Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-2398)

Anfälligkeitssuche		Suche in 191973 CVE Beschreibungen und 86218 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2020.2398

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-2398)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS; 'sqlite' package(s) announced via the EulerOS-SA-2020-2398 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS
'sqlite' package(s) announced via the EulerOS-SA-2020-2398 advisory.

Vulnerability Insight:
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2019-5827)

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923)

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls.(CVE-2019-19926)

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.(CVE-2020-13434)

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)

Affected Software/OS:
'sqlite' package(s) on Huawei EulerOS V2.0SP2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-5827
Bugtraq: 20190813 [SECURITY] [DSA 4500-1] chromium security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/19
Debian Security Information: DSA-4500 (Google Search)
https://www.debian.org/security/2019/dsa-4500
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
https://security.gentoo.org/glsa/202003-16
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
https://crbug.com/952406
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:1666 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
https://usn.ubuntu.com/4205-1/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2020.2398
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-2398)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS; 'sqlite' package(s) announced via the EulerOS-SA-2020-2398 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'sqlite' package(s) announced via the EulerOS-SA-2020-2398 advisory. Vulnerability Insight: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2019-5827) flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls.(CVE-2019-19926) SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.(CVE-2020-13434) SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435) Affected Software/OS: 'sqlite' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-5827 Bugtraq: 20190813 [SECURITY] [DSA 4500-1] chromium security update (Google Search) https://seclists.org/bugtraq/2019/Aug/19 Debian Security Information: DSA-4500 (Google Search) https://www.debian.org/security/2019/dsa-4500 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/ https://security.gentoo.org/glsa/202003-16 https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html https://crbug.com/952406 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html SuSE Security Announcement: openSUSE-SU-2019:1666 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://usn.ubuntu.com/4205-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH