(CVE-2019-19242).

It was discovered that SQLite incorrectly handled certain queries. An
attacker could possibly use this issue to execute arbitrary code
(CVE-2019-19244).

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger
an invalid pointer dereference because constant integer values in ORDER BY
clauses of window definitions are mishandled (CVE-2019-19880).

For other changes in this update, see the referenced releaaselogs.
                

References

SRPMS

7/core