145 lines
5.5 KiB
Text
145 lines
5.5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-19:03.sqlite Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: sqlite update
|
|
|
|
Category: contrib
|
|
Module: sqlite3
|
|
Announced: 2019-01-09
|
|
Credits: Cy Schubert
|
|
Affects: All supported versions of FreeBSD.
|
|
Corrected: 2018-12-21 01:58:01 UTC (stable/12, 12.0-STABLE)
|
|
2019-01-09 18:47:10 UTC (releng/12.0, 12.0-RELEASE-p2)
|
|
2018-12-21 02:04:15 UTC (stable/11, 11.2-STABLE)
|
|
2019-01-09 18:50:27 UTC (releng/11.2, 11.2-RELEASE-p8)
|
|
CVE Name: CVE-2018-20346, CVE-2018-20505, CVE-2018-20506
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
SQLite is an SQL database engine in a C library. Programs that link the
|
|
SQLite library can have SQL database access without running a separate RDBMS
|
|
process. The distribution comes with a standalone command-line access
|
|
program (sqlite3) that can be used to administer an SQLite database and which
|
|
serves as an example of how to use the SQLite library.
|
|
|
|
II. Problem Description
|
|
|
|
According to https://blade.tencent.com/magellan/index_en.html, the
|
|
vulnerabilities known as Magellan are a group vulnerabilities that exist
|
|
in sqlite3, documented by CVE-2018-20346, CVE-2018-20505, and CVE-2018-20506.
|
|
|
|
When the FTS3 extension is enabled an integer overflow resulting in a buffer
|
|
overflow when allowing remote attackers to run arbitrary SQL statements which
|
|
can be leveraged to execute arbitrary code.
|
|
|
|
III. Impact
|
|
|
|
The vulnerabilities were discovered by Tencent Blade Team and verified to be
|
|
able to successfully implement remote code execution in Chromium browsers.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 11.2]
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch.asc
|
|
# gpg --verify sqlite-11.patch.asc
|
|
|
|
[FreeBSD 12.0]
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch.asc
|
|
# gpg --verify sqlite-12.patch.asc
|
|
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r342291
|
|
releng/12.0/ r342895
|
|
stable/11/ r342292
|
|
releng/11.2/ r342896
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://blade.tencent.com/magellan/index_en.html>
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234113>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:03.sqlite.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdFfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cLtJg/9EM0jQbTBrSgVy5X1AyQ2rcFz9KbjtA0L48wOuOLiAh7eeYxh4Wxuz9k1
|
|
QnEJavMbpVr71yhmt6maEAbRzyGUvemDh4vlu0wjcYSlEzcvk7xaRzfXimippxky
|
|
GumFBCvs7UKDIiGRr62ukmxu3FgfEaTM/Cc4bNcuV5k4za+DWIGTu+97i0+B2ieX
|
|
/IZ5hQq42w1YIUY5QOy2vj87rnQf2t+uShcBjRg8HsnPsG9BfQfI8vfuWjjtaKMI
|
|
iva++F5UJWcsykjZo5J3aaZFxnHsW2hs3buQN+AhoEt7oKdGquOHdweSw8xtSlp9
|
|
3Y+qj+veD7u4Mt95OtnYrJOg8Kynlrzg5uMDbNGbyqktbxfpi2gqBbPEVmx2+nGj
|
|
Aj9PDSHMliBZsVKvr1opExfYp4HL0LB9Kqhato08lFxs05TUxiT6LRcel/iXiIfl
|
|
vCqfWhKJYVZ+alAW+Kjic6iWw7AtmVLbV64dDu03jxS/14RtRp1Hbk1BRCrnJeLn
|
|
sLSdFj6bi2mQx6OXAd9G9jhReoxylyZwRXyhPSsPG1E4mzX6ZRbJfnkriSazW4hq
|
|
F+PjTyXidn3uhS6z6CZB08Ltw2NBd3baRl/TQBEiFHd6SSGByqX6gMguK/tQV92U
|
|
uM/Q4Ak4H/Q+nEN8/LdXioW0P7ZEC6X/9GXKWv+bUs6LjcZXftA=
|
|
=TG5W
|
|
-----END PGP SIGNATURE-----
|