Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711526 (CVE-2020-9327) - <dev-db/sqlite-3.31.1: NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327)
Summary: <dev-db/sqlite-3.31.1: NULL pointer dereference and segmentation fault becaus...
Status: RESOLVED FIXED
Alias: CVE-2020-9327
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2019-19242, CVE-2019-19244, CVE-2019-19317, CVE-2019-19603, CVE-2019-20218
  Show dependency tree
 
Reported: 2020-03-04 16:09 UTC by Agostino Sarubbo
Modified: 2020-04-23 14:45 UTC (History)
3 users (show)

See Also:
Package list:
dev-db/sqlite-3.31.1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2020-03-04 16:09:38 UTC
From https://bugzilla.redhat.com/1809315 :
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL
pointer dereference and segmentation fault because of generated column
optimizations.

References:
https://www.sqlite.org/cgi/src/info/4374860b29383380
https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
https://www.sqlite.org/cgi/src/info/abc473fb8fb99900




@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Arfrever Frehtes Taifersar Arahesis 2020-03-08 04:44:11 UTC
Other security-related fixes useful for backporting:

https://sqlite.org/cgi/src/info/5aeb5a2d295e10d5
"Fix a potential NULL pointer dereference following OOM. Problem discovered by dbsqlfuzz. Test case in TH3."

https://sqlite.org/cgi/src/info/a67cf5b7d37d5b14
"Early-out on the INTERSECT query processing following an out-of-memory error. This fixes a potential null pointer dereference found by sakura(@eternalsakura13) of Alpha Team, Qihoo 360."

https://sqlite.org/cgi/src/info/14d14eb537075c6a
"Add test case for previous commit."
Comment 2 Arfrever Frehtes Taifersar Arahesis 2020-03-08 06:07:30 UTC
https://sqlite.org/cgi/src/info/c431b3fd8fd0f6a6
"Fix a problem with ALTER TABLE for views that have a nested FROM clause. Ticket [f50af3e8a565776b]."
(Referenced ticket (https://sqlite.org/cgi/src/info/f50af3e8a565776b) is about out-of-bounds memory access.)
Comment 3 Larry the Git Cow gentoo-dev 2020-03-09 19:29:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f97d093bbdf3d3b6057a3743c4f9f541e51fd435

commit f97d093bbdf3d3b6057a3743c4f9f541e51fd435
Author:     Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
AuthorDate: 2020-03-09 16:30:41 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-03-09 19:26:42 +0000

    dev-db/sqlite: Security fixes.
    
    Bug: https://bugs.gentoo.org/711526
    Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 ...sqlite-3.31.1-full_archive-security_fixes.patch | 163 +++++++++++++++++++++
 ...ite-3.31.1-nonfull_archive-security_fixes.patch | 112 ++++++++++++++
 dev-db/sqlite/sqlite-3.31.1.ebuild                 |   2 +
 3 files changed, 277 insertions(+)
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-10 08:52:38 UTC
sparc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-10 08:55:37 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-10 08:56:38 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-10 10:33:54 UTC
ia64 stable
Comment 8 Mart Raudsepp gentoo-dev 2020-03-12 14:13:12 UTC
arm64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-03-12 16:25:14 UTC
s390 stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-03-14 18:06:23 UTC
arm stable
Comment 11 Thomas Deutschmann gentoo-dev Security 2020-03-15 01:53:25 UTC
New GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-03-15 02:04:15 UTC
This issue was resolved and addressed in
 GLSA 202003-16 at https://security.gentoo.org/glsa/202003-16
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 13 Thomas Deutschmann gentoo-dev Security 2020-03-15 02:04:51 UTC
Re-opening for remaining architectures.
Comment 14 Rolf Eike Beer 2020-03-15 12:45:11 UTC
hppa stable
Comment 15 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 14:07:48 UTC
SuperH port disbanded.
Comment 16 Sam James archtester gentoo-dev Security 2020-04-18 00:19:21 UTC
@m68k: ping
Comment 17 Sergei Trofimovich gentoo-dev 2020-04-21 07:15:42 UTC
m68k dropped stable keywords
Comment 18 Sam James archtester gentoo-dev Security 2020-04-21 07:23:02 UTC
@maintainer(s), please cleanup
Comment 19 Larry the Git Cow gentoo-dev 2020-04-23 14:44:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=266adc0dd4ef16721ec51ffdc69df7325f6824fb

commit 266adc0dd4ef16721ec51ffdc69df7325f6824fb
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-04-23 14:44:23 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-23 14:44:23 +0000

    dev-db/sqlite: security cleanup
    
    Bug: https://bugs.gentoo.org/711526
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/sqlite/Manifest             |   6 -
 dev-db/sqlite/sqlite-3.29.0.ebuild | 395 -------------------------------------
 dev-db/sqlite/sqlite-3.30.1.ebuild | 388 ------------------------------------
 3 files changed, 789 deletions(-)
Comment 20 Thomas Deutschmann gentoo-dev Security 2020-04-23 14:45:01 UTC
Repository is clean, all done.