libsqlite3-0-3.36.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11400 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsqlite3-0-3.36.0-1.2 on GA media These are all security issues fixed in the libsqlite3-0-3.36.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11400 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11400 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-8740/ SUSE CVE CVE-2018-8740 page https://www.suse.com/security/cve/CVE-2019-16168/ SUSE CVE CVE-2019-16168 page https://www.suse.com/security/cve/CVE-2019-9936/ SUSE CVE CVE-2019-9936 page https://www.suse.com/security/cve/CVE-2019-9937/ SUSE CVE CVE-2019-9937 page https://www.suse.com/security/cve/CVE-2020-13434/ SUSE CVE CVE-2020-13434 page https://www.suse.com/security/cve/CVE-2020-13435/ SUSE CVE CVE-2020-13435 page https://www.suse.com/security/cve/CVE-2020-13630/ SUSE CVE CVE-2020-13630 page https://www.suse.com/security/cve/CVE-2020-13631/ SUSE CVE CVE-2020-13631 page https://www.suse.com/security/cve/CVE-2020-13632/ SUSE CVE CVE-2020-13632 page https://www.suse.com/security/cve/CVE-2020-13871/ SUSE CVE CVE-2020-13871 page openSUSE Tumbleweed libsqlite3-0-3.36.0-1.2 libsqlite3-0-32bit-3.36.0-1.2 sqlite3-3.36.0-1.2 sqlite3-devel-3.36.0-1.2 sqlite3-doc-3.36.0-1.2 libsqlite3-0-3.36.0-1.2 as a component of openSUSE Tumbleweed libsqlite3-0-32bit-3.36.0-1.2 as a component of openSUSE Tumbleweed sqlite3-3.36.0-1.2 as a component of openSUSE Tumbleweed sqlite3-devel-3.36.0-1.2 as a component of openSUSE Tumbleweed sqlite3-doc-3.36.0-1.2 as a component of openSUSE Tumbleweed In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. CVE-2018-8740 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-8740.html CVE-2018-8740 https://bugzilla.suse.com/1085790 SUSE Bug 1085790 https://bugzilla.suse.com/1131919 SUSE Bug 1131919 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." CVE-2019-16168 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-16168.html CVE-2019-16168 https://bugzilla.suse.com/1150137 SUSE Bug 1150137 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. CVE-2019-9936 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9936.html CVE-2019-9936 https://bugzilla.suse.com/1130326 SUSE Bug 1130326 https://bugzilla.suse.com/1154162 SUSE Bug 1154162 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. CVE-2019-9937 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9937.html CVE-2019-9937 https://bugzilla.suse.com/1130325 SUSE Bug 1130325 https://bugzilla.suse.com/1154162 SUSE Bug 1154162 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. CVE-2020-13434 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13434.html CVE-2020-13434 https://bugzilla.suse.com/1172115 SUSE Bug 1172115 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. CVE-2020-13435 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13435.html CVE-2020-13435 https://bugzilla.suse.com/1172091 SUSE Bug 1172091 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. CVE-2020-13630 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13630.html CVE-2020-13630 https://bugzilla.suse.com/1172234 SUSE Bug 1172234 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13631 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13631.html CVE-2020-13631 https://bugzilla.suse.com/1172236 SUSE Bug 1172236 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. CVE-2020-13632 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13632.html CVE-2020-13632 https://bugzilla.suse.com/1172240 SUSE Bug 1172240 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. CVE-2020-13871 openSUSE Tumbleweed:libsqlite3-0-3.36.0-1.2 openSUSE Tumbleweed:libsqlite3-0-32bit-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-devel-3.36.0-1.2 openSUSE Tumbleweed:sqlite3-doc-3.36.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13871.html CVE-2020-13871 https://bugzilla.suse.com/1172646 SUSE Bug 1172646