Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0070
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0070)
Summary:	The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2020-0070 advisory.
Description:	Summary: The remote host is missing an update for the 'sqlite3' package(s) announced via the MGASA-2020-0070 advisory. Vulnerability Insight: Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw (CVE-2019-13734), insufficient data validation flaw (CVE-2019-13750), uninitialized use flaw (CVE-2019-13751), and out of bounds read flaws (CVE-2019-13752, CVE-2019-13753) in SQLite before 3.31.0. It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service (CVE-2019-16168). It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions (CVE-2019-19242). It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-19244). exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled (CVE-2019-19880). For other changes in this update, see the referenced releaaselogs. Affected Software/OS: 'sqlite3' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-13734 Bugtraq: 20200120 [SECURITY] [DSA 4606-1] chromium security update (Google Search) https://seclists.org/bugtraq/2020/Jan/27 Debian Security Information: DSA-4606 (Google Search) https://www.debian.org/security/2020/dsa-4606 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/ https://security.gentoo.org/glsa/202003-08 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025466 https://www.oracle.com/security-alerts/cpujan2022.html RedHat Security Advisories: RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2019:4238 RedHat Security Advisories: RHSA-2020:0227 https://access.redhat.com/errata/RHSA-2020:0227 RedHat Security Advisories: RHSA-2020:0229 https://access.redhat.com/errata/RHSA-2020:0229 RedHat Security Advisories: RHSA-2020:0273 https://access.redhat.com/errata/RHSA-2020:0273 RedHat Security Advisories: RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0451 RedHat Security Advisories: RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0463 RedHat Security Advisories: RHSA-2020:0476 https://access.redhat.com/errata/RHSA-2020:0476 SuSE Security Announcement: openSUSE-SU-2019:2692 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html SuSE Security Announcement: openSUSE-SU-2019:2694 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://usn.ubuntu.com/4298-1/ https://usn.ubuntu.com/4298-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-13750 https://crbug.com/1025464 Common Vulnerability Exposure (CVE) ID: CVE-2019-13751 https://crbug.com/1025465 Common Vulnerability Exposure (CVE) ID: CVE-2019-13752 https://crbug.com/1025470 Common Vulnerability Exposure (CVE) ID: CVE-2019-13753 https://crbug.com/1025471 Common Vulnerability Exposure (CVE) ID: CVE-2019-16168 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/ https://security.gentoo.org/glsa/202003-16 https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62 https://www.sqlite.org/src/timeline?c=98357d8c1263920b https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html SuSE Security Announcement: openSUSE-SU-2019:2298 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html SuSE Security Announcement: openSUSE-SU-2019:2300 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html https://usn.ubuntu.com/4205-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-19242 https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c Common Vulnerability Exposure (CVE) ID: CVE-2019-19244 https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348 Common Vulnerability Exposure (CVE) ID: CVE-2019-19880 Debian Security Information: DSA-4638 (Google Search) https://www.debian.org/security/2020/dsa-4638 https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 RedHat Security Advisories: RHSA-2020:0514 https://access.redhat.com/errata/RHSA-2020:0514 SuSE Security Announcement: openSUSE-SU-2020:0189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html SuSE Security Announcement: openSUSE-SU-2020:0210 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:0233 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.