Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1212353 - (CVE-2015-3414) CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150331,repor...
: Security
Depends On: 1212360 1244731 1244732
Blocks: 1212358
  Show dependency treegraph
 
Reported: 2015-04-16 05:05 EDT by Vasyl Kaigorodov
Modified: 2015-11-05 04:14 EST (History)
8 users (show)

See Also:
Fixed In Version: SQLite 3.8.9
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-17 08:26:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Backported upstream patch for RHEL7 (6.91 KB, patch)
2015-07-23 05:25 EDT, Jan Staněk 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1635 normal SHIPPED_LIVE Moderate: sqlite security update 2015-08-17 11:44:43 EDT

  None (edit)
Description Vasyl Kaigorodov 2015-04-16 05:05:13 EDT 
It was reported that SQLite was was using uninitialized memory when parsing collation sequences.
This issue was fixed by following upstream commit:

https://www.sqlite.org/src/info/eddc05e7bb31fae7

More information about this issue can be found in the links below:
http://www.securityfocus.com/archive/1/535269
http://lcamtuf.blogspot.fr/2015/04/finding-bugs-in-sqlite-easy-way.html
Comment 1 Jan Staněk 2015-04-16 05:19:03 EDT 
The issue is fixed in the latest upstream release, which is currently in updates-testing for F20 and newer.
Comment 2 Vasyl Kaigorodov 2015-04-16 05:20:17 EDT 
Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1212360]
Comment 3 Fedora Update System 2015-04-22 18:46:06 EDT 
spatialite-tools-4.2.0-10.fc21, sqlite-3.8.9-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2015-04-23 12:09:07 EDT 
spatialite-tools-4.2.0-10.fc22, sqlite-3.8.9-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2015-04-26 08:56:47 EDT 
spatialite-tools-4.1.1-12.fc20, sqlite-3.8.9-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Vasyl Kaigorodov 2015-04-28 09:34:33 EDT 
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-3414 to
the following vulnerability:

Name: CVE-2015-3414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
Assigned: 20150424
Reference: https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2

SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to
cause a denial of service (uninitialized memory access and application
crash) or possibly have unspecified other impact via a crafted COLLATE
clause, as demonstrated by COLLATE"""""""" at the end of a SELECT
statement.
Comment 9 Siddharth Sharma 2015-07-03 05:03:04 EDT 
RHEL 5 and 6 are *NOT affected by this flaw as the code affected by this CVE is not present in the sqlite package shipped for these products.
Comment 12 Jan Staněk 2015-07-23 05:25:49 EDT 
Created attachment 1055262 [details]
Backported upstream patch for RHEL7
Comment 13 errata-xmlrpc 2015-08-17 07:45:11 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1635 https://rhn.redhat.com/errata/RHSA-2015-1635.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.