Test ID:	1.3.6.1.4.1.25623.1.0.844058
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4019-1)
Summary:	The remote host is missing an update for the 'sqlite3' package(s) announced via the USN-4019-1 advisory.
Description:	Summary: The remote host is missing an update for the 'sqlite3' package(s) announced via the USN-4019-1 advisory. Vulnerability Insight: It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2519) Affected Software/OS: 'sqlite3' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10, Ubuntu 19.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6153 BugTraq ID: 91546 http://www.securityfocus.com/bid/91546 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/ https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html http://www.openwall.com/lists/oss-security/2016/07/01/2 http://www.openwall.com/lists/oss-security/2016/07/01/1 SuSE Security Announcement: openSUSE-SU-2016:2041 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html https://usn.ubuntu.com/4019-1/ https://usn.ubuntu.com/4019-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-10989 BugTraq ID: 99502 http://www.securityfocus.com/bid/99502 http://marc.info/?l=sqlite-users&m=149933696214713&w=2 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 https://sqlite.org/src/info/66de6f4a https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html http://www.securitytracker.com/id/1039427 SuSE Security Announcement: openSUSE-SU-2019:1426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html Common Vulnerability Exposure (CVE) ID: CVE-2017-13685 BugTraq ID: 100521 http://www.securityfocus.com/bid/100521 http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html Common Vulnerability Exposure (CVE) ID: CVE-2017-2518 BugTraq ID: 98468 http://www.securityfocus.com/bid/98468 http://www.securitytracker.com/id/1038484 Common Vulnerability Exposure (CVE) ID: CVE-2017-2519 Common Vulnerability Exposure (CVE) ID: CVE-2017-2520 Common Vulnerability Exposure (CVE) ID: CVE-2018-20346 BugTraq ID: 106323 http://www.securityfocus.com/bid/106323 FreeBSD Security Advisory: FreeBSD-EN-19:03 https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc https://security.gentoo.org/glsa/201904-21 https://access.redhat.com/articles/3758321 https://blade.tencent.com/magellan/index_en.html https://bugzilla.redhat.com/show_bug.cgi?id=1659379 https://bugzilla.redhat.com/show_bug.cgi?id=1659677 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e https://crbug.com/900910 https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html https://news.ycombinator.com/item?id=18685296 https://sqlite.org/src/info/940f2adc8541a838 https://sqlite.org/src/info/d44318f59044162e https://worthdoingbadly.com/sqlitebug/ https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.sqlite.org/releaselog/3_25_3.html https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html SuSE Security Announcement: openSUSE-SU-2019:1159 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html SuSE Security Announcement: openSUSE-SU-2019:1222 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html Common Vulnerability Exposure (CVE) ID: CVE-2018-20505 http://seclists.org/fulldisclosure/2019/Jan/62 http://seclists.org/fulldisclosure/2019/Jan/64 http://seclists.org/fulldisclosure/2019/Jan/66 http://seclists.org/fulldisclosure/2019/Jan/67 http://seclists.org/fulldisclosure/2019/Jan/68 http://seclists.org/fulldisclosure/2019/Jan/69 http://www.securityfocus.com/bid/106698 https://seclists.org/bugtraq/2019/Jan/28 https://seclists.org/bugtraq/2019/Jan/29 https://seclists.org/bugtraq/2019/Jan/31 https://seclists.org/bugtraq/2019/Jan/32 https://seclists.org/bugtraq/2019/Jan/33 https://seclists.org/bugtraq/2019/Jan/39 https://sqlite.org/src/info/1a84668dcfdebaf12415d https://support.apple.com/kb/HT209443 https://support.apple.com/kb/HT209446 https://support.apple.com/kb/HT209447 https://support.apple.com/kb/HT209448 https://support.apple.com/kb/HT209450 https://support.apple.com/kb/HT209451 Common Vulnerability Exposure (CVE) ID: CVE-2018-20506 Common Vulnerability Exposure (CVE) ID: CVE-2019-8457 https://security.netapp.com/advisory/ntap-20190606-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/ https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://www.sqlite.org/releaselog/3_28_0.html https://www.sqlite.org/src/info/90acdbfce9c08858 SuSE Security Announcement: openSUSE-SU-2019:1645 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html https://usn.ubuntu.com/4004-1/ https://usn.ubuntu.com/4004-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9936 BugTraq ID: 107562 http://www.securityfocus.com/bid/107562 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/ https://security.gentoo.org/glsa/201908-09 https://sqlite.org/src/info/b3fa58dd7403dbd4 https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html SuSE Security Announcement: openSUSE-SU-2019:1372 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2019-9937 https://sqlite.org/src/info/45c73deb440496e8 https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.