1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • SQLite vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, December 02, 2019 12:10:08
    sqlite3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in SQLite.

    Software Description

    * sqlite3 - C library that implements an SQL database engine

    Details

    It was discovered that SQLite incorrectly handled certain schemas.
    An attacker could possibly use this issue to cause a denial of
    service. This issue only affected Ubuntu 12.04 ESM.
    (CVE-2018-8740)

    It was discovered that SQLite incorrectly handled certain schemas.
    An attacker could possibly use this issue to cause a denial of
    service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
    LTS and Ubuntu 19.04. (CVE-2019-16168)

    It was discovered that SQLite incorrectly handled certain schemas.
    An attacker could possibly use this issue to mishandles some
    expressions. This issue only affected Ubuntu 19.04 and Ubuntu
    19.10. (CVE-2019-19242)

    It was discovered that SQLite incorrectly handled certain queries.
    An attacker could possibly use this issue to execute arbitrary
    code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10.
    (CVE-2019-19244)

    It was discovered that SQLite incorrectly handled certain SQL
    commands. An attacker could possibly use this issue to execute
    arbitrary code. This issue only affected Ubuntu 19.04.
    (CVE-2019-5018)

    It was discovered that SQLite incorrectly handled certain
    commands. An attacker could possibly use this issue to execute
    arbitrary code. (CVE-2019-5827)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libsqlite3-0 - 3.29.0-2ubuntu0.1
    sqlite3 - 3.29.0-2ubuntu0.1

    Ubuntu 19.04
    libsqlite3-0 - 3.27.2-2ubuntu0.2
    sqlite3 - 3.27.2-2ubuntu0.2

    Ubuntu 18.04 LTS
    libsqlite3-0 - 3.22.0-1ubuntu0.2
    sqlite3 - 3.22.0-1ubuntu0.2

    Ubuntu 16.04 LTS
    libsqlite3-0 - 3.11.0-1ubuntu1.3
    sqlite3 - 3.11.0-1ubuntu1.3

    Ubuntu 12.04 ESM
    libsqlite3-0 - 3.7.9-2ubuntu1.4
    sqlite3 - 3.7.9-2ubuntu1.4

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2018-8740
    * CVE-2019-16168
    * CVE-2019-19242
    * CVE-2019-19244
    * CVE-2019-5018
    * CVE-2019-5827

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, March 10, 2020 12:10:03
    sqlite3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in SQLite.

    Software Description

    * sqlite3 - C library that implements an SQL database engine

    Details

    It was discovered that SQLite incorrectly handled certain shadow
    tables. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)

    It was discovered that SQLite incorrectly handled certain corrupt
    records. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2019-13751)

    It was discovered that SQLite incorrectly handled certain queries.
    An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. This issue only affected Ubuntu 19.10. (CVE-2019-19880)

    It was discovered that SQLite incorrectly handled certain queries.
    An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
    (CVE-2019-19923)

    It was discovered that SQLite incorrectly handled parser tree
    rewriting. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 19.10.
    (CVE-2019-19924)

    It was discovered that SQLite incorrectly handled certain ZIP
    archives. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 18.04 LTS and
    Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959)

    It was discovered that SQLite incorrectly handled errors during
    parsing. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2019-19926)

    It was discovered that SQLite incorrectly handled parsing errors.
    An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2019-20218)

    It was discovered that SQLite incorrectly handled generated column
    optimizations. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 18.04 LTS and
    Ubuntu 19.10. (CVE-2020-9327)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libsqlite3-0 - 3.29.0-2ubuntu0.2
    sqlite3 - 3.29.0-2ubuntu0.2

    Ubuntu 18.04 LTS
    libsqlite3-0 - 3.22.0-1ubuntu0.3
    sqlite3 - 3.22.0-1ubuntu0.3

    Ubuntu 16.04 LTS
    libsqlite3-0 - 3.11.0-1ubuntu1.4
    sqlite3 - 3.11.0-1ubuntu1.4

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-13734
    * CVE-2019-13750
    * CVE-2019-13751
    * CVE-2019-13752
    * CVE-2019-13753
    * CVE-2019-19880
    * CVE-2019-19923
    * CVE-2019-19924
    * CVE-2019-19925
    * CVE-2019-19926
    * CVE-2019-19959
    * CVE-2019-20218
    * CVE-2020-9327

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, June 10, 2020 12:10:08
    sqlite3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in SQLite.

    Software Description

    * sqlite3 - C library that implements an SQL database engine

    Details

    It was discovered that SQLite incorrectly handled certain corruped
    schemas. An attacker could possibly use this issue to cause a
    denial of service. This issue only affected Ubuntu 18.04 LTS.
    (CVE-2018-8740)

    It was discovered that SQLite incorrectly handled certain SELECT
    statements. An attacker could possibly use this issue to cause a
    denial of service. This issue was only addressed in Ubuntu 19.10.
    (CVE-2019-19603)

    It was discovered that SQLite incorrectly handled certain
    self-referential views. An attacker could possibly use this issue
    to cause a denial of service. This issue was only addressed in
    Ubuntu 19.10. (CVE-2019-19645)

    Henry Liu discovered that SQLite incorrectly handled certain
    malformed window-function queries. An attacker could possibly use
    this issue to cause a denial of service. This issue only affected
    Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-11655)

    It was discovered that SQLite incorrectly handled certain string
    operations. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2020-13434)

    It was discovered that SQLite incorrectly handled certain
    expressions. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu
    20.04 LTS. (CVE-2020-13435)

    It was discovered that SQLite incorrectly handled certain fts3
    queries. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2020-13630)

    It was discovered that SQLite incorrectly handled certain virtual
    table names. An attacker could possibly use this issue to cause a
    denial of service. This issue was only addressed in Ubuntu 19.10
    and Ubuntu 20.04 LTS. (CVE-2020-13631)

    It was discovered that SQLite incorrectly handled certain fts3
    queries. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2020-13632)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libsqlite3-0 - 3.31.1-4ubuntu0.1
    sqlite3 - 3.31.1-4ubuntu0.1

    Ubuntu 19.10
    libsqlite3-0 - 3.29.0-2ubuntu0.3
    sqlite3 - 3.29.0-2ubuntu0.3

    Ubuntu 18.04 LTS
    libsqlite3-0 - 3.22.0-1ubuntu0.4
    sqlite3 - 3.22.0-1ubuntu0.4

    Ubuntu 16.04 LTS
    libsqlite3-0 - 3.11.0-1ubuntu1.5
    sqlite3 - 3.11.0-1ubuntu1.5

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2018-8740
    * CVE-2019-19603
    * CVE-2019-19645
    * CVE-2020-11655
    * CVE-2020-13434
    * CVE-2020-13435
    * CVE-2020-13630
    * CVE-2020-13631
    * CVE-2020-13632

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 03, 2020 16:10:02
    sqlite3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in SQLite.

    Software Description

    * sqlite3 - C library that implements an SQL database engine

    Details

    USN-4298-1 fixed several vulnerabilities in SQLite. This update
    provides the corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    It was discovered that SQLite incorrectly handled certain shadow
    tables. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13752,
    CVE-2019-13753)

    It was discovered that SQLite incorrectly handled certain corrupt
    records. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2019-13751)

    It was discovered that SQLite incorrectly handled errors during
    parsing. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2019-19926)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    libsqlite3-0 - 3.8.2-1ubuntu2.2+esm2
    sqlite3 - 3.8.2-1ubuntu2.2+esm2

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4298-1
    * CVE-2019-13734
    * CVE-2019-13750
    * CVE-2019-13751
    * CVE-2019-13752
    * CVE-2019-13753
    * CVE-2019-19926

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)