{"affected":[{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 9","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%209"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 8","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 9","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3-LTSS","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3-BCL","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4-LTSS","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-9.18.1","libsqlite3-0-32bit":"3.36.0-9.18.1","sqlite3":"3.36.0-9.18.1","sqlite3-devel":"3.36.0-9.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-9.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for sqlite3 fixes the following issues:\n\nsqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).\n\nThe following CVEs have been fixed in upstream releases up to\nthis point, but were not mentioned in the change log so far:\n\n* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in\n  multiSelectOrderBy due to mishandling of query-flattener\n  optimization\n* bsc#1164719, CVE-2020-9327: NULL pointer dereference and\n  segmentation fault because of generated column optimizations in\n  isAuxiliaryVtabOperator\n* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds\n  with WITH stack unwinding even after a parsing error\n* bsc#1160438, CVE-2019-19959: memory-management error via\n  ext/misc/zipfile.c involving embedded '\\0' input\n* bsc#1160309, CVE-2019-19923: improper handling  of  certain uses\n  of SELECT DISTINCT in flattenSubquery may lead to null pointer\n  dereference\n* bsc#1159850, CVE-2019-19924: improper error handling in\n  sqlite3WindowRewrite()\n* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname\n  during an update of a ZIP archive\n* bsc#1159715, CVE-2019-19926: improper handling  of certain\n  errors during parsing  multiSelect in select.c\n* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c\n  allows attackers to trigger an invalid pointer dereference\n* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE\n  and CREATE VIEW statements, does not consider confusion with\n  a shadow table name\n* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an\n  integrity_check PRAGMA command in certain cases of generated\n  columns\n* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger\n  infinite recursion via certain types of self-referential views\n  in conjunction with ALTER TABLE statements\n* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits\n  from the colUsed bitmask in the case of a generated column,\n  which allows attackers to cause a denial of service\n* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The\n  function sqlite3Select in select.c allows a crash if a\n  sub-select uses both DISTINCT and window functions, and also\n  has certain ORDER BY usage\n* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator\n  vulnerability\n* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of\n  collation-sequence names\n* CVE-2020-13434 bsc#1172115: integer overflow in\n  sqlite3_str_vappendf\n* CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow\n* CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed\n  to one of its shadow tables\n* CVE-2020-13632 bsc#1172240: NULL pointer dereference via\n  crafted matchinfo() query\n* CVE-2020-13435: Malicious SQL statements could have crashed the\n  process that is running SQLite (bsc#1172091)\n","id":"SUSE-SU-2021:3215-1","modified":"2021-09-23T14:26:45Z","published":"2021-09-23T14:26:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20213215-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157818"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158812"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158958"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158959"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158960"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159491"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159715"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160309"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160438"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160439"},{"type":"REPORT","url":"https://bugzilla.suse.com/1164719"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172091"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172115"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172234"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172236"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172240"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173641"},{"type":"REPORT","url":"https://bugzilla.suse.com/928700"},{"type":"REPORT","url":"https://bugzilla.suse.com/928701"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3414"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3415"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6153"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10989"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-2518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20346"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8740"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16168"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19244"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19317"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19645"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19646"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19880"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19923"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19924"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19925"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19926"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20218"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-8457"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13434"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13630"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13631"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13632"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15358"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-9327"}],"related":["CVE-2015-3414","CVE-2015-3415","CVE-2016-6153","CVE-2017-10989","CVE-2017-2518","CVE-2018-20346","CVE-2018-8740","CVE-2019-16168","CVE-2019-19244","CVE-2019-19317","CVE-2019-19603","CVE-2019-19645","CVE-2019-19646","CVE-2019-19880","CVE-2019-19923","CVE-2019-19924","CVE-2019-19925","CVE-2019-19926","CVE-2019-19959","CVE-2019-20218","CVE-2019-8457","CVE-2020-13434","CVE-2020-13435","CVE-2020-13630","CVE-2020-13631","CVE-2020-13632","CVE-2020-15358","CVE-2020-9327"],"summary":"Security update for sqlite3","upstream":["CVE-2015-3414","CVE-2015-3415","CVE-2016-6153","CVE-2017-10989","CVE-2017-2518","CVE-2018-20346","CVE-2018-8740","CVE-2019-16168","CVE-2019-19244","CVE-2019-19317","CVE-2019-19603","CVE-2019-19645","CVE-2019-19646","CVE-2019-19880","CVE-2019-19923","CVE-2019-19924","CVE-2019-19925","CVE-2019-19926","CVE-2019-19959","CVE-2019-20218","CVE-2019-8457","CVE-2020-13434","CVE-2020-13435","CVE-2020-13630","CVE-2020-13631","CVE-2020-13632","CVE-2020-15358","CVE-2020-9327"]}