SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2021:2320-1)

critical Nessus Plugin ID 151654

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2320-1 advisory.

- SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. (CVE-2015-3414)

- The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. (CVE-2015-3415)

- sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. (CVE-2019-19244)

- lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
(CVE-2019-19317)

- SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. (CVE-2019-19603)

- alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self- referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)

- pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. (CVE-2019-19646)

- exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)

- flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). (CVE-2019-19923)

- SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)

- zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. (CVE-2019-19925)

- multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. (CVE-2019-19926)

- ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. (CVE-2019-19959)

- selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
(CVE-2019-20218)

- SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)

- SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)

- ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. (CVE-2020-13630)

- SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. (CVE-2020-13631)

- ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. (CVE-2020-13632)

- In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

- In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. (CVE-2020-9327)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsqlite3-0, libsqlite3-0-32bit, sqlite3 and / or sqlite3-devel packages.

See Also

https://bugzilla.suse.com/928700

https://bugzilla.suse.com/928701

https://bugzilla.suse.com/1157818

https://bugzilla.suse.com/1158812

https://bugzilla.suse.com/1158958

https://bugzilla.suse.com/1158959

https://bugzilla.suse.com/1158960

https://bugzilla.suse.com/1159491

https://bugzilla.suse.com/1159715

https://bugzilla.suse.com/1159847

https://bugzilla.suse.com/1159850

https://bugzilla.suse.com/1160309

https://bugzilla.suse.com/1160438

https://bugzilla.suse.com/1160439

https://bugzilla.suse.com/1164719

https://bugzilla.suse.com/1172091

https://bugzilla.suse.com/1172115

https://bugzilla.suse.com/1172234

https://bugzilla.suse.com/1172236

https://bugzilla.suse.com/1172240

https://bugzilla.suse.com/1173641

https://www.suse.com/security/cve/CVE-2015-3414

https://www.suse.com/security/cve/CVE-2015-3415

https://www.suse.com/security/cve/CVE-2019-19244

https://www.suse.com/security/cve/CVE-2019-19317

https://www.suse.com/security/cve/CVE-2019-19603

https://www.suse.com/security/cve/CVE-2019-19645

https://www.suse.com/security/cve/CVE-2019-19646

https://www.suse.com/security/cve/CVE-2019-19880

https://www.suse.com/security/cve/CVE-2019-19923

https://www.suse.com/security/cve/CVE-2019-19924

https://www.suse.com/security/cve/CVE-2019-19925

https://www.suse.com/security/cve/CVE-2019-19926

https://www.suse.com/security/cve/CVE-2019-19959

https://www.suse.com/security/cve/CVE-2019-20218

https://www.suse.com/security/cve/CVE-2020-13434

https://www.suse.com/security/cve/CVE-2020-13435

https://www.suse.com/security/cve/CVE-2020-13630

https://www.suse.com/security/cve/CVE-2020-13631

https://www.suse.com/security/cve/CVE-2020-13632

https://www.suse.com/security/cve/CVE-2020-15358

https://www.suse.com/security/cve/CVE-2020-9327

http://www.nessus.org/u?1fe5c1d1

Plugin Details

Severity: Critical

ID: 151654

File Name: suse_SU-2021-2320-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 7/15/2021

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-19646

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libsqlite3-0-32bit, p-cpe:/a:novell:suse_linux:libsqlite3-0, p-cpe:/a:novell:suse_linux:sqlite3-devel, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:sqlite3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2021

Vulnerability Publication Date: 3/19/2015

Reference Information

CVE: CVE-2015-3414, CVE-2015-3415, CVE-2019-19244, CVE-2019-19317, CVE-2019-19603, CVE-2019-19645, CVE-2019-19646, CVE-2019-19880, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, CVE-2019-20218, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2020-9327

IAVA: 2020-A-0358-S

SuSE: SUSE-SU-2021:2320-1