Ubuntu Security Notice 4298-2 - USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1f6b622226413e4a80acf52e302ba6f843a1f35b875d754c4b9f9a93a0dce4ce
=========================================================================
Ubuntu Security Notice USN-4298-2
August 03, 2020
sqlite3 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in SQLite.
Software Description:
- sqlite3: C library that implements an SQL database engine
Details:
USN-4298-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled certain shadow tables. An
attacker could use this issue to cause SQLite to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2019-13734,
CVE-2019-13750, CVE-2019-13752, CVE-2019-13753)
It was discovered that SQLite incorrectly handled certain corrupt records.
An attacker could use this issue to cause SQLite to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2019-13751)
It was discovered that SQLite incorrectly handled errors during parsing. An
attacker could use this issue to cause SQLite to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2019-19926)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
libsqlite3-0 3.8.2-1ubuntu2.2+esm2
sqlite3 3.8.2-1ubuntu2.2+esm2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4298-2
https://usn.ubuntu.com/4298-1
CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752,
CVE-2019-13753, CVE-2019-19926