ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0303
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0303)
Resumen:	The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2021-0303 advisory.
Descripción:	Summary: The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2021-0303 advisory. Vulnerability Insight: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327). SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled (CVE-2020-11655). SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c (CVE-2020-13434). SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c (CVE-2020-13435). ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature (CVE-2020-13630). SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c (CVE-2020-13631). ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query (CVE-2020-13632). SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late (CVE-2020-13871). In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation (CVE-2020-15358). Affected Software/OS: 'sqlite3' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-11655 https://security.netapp.com/advisory/ntap-20200416-0001/ FreeBSD Security Advisory: FreeBSD-SA-20:22 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://usn.ubuntu.com/4394-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-13434 https://security.netapp.com/advisory/ntap-20200528-0004/ https://support.apple.com/kb/HT211843 https://support.apple.com/kb/HT211844 https://support.apple.com/kb/HT211850 https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT211935 https://support.apple.com/kb/HT211952 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/22 http://seclists.org/fulldisclosure/2020/Dec/32 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.sqlite.org/src/info/23439ea582241138 https://www.sqlite.org/src/info/d08d3405878d394e https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2020-13435 https://www.sqlite.org/src/info/7a5279a25c57adf1 Common Vulnerability Exposure (CVE) ID: CVE-2020-13630 https://security.netapp.com/advisory/ntap-20200608-0002/ https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://sqlite.org/src/info/0d69f76f0865f962 Common Vulnerability Exposure (CVE) ID: CVE-2020-13631 https://sqlite.org/src/info/eca0ba2cf4c0fdf7 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2020-13632 https://sqlite.org/src/info/a4dd148928ea65bd Common Vulnerability Exposure (CVE) ID: CVE-2020-13871 https://security.netapp.com/advisory/ntap-20200619-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/ https://www.sqlite.org/src/info/79eff1d0383179c4 https://www.sqlite.org/src/info/c8d3b9f0a750a529 https://www.sqlite.org/src/info/cd708fa84d2aaaea Common Vulnerability Exposure (CVE) ID: CVE-2020-15358 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.netapp.com/advisory/ntap-20200709-0001/ https://support.apple.com/kb/HT211847 https://support.apple.com/kb/HT212147 http://seclists.org/fulldisclosure/2021/Feb/14 https://www.sqlite.org/src/info/10fa79d00f8091e5 https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2 https://www.sqlite.org/src/tktview?name=8f157e8010 https://usn.ubuntu.com/4438-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-9327 https://security.netapp.com/advisory/ntap-20200313-0002/ https://security.gentoo.org/glsa/202003-16 https://www.sqlite.org/cgi/src/info/4374860b29383380 https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 https://usn.ubuntu.com/4298-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.