USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-35525)
It was discovered that SQLite incorrectly handled ALTER TABLE for views that have a nested FROM clause. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-35527)
It was discovered that SQLite incorrectly handled embedded null characters when tokenizing certain unicode strings. This issue could result in incorrect results. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20223)
{ "binaries": [ { "binary_name": "lemon", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "lemon-dbgsym", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-0", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-0-dbg", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-0-dbgsym", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-dev", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-dev-dbgsym", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-tcl", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "libsqlite3-tcl-dbgsym", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "sqlite3", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "sqlite3-dbgsym", "binary_version": "3.8.2-1ubuntu2.2+esm4" }, { "binary_name": "sqlite3-doc", "binary_version": "3.8.2-1ubuntu2.2+esm4" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }