Source | Text Version

QSN-4205-1: sqlite3 vulnerabilities

December 2, 2019

Summary

Several security issues were fixed in SQLite.

Details

It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)

It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168)

It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244)

It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018)

It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827)

References

https://usn.ubuntu.com/4205-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l libsqlite3-0

If the current version you have is before 3.11.0-1ubuntu1.3, run the following:

$ sudo apt-get update
$ sudo apt-get install libsqlite3-0

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l sqlite3

If the current version you have is before 3.11.0-1ubuntu1.3, run the following:

$ sudo apt-get update
$ sudo apt-get install sqlite3

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.