Security update for sqlite3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1159-1 Final 1 1 2019-04-05T10:06:24Z current 2019-04-05T10:06:24Z 2019-04-05T10:06:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sqlite3 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1159 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html E-Mail link for openSUSE-SU-2019:1159-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1119687 SUSE Bug 1119687 https://www.suse.com/security/cve/CVE-2018-20346/ SUSE CVE CVE-2018-20346 page openSUSE Leap 15.0 libsqlite3-0-3.27.2-lp150.2.3.1 libsqlite3-0-32bit-3.27.2-lp150.2.3.1 sqlite3-3.27.2-lp150.2.3.1 sqlite3-devel-3.27.2-lp150.2.3.1 sqlite3-doc-3.27.2-lp150.2.3.1 libsqlite3-0-3.27.2-lp150.2.3.1 as a component of openSUSE Leap 15.0 libsqlite3-0-32bit-3.27.2-lp150.2.3.1 as a component of openSUSE Leap 15.0 sqlite3-3.27.2-lp150.2.3.1 as a component of openSUSE Leap 15.0 sqlite3-devel-3.27.2-lp150.2.3.1 as a component of openSUSE Leap 15.0 sqlite3-doc-3.27.2-lp150.2.3.1 as a component of openSUSE Leap 15.0 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. CVE-2018-20346 openSUSE Leap 15.0:libsqlite3-0-3.27.2-lp150.2.3.1 openSUSE Leap 15.0:libsqlite3-0-32bit-3.27.2-lp150.2.3.1 openSUSE Leap 15.0:sqlite3-3.27.2-lp150.2.3.1 openSUSE Leap 15.0:sqlite3-devel-3.27.2-lp150.2.3.1 openSUSE Leap 15.0:sqlite3-doc-3.27.2-lp150.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html https://www.suse.com/security/cve/CVE-2018-20346.html CVE-2018-20346 https://bugzilla.suse.com/1119687 SUSE Bug 1119687 https://bugzilla.suse.com/1120335 SUSE Bug 1120335 https://bugzilla.suse.com/1131576 SUSE Bug 1131576 https://bugzilla.suse.com/1131918 SUSE Bug 1131918 https://bugzilla.suse.com/1131919 SUSE Bug 1131919 https://bugzilla.suse.com/1148893 SUSE Bug 1148893 https://bugzilla.suse.com/1169664 SUSE Bug 1169664