The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of SQLite: buffer overflow

Synthesis of the vulnerability

An attacker can trigger a buffer overflow of SQLite, in order to trigger a denial of service, and possibly to run code.
Severity of this computer vulnerability: 2/4.
Creation date: 20/05/2019.
Références of this announce: CVE-2019-5827, DSA-4500-1, FEDORA-2019-8641591b3c, FEDORA-2019-8fb8240d14, FEDORA-2019-a01751837d, openSUSE-SU-2019:1456-1, openSUSE-SU-2019:1488-1, RHBUG-1706805, RHSA-2019:1243-01, USN-4205-1, VIGILANCE-VUL-29356.

Description of the vulnerability

An attacker can trigger a buffer overflow of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Request your free trial)

This computer vulnerability impacts software or systems such as Debian, Fedora, openSUSE Leap, RHEL, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness.

Solutions for this threat

Debian 10: new chromium packages.
New packages are available:
  Debian 10: chromium 76.0.3809.100-1~deb10u1

Fedora 30: new chromium packages.
New packages are available:
  Fedora 30: chromium 75.0.3770.100-2.fc30

Fedora: new sqlite packages.
New packages are available:
  Fedora 29: sqlite 3.26.0-3.fc29
  Fedora 30: sqlite 3.26.0-5.fc30

openSUSE Leap: new chromium packages.
New packages are available:
  openSUSE Leap 42.3: chromium 74.0.3729.157-211.1
  openSUSE Leap 15.1: chromium 74.0.3729.157-lp151.2.3.1
  openSUSE Leap 15.0: chromium 74.0.3729.157-lp150.212.1

RHEL 6.10: new chromium-browser packages.
New packages are available:
  RHEL 6: chromium-browser 74.0.3729.131-1.el6_10

SUSE LE 15: new chromium packages.
New packages are available:
  SUSE LE 15 RTM: chromium 74.0.3729.157-bp150.210.1

Ubuntu: new sqlite3 packages.
New packages are available:
  Ubuntu 19.10: libsqlite3-0 3.29.0-2ubuntu0.1, sqlite3 3.29.0-2ubuntu0.1
  Ubuntu 19.04: libsqlite3-0 3.27.2-2ubuntu0.2, sqlite3 3.27.2-2ubuntu0.2
  Ubuntu 18.04 LTS: libsqlite3-0 3.22.0-1ubuntu0.2, sqlite3 3.22.0-1ubuntu0.2
  Ubuntu 16.04 LTS: libsqlite3-0 3.11.0-1ubuntu1.3, sqlite3 3.11.0-1ubuntu1.3
  Ubuntu 12.04 ESM: libsqlite3-0 3.7.9-2ubuntu1.4, sqlite3 3.7.9-2ubuntu1.4
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer security bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.