See http://lcamtuf.blogspot.fr/2015/04/finding-bugs-in-sqlite-easy-way.html According to that blog post 3.8.9 fixes all of them. Changelog doesn't mention most of them, but has this: "Fix a potential 32-bit integer overflow problem in the sqlite3_blob_read() and sqlite3_blob_write() interfaces." https://www.sqlite.org/releaselog/3_8_9.html
http://www.securityfocus.com/archive/1/535269 more information on the potentials. Changing to B2 From Site: Anyway, long story short, I recently reported around 22 bugs in the query parser, including the use of uninitialized memory when parsing collation sequences: https://www.sqlite.org/src/info/eddc05e7bb31fae7 ...and bad free(): https://www.sqlite.org/src/info/02e3c88fbf6abdcf ...and a stack buffer overflow: http://www.sqlite.org/src/info/c494171f77dc2e5e
I did some more fuzzing on sqlite and upstream fixed the issues quickly: https://www.sqlite.org/cgi/src/info/f71053cf658b3260 https://www.sqlite.org/cgi/src/info/e018f4bf1f27f783 Likely minor issues, but you may want to backport these for the update.
Stabilize dev-db/sqlite-3.8.9.
Arches, please test and mark stable: =dev-db/sqlite-3.8.9 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you!
Stable for HPPA.
amd64 stable
x86 stable
ppc stable
Stable for PPC64.
CVE-2015-3416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416): The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. CVE-2015-3415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415): The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. CVE-2015-3414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414): SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
alpha stable
ia64 stable
sparc stable
arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Vulnerable <dev-db/sqlite-3.8.9 dropped.
This issue was resolved and addressed in GLSA 201507-05 at https://security.gentoo.org/glsa/201507-05 by GLSA coordinator Mikle Kolyada (Zlogene).
