181 lines
7.7 KiB
JSON
181 lines
7.7 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20191034",
|
||
"Version": "oval:org.altlinux.errata:def:20191034",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2019-1034: package `sqlite3` update to version 3.26.0-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c9f2"
|
||
],
|
||
"Products": [
|
||
"ALT SPWorkstation",
|
||
"ALT SPServer"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2019-1034",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1034",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2020-02558",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2020-02558",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2020-02776",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2020-02776",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2020-04840",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2020-04840",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-20346",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20346",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-20505",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20505",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-20506",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20506",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades sqlite3 to version 3.26.0-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02558: Уязвимость модуля виртуальных таблиц FTS3 системы управления базами данных SQLite, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2020-02776: Уязвимость системы управления базами данных SQLite, связанная с отсутствием защиты структуры запроса SQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-04840: Уязвимость расширения FTS3 системы управления базами данных SQLite, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2018-20346: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.\n\n * CVE-2018-20505: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).\n\n * CVE-2018-20506: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2019-01-14"
|
||
},
|
||
"Updated": {
|
||
"Date": "2019-01-14"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2020-02558",
|
||
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://bdu.fstec.ru/vul/2020-02558",
|
||
"Impact": "High",
|
||
"Public": "20190403"
|
||
},
|
||
{
|
||
"ID": "BDU:2020-02776",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-89",
|
||
"Href": "https://bdu.fstec.ru/vul/2020-02776",
|
||
"Impact": "High",
|
||
"Public": "20190619"
|
||
},
|
||
{
|
||
"ID": "BDU:2020-04840",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://bdu.fstec.ru/vul/2020-04840",
|
||
"Impact": "High",
|
||
"Public": "20181110"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2018-20346",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20346",
|
||
"Impact": "High",
|
||
"Public": "20181221"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-20505",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-89",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20505",
|
||
"Impact": "High",
|
||
"Public": "20190403"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-20506",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20506",
|
||
"Impact": "High",
|
||
"Public": "20190403"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:8.4",
|
||
"cpe:/o:alt:spserver:8.4"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034001",
|
||
"Comment": "lemon is earlier than 0:3.26.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034002",
|
||
"Comment": "libsqlite3 is earlier than 0:3.26.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034003",
|
||
"Comment": "libsqlite3-devel is earlier than 0:3.26.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034004",
|
||
"Comment": "libsqlite3-devel-static is earlier than 0:3.26.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034005",
|
||
"Comment": "sqlite3 is earlier than 0:3.26.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034006",
|
||
"Comment": "sqlite3-doc is earlier than 0:3.26.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191034007",
|
||
"Comment": "sqlite3-tcl is earlier than 0:3.26.0-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |