SUSE-SU-2021:2320-1 -- SLES sqlite3, libsqlite3-0ID: oval:org.secpod.oval:def:89045120 | Date: (C)2021-07-26 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded "\0" input - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference - CVE-2019-19924: improper error handling in sqlite3WindowRewrite - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names - CVE-2020-13434: integer overflow in sqlite3_str_vappendf - CVE-2020-13630:
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
sqlite3 |
libsqlite3-0 |