USN-4205-1: SQLite vulnerabilities
2 December 2019
Several security issues were fixed in SQLite.
Releases
Packages
- sqlite3 - C library that implements an SQL database engine
Details
It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04.
(CVE-2019-16168)
It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to mishandles some expressions.
This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242)
It was discovered that SQLite incorrectly handled certain queries.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244)
It was discovered that SQLite incorrectly handled certain SQL commands.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 19.04. (CVE-2019-5018)
It was discovered that SQLite incorrectly handled certain commands. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-5827)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 12.04
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4394-1: sqlite3, libsqlite3-tcl, lemon, sqlite3-doc, libsqlite3-dev, libsqlite3-0