The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of SQLite: denial of service via Zero Size

Synthesis of the vulnerability 

An attacker can trigger a fatal error via Zero Size of SQLite, in order to trigger a denial of service.
Vulnerable software: Debian, NetWorker, Unisphere EMC, Fedora, Juniper EX-Series, Juniper J-Series, Junos OS, MX-Series, PTX-Series, QFX-Series, SRX-Series, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Fusion Middleware, Oracle OIT, Solaris, WebLogic, SIMATIC, SQLite, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 1/4.
Creation date: 10/09/2019.
Références of this computer vulnerability: cpuapr2020, cpujan2020, cpuoct2020, CVE-2019-16168, DLA-2340-1, DSA-2020-062, DSA-2020-198, FEDORA-2019-b1636e0b70, JSA11055, openSUSE-SU-2019:2298-1, openSUSE-SU-2019:2300-1, SSB-439005, SUSE-SU-2019:2533-1, SUSE-SU-2019:2536-1, USN-4205-1, VIGILANCE-VUL-30283.

Description of the vulnerability 

An attacker can trigger a fatal error via Zero Size of SQLite, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Debian, NetWorker, Unisphere EMC, Fedora, Juniper EX-Series, Juniper J-Series, Junos OS, MX-Series, PTX-Series, QFX-Series, SRX-Series, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Fusion Middleware, Oracle OIT, Solaris, WebLogic, SIMATIC, SQLite, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer weakness is low.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this vulnerability announce.

Solutions for this threat 

SQLite: patch for Zero Size.
A patch is indicated in information sources.

Debian 9: new sqlite3 packages.
New packages are available:
  Debian 9: sqlite3 3.16.2-5+deb9u2

Dell EMC NetWorker Virtual Edition: patch for Java.
A patch is indicated in information sources.

Dell EMC Unisphere for PowerMax: solution.
The solution is indicated in information sources.

Fedora 30: new sqlite packages.
New packages are available:
  Fedora 30: sqlite 3.26.0-7.fc30

Junos OS: fixed versions for SQLite.
Fixed versions are indicated in information sources.

openSUSE Leap 15: new sqlite3 packages.
New packages are available:
  openSUSE Leap 15.0: sqlite3 3.28.0-lp150.2.9.1
  openSUSE Leap 15.1: sqlite3 3.28.0-lp151.2.3.1

Oracle Communications: CPU of January 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2625594.1
  https://support.oracle.com/rs?type=doc&id=2626101.1
  https://support.oracle.com/rs?type=doc&id=2628576.1
  https://support.oracle.com/rs?type=doc&id=2626102.1
  https://support.oracle.com/rs?type=doc&id=2622427.1
  https://support.oracle.com/rs?type=doc&id=2595443.1
  https://support.oracle.com/rs?type=doc&id=2595442.1
  https://support.oracle.com/rs?type=doc&id=2617852.1
  https://support.oracle.com/rs?type=doc&id=2626103.1

Oracle Database: CPU of October 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2694898.1

Oracle Fusion Middleware: CPU of April 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2633852.1

Oracle Solaris: CPU of April 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2650589.1

Oracle Solaris: patch for third party software of Januray 2020 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SIMATIC S7-1500 CPU 1518: workaround for GNU/Linux Vulnerabilities.
A workaround is indicated in the information source.

SUSE LE 12 SP4: new sqlite3 packages.
New packages are available:
  SUSE LE 12 SP4: sqlite3 3.8.10.2-9.12.1

SUSE LE 15: new sqlite3 packages.
New packages are available:
  SUSE LE 15 RTM: sqlite3 3.28.0-3.9.2
  SUSE LE 15 SP1: sqlite3 3.28.0-3.9.2

Ubuntu: new sqlite3 packages.
New packages are available:
  Ubuntu 19.10: libsqlite3-0 3.29.0-2ubuntu0.1, sqlite3 3.29.0-2ubuntu0.1
  Ubuntu 19.04: libsqlite3-0 3.27.2-2ubuntu0.2, sqlite3 3.27.2-2ubuntu0.2
  Ubuntu 18.04 LTS: libsqlite3-0 3.22.0-1ubuntu0.2, sqlite3 3.22.0-1ubuntu0.2
  Ubuntu 16.04 LTS: libsqlite3-0 3.11.0-1ubuntu1.3, sqlite3 3.11.0-1ubuntu1.3
  Ubuntu 12.04 ESM: libsqlite3-0 3.7.9-2ubuntu1.4, sqlite3 3.7.9-2ubuntu1.4

Wind River Linux: version 10.17.41.19.
The version 10.17.41.19 is fixed.

Wind River Linux: version 10.18.44.12.
The version 10.18.44.12 is fixed:
  https://support2.windriver.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability patches. The technology watch team tracks security threats targeting the computer system.