Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.x: 2019:1791-1 Moderate: libsass Buffer Overflow Issues

opensuse
Calendar Grey July 23, 2019
Dist Opensuse Esm H88
This update for openSUSE addresses 15 vulnerabilities in libssh, improving both system security and reliability.
An update that fixes 12 vulnerabilities is now available.

Description

This update for libsass to version 3.6.1 fixes the following issues:

Security issues fixed:

- CVE-2019-6283: Fixed heap-buffer-overflow in

Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).

- CVE-2019-6284: Fixed heap-based buffer over-read exists in

Sass:Prelexer:alternatives (boo#1121944).

- CVE-2019-6286: Fixed heap-based buffer over-read exists in

Sass:Prelexer:skip_over_scopes (boo#1121945).

- CVE-2018-11499: Fixed use-after-free vulnerability in

sass_context.cpp:handle_error (boo#1096894).

- CVE-2018-19797: Disallowed parent selector in selector_fns arguments

(boo#1118301).

- CVE-2018-19827: Fixed use-after-free vulnerability exists in the

SharedPtr class (boo#1118346).

- CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).

- CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS

expansion (boo#1118349).

- CVE-2018-19839: Fixed buffer-overflow (OOB read) against some...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate buffer overflow patch heap overflow openSUSE libsass

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1791=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1791=1

Package List

- openSUSE Leap 15.1 (x86_64):

libsass-3_6_1-1-3.6.1-lp151.3.3.1

libsass-3_6_1-1-debuginfo-3.6.1-lp151.3.3.1

libsass-debugsource-3.6.1-lp151.3.3.1

libsass-devel-3.6.1-lp151.3.3.1

- openSUSE Leap 15.0 (x86_64):

libsass-3_6_1-1-3.6.1-lp150.2.3.1

libsass-3_6_1-1-debuginfo-3.6.1-lp150.2.3.1

libsass-debugsource-3.6.1-lp150.2.3.1

libsass-devel-3.6.1-lp150.2.3.1

References

https://www.suse.com/security/cve/CVE-2018-11499.html

https://www.suse.com/security/cve/CVE-2018-19797.html

https://www.suse.com/security/cve/CVE-2018-19827.html

https://www.suse.com/security/cve/CVE-2018-19837.html

https://www.suse.com/security/cve/CVE-2018-19838.html

https://www.suse.com/security/cve/CVE-2018-19839.html

https://www.suse.com/security/cve/CVE-2018-20190.html

https://www.suse.com/security/cve/CVE-2018-20821.html

https://www.suse.com/security/cve/CVE-2018-20822.html

https://www.suse.com/security/cve/CVE-2019-6283.html

https://www.suse.com/security/cve/CVE-2019-6284.html

https://www.suse.com/security/cve/CVE-2019-6286.html

https://bugzilla.suse.com/1096894

https://bugzilla.suse.com/1118301

https://bugzilla.suse.com/1118346

https://bugzilla.suse.com/1118348

https://bugzilla.suse.com/1118349

https://bugzilla.suse.com/1118351

https://bugzilla.suse.com/1119789

https://bugzilla.suse.com/1121943

https://bugzilla.suse.com/1121944

https://bugzilla.suse.com/1121945

https://bugzilla.suse.com/1133200

http...

Read the Full Advisory

Announcement ID: openSUSE-SU-2019:1791-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory moderate buffer overflow patch heap overflow openSUSE libsass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here