Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891633 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for sqlite3 (DLA-1633-1) |
Zusammenfassung: | Several flaws were corrected in SQLite, an SQL database engine.;;CVE-2017-2518;;A use-after-free bug in the query optimizer may cause a;buffer overflow and application crash via a crafted SQL statement.;;CVE-2017-2519;;Insufficient size of the reference count on Table objects;could lead to a denial-of-service or arbitrary code execution.;;CVE-2017-2520;;The sqlite3_value_text() interface returned a buffer that was not;large enough to hold the complete string plus zero terminator when;the input was a zeroblob. This could lead to arbitrary code;execution or a denial-of-service.;;CVE-2017-10989;;SQLite mishandles undersized RTree blobs in a crafted database;leading to a heap-based buffer over-read or possibly unspecified;other impact.;;CVE-2018-8740;;Databases whose schema is corrupted using a CREATE TABLE AS;statement could cause a NULL pointer dereference. |
Beschreibung: | Summary: Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial-of-service or arbitrary code execution. CVE-2017-2520 The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial-of-service. CVE-2017-10989 SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact. CVE-2018-8740 Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference. Affected Software/OS: sqlite3 on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 3.8.7.1-1+deb8u4. We recommend that you upgrade your sqlite3 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-2518 BugTraq ID: 98468 http://www.securityfocus.com/bid/98468 https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html http://www.securitytracker.com/id/1038484 https://usn.ubuntu.com/4019-1/ https://usn.ubuntu.com/4019-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-2519 Common Vulnerability Exposure (CVE) ID: CVE-2017-2520 Common Vulnerability Exposure (CVE) ID: CVE-2018-8740 BugTraq ID: 103466 http://www.securityfocus.com/bid/103466 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349 https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html SuSE Security Announcement: openSUSE-SU-2019:1426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html https://usn.ubuntu.com/4205-1/ https://usn.ubuntu.com/4394-1/ |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |