The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can force the usage of a freed memory area via resetAccumulator() of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Solaris, Percona Server, SQLite.
Severity of this bulletin: 2/4.
Creation date: 08/06/2020.
Références of this threat: bulletinoct2020, cpujan2021, CVE-2020-13871, DLA-2340-1, DLA-2340-2, FEDORA-2020-d0f892b069, VIGILANCE-VUL-32457.
Description of the vulnerability 
An attacker can force the usage of a freed memory area via resetAccumulator() of SQLite, in order to trigger a denial of service, and possibly to run code. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This threat impacts software or systems such as Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Solaris, Percona Server, SQLite.
Our Vigil@nce team determined that the severity of this computer threat is medium.
The trust level is of type confirmed by the editor, with an origin of user account.
A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this cybersecurity bulletin.
Solutions for this threat 
SQLite: patch for resetAccumulator.
A patch is indicated in information sources.
Debian 9: new sqlite3 packages.
New packages are available:
Debian 9: sqlite3 3.16.2-5+deb9u3
Fedora 32: new sqlite packages.
New packages are available:
Fedora 32: sqlite 3.33.0-1.fc32
MariaDB: versions 10.2.37, 10.3.28, 10.4.18 and 10.5.9.
Versions 10.2.37, 10.3.28, 10.4.18 and 10.5.9 are fixed:
https://mariadb.com/
Oracle Communications: CPU of January 2021.
A Critical Patch Update is available:
https://support.oracle.com/rs?type=doc&id=2737802.1
https://support.oracle.com/rs?type=doc&id=2738918.1
https://support.oracle.com/rs?type=doc&id=2738919.1
https://support.oracle.com/rs?type=doc&id=2738920.1
https://support.oracle.com/rs?type=doc&id=2738930.1
https://support.oracle.com/rs?type=doc&id=2737803.1
https://support.oracle.com/rs?type=doc&id=2737804.1
https://support.oracle.com/rs?type=doc&id=2738931.1
https://support.oracle.com/rs?type=doc&id=2738942.1
https://support.oracle.com/rs?type=doc&id=2737809.1
https://support.oracle.com/rs?type=doc&id=2737806.1
https://support.oracle.com/rs?type=doc&id=2737808.1
Oracle MySQL: version 5.6.51.
The version 5.6.51 is fixed:
https://support.oracle.com/rs?type=doc&id=2739278.1
https://www.mysql.com/fr/downloads/
https://dev.mysql.com/downloads/mysql/
Oracle MySQL: version 5.7.33.
The version 5.7.33 is fixed:
https://support.oracle.com/rs?type=doc&id=2739278.1
https://www.mysql.com/fr/downloads/
https://dev.mysql.com/downloads/mysql/
Oracle MySQL: version 8.0.23.
The version 8.0.23 is fixed:
https://support.oracle.com/rs?type=doc&id=2739278.1
https://www.mysql.com/fr/downloads/
https://dev.mysql.com/downloads/mysql/
Oracle Solaris: patch for third party software of October 2020 v2.
A patch is available:
https://support.oracle.com/rs?type=doc&id=1448883.1
Percona Server: version 5.6.51-91.0.
The version 5.6.51-91.0 is fixed:
https://www.percona.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides applications vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.
|