| Summary: | sqlite3 new security issues CVE-2019-8457, CVE-2019-9936, and CVE-2019-9937 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | jim, marja11, shlomif, sysadmin-bugs, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK MGA6-32-OK | ||
| Source RPM: | sqlite3-3.25.3-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 25359 | ||
|
Description
David Walser
2019-05-03 20:35:09 CEST
Assigning to our registered sqlite3 maintainer. Assignee:
bugsquad =>
shlomif Ubuntu advisory from June 3, with another issue fixed in sqlite3 3.28.0: https://usn.ubuntu.com/4004-1/ Summary:
sqlite3 new security issues CVE-2019-9936 and CVE-2019-9937 =>
sqlite3 new security issues CVE-2019-8457, CVE-2019-9936, and CVE-2019-9937 Ubuntu advisory for the sqlite3 package itself from June 19: https://usn.ubuntu.com/4019-1/ Updated package uploaded by Shlomi. Advisory: ======================== Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information (CVE-2019-8457). It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information (CVE-2019-9936). It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code (CVE-2019-9937). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937 https://usn.ubuntu.com/4019-1/ ======================== Updated packages in core/updates_testing: ======================== libsqlite3_0-3.28.0-1.mga6 libsqlite3-devel-3.28.0-1.mga6 libsqlite3-static-devel-3.28.0-1.mga6 sqlite3-tools-3.28.0-1.mga6 lemon-3.28.0-1.mga6 sqlite3-tcl-3.28.0-1.mga6 from sqlite3-3.28.0-1.mga6.src.rpm Assignee:
shlomif =>
qa-bugs
James Kerr
2019-09-01 14:21:18 CEST
Blocks:
(none) =>
25359 on mga6-64 packages installed cleanly: sqlite3-tools-3.28.0-1.mga6.x86_64 lib64sqlite3_0-3.28.0-1.mga6.x86_64 Using the test file and following the procedure in bug 21200 $ sqlite3 testlite.db SQLite version 3.28.0 2019-04-16 19:49:53 Enter ".help" for usage hints. sqlite> .databases main: /home/jim/testlite.db sqlite> .tables sqlite> .quit $ sqlite3 testlite.db < create.sql $ sqlite3 testlite.db SQLite version 3.28.0 2019-04-16 19:49:53 Enter ".help" for usage hints. sqlite> select * from events; 2019-09-02 14:19:41|First test event 2019-09-02 14:19:41|Second test event sqlite> .quit looks OK for mga6-64 Whiteboard:
(none) =>
MGA6-64-OK On mga6-32 in a vbox VM packages installed cleanly: sqlite3-tools-3.28.0-1.mga6.i586 libsqlite3_0-3.28.0-1.mga6.i586 Using the test file and following the procedure in bug 21200 $ sqlite3 testlite.db SQLite version 3.28.0 2019-04-16 19:49:53 Enter ".help" for usage hints. sqlite> .databases main: /home/jim/testlite.db sqlite> .tables sqlite> .quit $ sqlite3 testlite.db < create.sql $ sqlite3 testlite.db SQLite version 3.28.0 2019-04-16 19:49:53 Enter ".help" for usage hints. sqlite> select * from events; 2019-09-03 20:38:38|First test event 2019-09-03 20:38:38|Second test event sqlite> .quit $ OK for ma6-32 Whiteboard:
MGA6-64-OK =>
MGA6-64-OK MGA6-32-OK Updated validated. Advisory in comment 4 needs to be uploaded. Keywords:
(none) =>
validated_update
Thomas Backlund
2019-09-06 19:37:36 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0240.html Resolution:
(none) =>
FIXED |