安全公告详情

NS-SA-2024-0063

2024-09-03 09:34:50

简介

moderate: sqlite/sip security update

严重级别

moderate

主题

An update for sqlite/sip is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

sqlite:
sip:


Security Fix(es):
sqlite: A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions. This flaw allows an attacker who can execute SQL statements, to crash the application, resulting in a denial of service.(CVE-2020-13435)
sqlite: Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.(CVE-2019-13750)
sqlite: Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.(CVE-2019-13751)
sqlite: SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.(CVE-2019-19603)
sqlite: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2019-5827)
sqlite: bugfix
sip: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality the application availability.(CVE-2021-3481)
sip: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.

影响组件

  • sqlite
  • sip

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["sqlite-devel-3.26.0-16.el8.x86_64.rpm","sqlite-3.26.0-16.el8.x86_64.rpm","sqlite-libs-3.26.0-16.el8.x86_64.rpm"],"source":"sqlite-3.26.0-16.el8.src.rpm"},{"binary":["sip-4.19.24-2.el8.x86_64.rpm"],"source":"sip-4.19.24-2.el8.src.rpm"}]}]}
CGSL MAIN 6.02
  • sqlite-3.26.0-16.el8.src.rpm
    • sqlite-devel-3.26.0-16.el8.x86_64.rpm
    • sqlite-3.26.0-16.el8.x86_64.rpm
    • sqlite-libs-3.26.0-16.el8.x86_64.rpm
  • sip-4.19.24-2.el8.src.rpm
    • sip-4.19.24-2.el8.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108