Bugzilla – Bug 1121038
VUL-0: CVE-2018-17197: tika-core: infinite loop in SQLite3Parser resulting in a denial of service
Last modified: 2019-04-04 22:41:33 UTC
rh#1663925 A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. References: https://bugzilla.redhat.com/show_bug.cgi?id=1663925 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17197 http://seclists.org/oss-sec/2018/q4/272 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17197.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 http://www.securityfocus.com/bid/106293 https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.8 to 1.19.1 Description: A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. Mitigation: Apache Tika users should upgrade to 1.20 or later. Credit: This issue was discovered by Tim Allison on the Apache Tika Team.
tika-core was upgraded to version 1.20 on all relevant projects: https://build.suse.de/package/show/Devel:Galaxy:Manager:3.1/tika-core https://build.suse.de/package/show/Devel:Galaxy:Manager:3.2/tika-core https://build.suse.de/package/show/Devel:Galaxy:Manager:Head:Other/tika-core Updates will be shipped with next maintenance updates.
SUSE-RU-2019:0351-1: An update that has 38 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1089121,1098826,1099988,1104680,1105720,1105791,1110427,1110757,1110772,1111191,1111686,1111910,1111963,1112121,1114029,1114059,1114115,1114268,1114877,1115029,1115978,1116365,1116566,1116610,1116826,1117759,1118112,1118478,1118917,1119233,1119271,1119320,1119727,1119807,1121038,1121424,1122565,987798 CVE References: Sources used: SUSE Manager Server 3.2 (src): release-notes-susemanager-3.2.5-6.21.1 SUSE Manager Proxy 3.2 (src): release-notes-susemanager-proxy-3.2.5-0.16.15.1
SUSE-SU-2019:0341-1: An update that solves one vulnerability and has 41 fixes is now available. Category: security (moderate) Bug References: 1089121,1098826,1099988,1104680,1105720,1105791,1110427,1110757,1110772,1111191,1111686,1111910,1111963,1112121,1114029,1114059,1114115,1114268,1114877,1115029,1115978,1116365,1116566,1116610,1116826,1117759,1118112,1118478,1118917,1119233,1119271,1119320,1119727,1119807,1121038,1121424,1122565,1123902,1123983,1124794,1125097,987798 CVE References: CVE-2018-17197 Sources used: SUSE Manager Server 3.2 (src): branch-network-formula-0.1.1545038754.c983fa6-3.6.13, netty-4.1.8.Final-2.7.4, py26-compat-salt-2016.11.10-6.18.14, python-susemanager-retail-1.0.1544459934.07229ad-2.9.13, saltboot-formula-0.1.1546527519.591e925-3.9.13, smdba-1.6.3-0.3.6.13, spacecmd-2.8.25.8-3.12.13, spacewalk-admin-2.8.4.3-3.3.13, spacewalk-backend-2.8.57.8-3.10.14, spacewalk-branding-2.8.5.13-3.13.14, spacewalk-client-tools-2.8.22.4-3.3.13, spacewalk-java-2.8.78.18-3.21.1, spacewalk-setup-2.8.7.6-3.13.13, spacewalk-utils-2.8.18.4-3.6.13, spacewalk-web-2.8.7.12-3.16.12, subscription-matcher-0.22-4.9.13, susemanager-3.2.15-3.16.13, susemanager-docs_en-3.2-11.15.12, susemanager-schema-3.2.16-3.16.13, susemanager-sls-3.2.20-3.18.1, susemanager-sync-data-3.2.12-3.14.2, tika-core-1.20-3.6.13 SUSE Manager Proxy 3.2 (src): spacewalk-backend-2.8.57.8-3.10.14, spacewalk-client-tools-2.8.22.4-3.3.13, spacewalk-proxy-installer-2.8.6.4-3.6.13, spacewalk-web-2.8.7.12-3.16.12
SUSE-SU-2019:0863-1: An update that solves three vulnerabilities and has 17 fixes is now available. Category: security (moderate) Bug References: 1109316,1111191,1111910,1114029,1114059,1114157,1114169,1117759,1119081,1119964,1121038,1121195,1121856,1122836,1123991,1124639,1126862,1128781,1129765,1130658 CVE References: CVE-2018-10851,CVE-2018-14626,CVE-2018-17197 Sources used: SUSE Manager Server 3.1 (src): cobbler-2.6.6-5.25.1, py26-compat-salt-2016.11.10-1.19.3, spacecmd-2.7.8.15-2.32.1, spacewalk-branding-2.7.2.17-2.31.3, spacewalk-java-2.7.46.19-2.41.3, spacewalk-utils-2.7.10.11-2.23.3, spacewalk-web-2.7.1.21-2.35.1, subscription-matcher-0.22-4.9.2, susemanager-3.1.19-2.34.2, susemanager-docs_en-3.1-10.29.4, susemanager-frontend-libs-3.1.2-3.10.1, susemanager-schema-3.1.21-2.36.1, tika-core-1.20-1.6.2 SUSE Manager Proxy 3.1 (src): spacewalk-web-2.7.1.21-2.35.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:0877-1: An update that has 17 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1109316,1111191,1111910,1114029,1114059,1117759,1119081,1119964,1121038,1121195,1121856,1122836,1123991,1124639,1126862,1128781,1129765 CVE References: Sources used: SUSE Manager Server 3.1 (src): release-notes-susemanager-3.1.11-5.52.1 SUSE Manager Proxy 3.1 (src): release-notes-susemanager-proxy-3.1.11-0.15.38.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.