50e8194e4a
Fixes the following CVEs:
- CVE-2019-19923 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service condition because of a NULL
pointer dereferencing while handling `SELECT DISTINCT`statements.
- CVE-2019-19924 (Fixed in 3.31.0)
The SQLite mishandles certain SQL commands due to improper error
handling by ` sqlite3WindowRewrite() ` function.
- CVE-2020-13435 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of query rewriting. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-13632 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper pointer
management in the FTS3 virtual table module. An attacker could exploit
this vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13434 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of floating-point operations. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13871 (Fixed in 3.32.3)
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
- CVE-2020-13630 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to a use after free
issue in the FTS3 virtual table module. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-15358 (Fixed in 3.32.3)
SQLite is vulnerable to a heap-based buffer overflow flaw in part of an
optimization feature. An attacker able to issue specially crafted
queries could cause the application to crash, resulting in a
denial-of-service (DoS).
- CVE-2020-9327 (Fixed in 3.32.0)
SQLite is vulnerable to a Null pointer dereference flaw. A remote
attacker able to issue specially crafted SQL statements may be able to
cause a segmentation fault and application crash, resulting in a
denial-of-service (DoS).
- CVE-2019-19645 (Fixed in 3.31.0)
It was discovered that SQLite contains an denial-of-service (DoS)
vulnerability. An attacker could exploit this to trigger an infinite
recursion resulting in excessive resource consumption leading to a DoS
condition.
- CVE-2019-19926 (Fixed in 3.31.0)
The SQLite allows denial-of-service attack due to improper input
validation of user-supplied input.
- CVE-2020-11655 (Fixed in 3.32.0)
SQLite contains a memory corruption vulnerability. Successfully
exploiting this issue may allow attackers to cause a denial-of-service
(DoS). This allows an attacker to cause SQLite to crash by issuing a
crafted SQL query to the database.
- CVE-2019-19925 (Fixed in 3.31.0)
The INSERT statement fails when the zip file path is `NULL`.
- CVE-2019-19242 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying a maliciously crafted query to
cause an application crash.
- CVE-2019-19244 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service. An attacker could exploit
this vulnerability by providing a crafted SELECT statement to the SQL
server, resulting in an application crash.
- CVE-2020-13631 (Fixed in 3.32.0)
SQLite is vulnerable to data manipulation due to improper management of
virtual tables. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-11656 (Fixed in 3.32.0)
SQLite contains a Use-After-Free vulnerability. Successfully exploiting
this issue may allow attackers to cause a denial-of-service (DoS). This
allows an attacker to cause SQLite to crash by issuing a crafted SQL
query to the database.
- CVE-2019-19880 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of memory resources. A remote attacker could cause a victim's instance
of the application to crash by submitting crafted request that will lead
to the application parsing problematic integer values.
- CVE-2019-20218 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper
exception handling which could lead to unwinding of the `WITH` stack
following parsing errors. An attacker could exploit this vulnerability
by supplying a system with maliciously crafted input.
- CVE-2019-19603 (Fixed in 3.31.0)
It was discovered that SQLite contains a denial-of-service (DoS)
vulnerability. An authenticated attacker could exploit this
vulnerability by creating tables with the same name as shadow table
names.
- CVE-2019-19959 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of system memory resources. A remote attacker could cause a victim's
instance of the application to crash by causing it to process a SQL
statement that references a maliciously crafted file name.
- CVE-2019-19646 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying malicious SQL in order to crash
the application.
- CVE-2019-19317 (Fixed in 3.31.0)
SQLite contains a denial-of-service (DoS) vulnerability due to incorrect
logic in name lookups. An attacker could exploit this to cause a
application crash.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
CC: Peter Korsgard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit
|
||
|---|---|---|
| arch | ||
| board | ||
| boot | ||
| configs | ||
| docs | ||
| fs | ||
| linux | ||
| package | ||
| support | ||
| system | ||
| toolchain | ||
| utils | ||
| .defconfig | ||
| .flake8 | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .gitlab-ci.yml.in | ||
| CHANGES | ||
| Config.in | ||
| Config.in.legacy | ||
| COPYING | ||
| DEVELOPERS | ||
| Makefile | ||
| Makefile.legacy | ||
| README | ||
Buildroot is a simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation. The documentation can be found in docs/manual. You can generate a text document with 'make manual-text' and read output/docs/manual/manual.text. Online documentation can be found at http://buildroot.org/docs.html To build and use the buildroot stuff, do the following: 1) run 'make menuconfig' 2) select the target architecture and the packages you wish to compile 3) run 'make' 4) wait while it compiles 5) find the kernel, bootloader, root filesystem, etc. in output/images You do not need to be root to build or run buildroot. Have fun! Buildroot comes with a basic configuration for a number of boards. Run 'make list-defconfigs' to view the list of provided configurations. Please feed suggestions, bug reports, insults, and bribes back to the buildroot mailing list: buildroot@buildroot.org You can also find us on #buildroot on Freenode IRC. If you would like to contribute patches, please read https://buildroot.org/manual.html#submitting-patches