Mageia: 2020-0049 Critical: Libsass Use-After-Free and Buffer Overflow

mageia

January 28, 2020

Use-after-free vulnerability in sass_context.cpp:handle_error (CVE-2018-11499)

Summary

Use-after-free vulnerability in sass_context.cpp:handle_error (CVE-2018-11499).
Null pointer dereference in Sass::Selector_List::populate_extends (CVE-2018-19797).
Use-after-free vulnerability exists in the SharedPtr class (CVE-2018-19827).
Stack overflow in Eval::operator() (CVE-2018-19837).
Stack-overflow at IMPLEMENT_AST_OPERATORS expansion (CVE-2018-19838).
Buffer-overflow (OOB read) against some invalid input (CVE-2018-19839).
Null pointer dereference in Sass::Eval::operator() (Sass::Supports_Operator*) (CVE-2018-20190).
Uncontrolled recursion in Sass:Parser:parse_css_variable_value (CVE-2018-20821).
Stack-overflow at Sass::Inspect::operator() (CVE-2018-20822).
Heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (CVE-2019-6283).
Heap-based buffer over-read exists in Sass:Prelexer:alternatives (CVE-2019-6284).
Heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes (CVE-2019-6286).

References

- https://bugs.mageia.org/show_bug.cgi?id=25755

- - https://www.cve.org/CVERecord?id=CVE-2018-11499

- https://www.cve.org/CVERecord?id=CVE-2018-19797

- https://www.cve.org/CVERecord?id=CVE-2018-19827

- https://www.cve.org/CVERecord?id=CVE-2018-19837

- https://www.cve.org/CVERecord?id=CVE-2018-19838

- https://www.cve.org/CVERecord?id=CVE-2018-19839

- https://www.cve.org/CVERecord?id=CVE-2018-20190

- https://www.cve.org/CVERecord?id=CVE-2018-20821

- https://www.cve.org/CVERecord?id=CVE-2018-20822

- https://www.cve.org/CVERecord?id=CVE-2019-6283

- https://www.cve.org/CVERecord?id=CVE-2019-6284

- https://www.cve.org/CVERecord?id=CVE-2019-6286

Topics Covered

security advisory buffer overflow null pointer use-after-free Mageia libsass

Resolution

SRPMS

- 7/core/libsass-3.6.1-1.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 28 Jan 2020

URL: https://advisories.mageia.org/MGASA-2020-0049.html

Type: security

CVE: CVE-2018-11499, CVE-2018-19797, CVE-2018-19827, CVE-2018-19837, CVE-2018-19838, CVE-2018-19839, CVE-2018-20190, CVE-2018-20821, CVE-2018-20822, CVE-2019-6283, CVE-2019-6284, CVE-2019-6286

Topics Covered

security advisory buffer overflow null pointer use-after-free Mageia libsass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0049 Critical: Libsass Use-After-Free and Buffer Overflow

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0049 Critical: Libsass Use-After-Free and Buffer Overflow

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!