drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in SQLite
Name: |
Mehrere Probleme in SQLite |
|
ID: |
USN-4205-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 19.04, Ubuntu 19.10 |
|
Datum: |
Di, 3. Dezember 2019, 07:30 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244 |
|
Applikationen: |
SQLite |
|
Originalnachricht |
--===============8380529388991809186== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8" Content-Disposition: inline
--ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4205-1 December 02, 2019
sqlite3 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in SQLite.
Software Description: - sqlite3: C library that implements an SQL database engine
Details:
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168)
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242)
It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244)
It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018)
It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: libsqlite3-0 3.29.0-2ubuntu0.1 sqlite3 3.29.0-2ubuntu0.1
Ubuntu 19.04: libsqlite3-0 3.27.2-2ubuntu0.2 sqlite3 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS: libsqlite3-0 3.22.0-1ubuntu0.2 sqlite3 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS: libsqlite3-0 3.11.0-1ubuntu1.3 sqlite3 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM: libsqlite3-0 3.7.9-2ubuntu1.4 sqlite3 3.7.9-2ubuntu1.4
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4205-1 CVE-2018-8740, CVE-2019-16168, CVE-2019-19242, CVE-2019-19244, CVE-2019-5018, CVE-2019-5827
Package Information: https://launchpad.net/ubuntu/+source/sqlite3/3.29.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.27.2-2ubuntu0.2 https://launchpad.net/ubuntu/+source/sqlite3/3.22.0-1ubuntu0.2 https://launchpad.net/ubuntu/+source/sqlite3/3.11.0-1ubuntu1.3
--ibTvN161/egqYuK8 Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJd5cgJAAoJEEW851uECx9p9HkQAK7ladpggk/pUCVE0qyr0wVn 5bSHKSXHIE2zjShFm8LSROp3+AmKBU0B3Y2kH9hvxOXXdPPGAZxfUjq5d9CaviO6 DhDH3+8dSc6VyC7uk3VWgk/tprn1FEFS+Wm7nB4eDukosafL+XK8E/eU1Z3qk0yw O+N14jPDHwQ4gFXu5JQAC2rf6udZD8KhrgIcDDA10BmjLUsBQciu7DK3/8sG6bA2 qS76w+CTlGbhJfkAY+9J8gn7tItZZ4OIQ1qqIKEZl4FVfvleEBrrGuQQCoO1htfz /9rPcRcjVjfptsn5Lrd8PHVgfNrCZvTrS8wCK1ahoeh+mSJMdNy3X99flHxLQLVm NGQWBo/FfFamPGxGvpKoj0M3taA/PBwnF4C2+8VJyTWIcQlfMv3AzbEXFhx6UdlW e+EKuletOKGgRqOjS29+zFMk6F2mhIaOR3TQm3QkuYhry+Fsnw5hydTkfs28F2yF gJbIZXErI3HLPfL85io/AvRM5CcIZWsv386YqQ3B0B2GGVnNkGuNtB7LJ0Rk9dAz 1pRLt70UyQ2wWRxH10b/FONp7dv27guCGyoK5JiaJCTen+3TmG+2Mxh+R4dvBh2+ hMpcK3xg+bCZTZgezUguOzQKSLgU+uC3MXCvQQHv0Lz0j1JHD7L5xJT16NLko2oR nb/LtcfArFEFKs0M0652 =mZyl -----END PGP SIGNATURE-----
--ibTvN161/egqYuK8--
--===============8380529388991809186== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|