Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 760690 (CVE-2020-27207)

Summary: <dev-db/sqlcipher-4.5.1: use after free leading to DoS (CVE-2020-27207)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: pinkbyte
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.telekom.com/resource/blob/612796/02fbe4a7e79f19c9e2c6f077e3f4d842/dl-201112-denial-of-serviceen-data.pdf
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 836922, 837008    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-19 03:29:26 UTC 
CVE-2020-27207 (https://github.com/sqlcipher/sqlcipher/compare/v4.4.0...v4.4.1):

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.


Maintainer, please bump to 4.4.1.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:25:02 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:33:34 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:41:27 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:49:36 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:05:31 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:13:49 UTC 
Package list is empty or all packages have requested keywords.
Comment 7 Till Schäfer 2022-01-04 10:40:39 UTC 
Simply renaming the latest ebuild to the 4.5.0 works like a charm here.
Comment 8 Sergey Popov gentoo-dev 2022-04-05 10:23:32 UTC 
Arches, please test and mark stable:
=dev-db/sqlcipher-4.5.1

Thanks in advance
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-06 13:54:01 UTC 
No, stabilizations are not done in security bugs anymore, as announced here:

https://archives.gentoo.org/gentoo-dev-announce/message/66f1227144d451eac3c1f641771be557

Please also remember to use Bug: tags to associate the security bump to the security bug.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 13:52:16 UTC 
Please cleanup.
Comment 11 Larry the Git Cow gentoo-dev 2022-04-11 07:01:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff28e488512db2d448a46dd2144a846399904cc7

commit ff28e488512db2d448a46dd2144a846399904cc7
Author:     Sergey Popov <pinkbyte@gentoo.org>
AuthorDate: 2022-04-11 07:00:16 +0000
Commit:     Sergey Popov <pinkbyte@gentoo.org>
CommitDate: 2022-04-11 07:00:29 +0000

    dev-dv/sqlcipher: drop old vulnerable version
    
    Bug: https://bugs.gentoo.org/760690
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sergey Popov <pinkbyte@gentoo.org>

 dev-db/sqlcipher/Manifest               |  1 -
 dev-db/sqlcipher/sqlcipher-4.0.1.ebuild | 70 ---------------------------------
 2 files changed, 71 deletions(-)