| Summary: | <dev-db/sqlite-3.8.9: Multiple vulnerabilities (CVE-2015-{3414,3415,3416}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | arfrever.fta |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=605688 | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Hanno Böck
2015-04-14 18:57:44 UTC
http://www.securityfocus.com/archive/1/535269 more information on the potentials. Changing to B2 From Site: Anyway, long story short, I recently reported around 22 bugs in the query parser, including the use of uninitialized memory when parsing collation sequences: https://www.sqlite.org/src/info/eddc05e7bb31fae7 ...and bad free(): https://www.sqlite.org/src/info/02e3c88fbf6abdcf ...and a stack buffer overflow: http://www.sqlite.org/src/info/c494171f77dc2e5e I did some more fuzzing on sqlite and upstream fixed the issues quickly: https://www.sqlite.org/cgi/src/info/f71053cf658b3260 https://www.sqlite.org/cgi/src/info/e018f4bf1f27f783 Likely minor issues, but you may want to backport these for the update. Stabilize dev-db/sqlite-3.8.9. Arches, please test and mark stable: =dev-db/sqlite-3.8.9 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you! Stable for HPPA. amd64 stable x86 stable ppc stable Stable for PPC64. CVE-2015-3416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416): The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. CVE-2015-3415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415): The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. CVE-2015-3414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414): SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. alpha stable ia64 stable sparc stable arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Vulnerable <dev-db/sqlite-3.8.9 dropped. This issue was resolved and addressed in GLSA 201507-05 at https://security.gentoo.org/glsa/201507-05 by GLSA coordinator Mikle Kolyada (Zlogene). |
