USN-4205-1: SQLite vulnerabilities

02 December 2019

Several security issues were fixed in SQLite.

Releases

Packages

  • sqlite3 - C library that implements an SQL database engine

Details

It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)

It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04.
(CVE-2019-16168)

It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to mishandles some expressions.
This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242)

It was discovered that SQLite incorrectly handled certain queries.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244)

It was discovered that SQLite incorrectly handled certain SQL commands.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 19.04. (CVE-2019-5018)

It was discovered that SQLite incorrectly handled certain commands. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-5827)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-4394-1: sqlite3-doc, lemon, libsqlite3-dev, sqlite3, libsqlite3-tcl, libsqlite3-0