Sicherheit: Mehrere Probleme in SQLite (Aktualisierung)

Lesezeichen hinzufügen

--===============5458955822596568201==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="AhhlLboLdkugWU4S"
Content-Disposition: inline

--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4019-2
June 19, 2019

sqlite3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in SQLite.

Software Description:
- sqlite3: C library that implements an SQL database engine

Details:

USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

Original advisory details:

It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2017-2518)

It was discovered that SQLite incorrectly handled certain queries.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-20346, CVE-2018-20506)

It was discovered that SQLite incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive information.
(CVE-2019-8457)

It was discovered that SQLite incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-6153)

It was discovered that SQLite incorrectly handled certain databases.
An attacker could possibly use this issue to access sensitive information.
This issue only affected Ubuntu 14.04 LTS. (CVE-2017-10989)

It was discovered that SQLite incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-13685)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libsqlite3-0 3.8.2-1ubuntu2.2+esm1
sqlite3 3.8.2-1ubuntu2.2+esm1

Ubuntu 12.04 ESM:
libsqlite3-0 3.7.9-2ubuntu1.3
sqlite3 3.7.9-2ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4019-2
https://usn.ubuntu.com/4019-1
CVE-2016-6153, CVE-2017-10989, CVE-2017-13685, CVE-2017-2518,
CVE-2018-20346, CVE-2018-20506, CVE-2019-8457

--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJdCnctAAoJEEW851uECx9pWvwQALBecg+Z1tiis+D6FquLZxQW
nK//ZxOO0pATFmXMlrghoi0nRZoEMLKDH8PYldTVp1Oe/tM44i35Aqan+M3j69mW
wJTPu49GvdTviiCnr6INAUk95VKywq786ql+sDxaPT3Fk55zPnFPXyLJkiSqdzrJ
p4VRzF4j4/8DVdvUREVKhaFfp3HRBrEA23If16wjSICyhhhegFWXbLGip07ZmlOZ
+NB+m0Lt2SB4Fc2tW5yH4Ey4DfgnKCm+W6IsupHqNZ8eHM0gyIpx8OnO5mGhA7kd
2+e0U9TiXwdCk4uewmlplj94PTVg/YUFiTWKHdOyXjioC0MS4PcEqstsPzHNJMCI
aqZKnm22HUB1GW7EWeaN8YlHrMYkt+Xn7oRESbC/2CZRVspV/haj4Xs97yzKcuNS
gcfCwKkwbo9drTzLJClAhpUBlnS3GwX/y2Xp5HNdYgpHbqsw+0P6G4dl9HPTm+RY
wd7vfDI8HH0UGyNPywFUKVZuu9tFwLJhM7vS16fKrDZl+yZtJin89OcmA/0v/34V
TvSK2tFAmcrXe/dhBnEVtCyn9aH5yaU+dTZ4KAdCYpt5a205v7q+hlRsJoZfFgSG
EuP6I0qQEn3Q3SpSYbgHLlHpbFUWcJe5xln0JSk5JyADOcHHo0lp+hgzfz/yaDPi
w4jSrW8T+GotMh9R4Wo2
=NuE6
-----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--

--===============5458955822596568201==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce