-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sqlite security update Advisory ID: RHSA-2021:1581-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1581 Issue date: 2021-05-18 CVE Names: CVE-2020-13434 CVE-2020-15358 ==================================================================== 1. Summary: An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434) * sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (CVE-2020-15358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1785564 - test/fts3conf.test not run on s390x ppc64 1841223 - CVE-2020-13434 sqlite: integer overflow in sqlite3_str_vappendf function in printf.c 1851957 - CVE-2020-15358 sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: lemon-3.26.0-13.el8.aarch64.rpm lemon-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-debugsource-3.26.0-13.el8.aarch64.rpm sqlite-libs-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.aarch64.rpm ppc64le: lemon-3.26.0-13.el8.ppc64le.rpm lemon-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-debugsource-3.26.0-13.el8.ppc64le.rpm sqlite-libs-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.ppc64le.rpm s390x: lemon-3.26.0-13.el8.s390x.rpm lemon-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-debugsource-3.26.0-13.el8.s390x.rpm sqlite-libs-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.s390x.rpm x86_64: lemon-3.26.0-13.el8.x86_64.rpm lemon-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-debugsource-3.26.0-13.el8.x86_64.rpm sqlite-libs-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: sqlite-3.26.0-13.el8.src.rpm aarch64: lemon-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-3.26.0-13.el8.aarch64.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-debugsource-3.26.0-13.el8.aarch64.rpm sqlite-devel-3.26.0-13.el8.aarch64.rpm sqlite-libs-3.26.0-13.el8.aarch64.rpm sqlite-libs-debuginfo-3.26.0-13.el8.aarch64.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.aarch64.rpm noarch: sqlite-doc-3.26.0-13.el8.noarch.rpm ppc64le: lemon-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-3.26.0-13.el8.ppc64le.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-debugsource-3.26.0-13.el8.ppc64le.rpm sqlite-devel-3.26.0-13.el8.ppc64le.rpm sqlite-libs-3.26.0-13.el8.ppc64le.rpm sqlite-libs-debuginfo-3.26.0-13.el8.ppc64le.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.ppc64le.rpm s390x: lemon-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-3.26.0-13.el8.s390x.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-debugsource-3.26.0-13.el8.s390x.rpm sqlite-devel-3.26.0-13.el8.s390x.rpm sqlite-libs-3.26.0-13.el8.s390x.rpm sqlite-libs-debuginfo-3.26.0-13.el8.s390x.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.s390x.rpm x86_64: lemon-debuginfo-3.26.0-13.el8.i686.rpm lemon-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-3.26.0-13.el8.i686.rpm sqlite-3.26.0-13.el8.x86_64.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.i686.rpm sqlite-analyzer-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-debuginfo-3.26.0-13.el8.i686.rpm sqlite-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-debugsource-3.26.0-13.el8.i686.rpm sqlite-debugsource-3.26.0-13.el8.x86_64.rpm sqlite-devel-3.26.0-13.el8.i686.rpm sqlite-devel-3.26.0-13.el8.x86_64.rpm sqlite-libs-3.26.0-13.el8.i686.rpm sqlite-libs-3.26.0-13.el8.x86_64.rpm sqlite-libs-debuginfo-3.26.0-13.el8.i686.rpm sqlite-libs-debuginfo-3.26.0-13.el8.x86_64.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.i686.rpm sqlite-tcl-debuginfo-3.26.0-13.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPtbdzjgjWX9erEAQgsxQ/9GOe+yO0JFxnI/oRxH79RF0qKOPZz0MlO RYqUyurEzpcSGyWRyDygvf/lrD7S8wOJUinHOD7hxgDwvyPuwiW8RKYhce0oPJ1M 8dG4Ppid6maTybWfCMBUdVUCloPmf3FVyZ8C9I08DuRwoEdJqIN3EP5Nu2bkTiBq ZIY4clkSEFG132kU2jSng6KnWxMZ1qTkqMyuVxhJe9+2WqPe42Pi+EwAghc6/Z+n sxVhA0BaPzzrMf+m93QRuH5i5RCMNTiRq+j2nRmkBWbv27hmLTQp1KJ7GoqIVr+i gl5rQTgo6GxURl08eRX0FHx2khCV+mcN9f/cH2rz3c/bWiEcyAbkfFIQdbob0qkP MMZj6G9WqmxuDZllGOWmem7VO0SEbwjfTlln+G1mz87DhK82EQbbOMP5RqD6TJZ9 eLjQwrzKn6X9OCIZzaL+4rauJzsd3tQBEcYXpYZU8LZ4UZVyjcD9lHewM9+VuFzf zah2CDKbpNmjBJjBawyg0LLNWN20SChovvqqhNFqq5kXr1tdLuuUIJKfcljrR4bu jijWShkQuhgsLoHmTUWIkyqDZMWp7NxByMjD5gxO/bT/+saQvZGzqcIOsOMYk3xm /2jT4xHf8A4C4km/vxGP3LQWLpquthnz80pYW8tfTeDG0zUUylmXRLlhsl6r4FZf 7pAr7EidGuU=mQ0f -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce