Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE: 2019:1800-1 Moderate: libsass Heap Overflow Fixes

opensuse
Calendar Grey July 24, 2019
Dist Opensuse Esm H88
Delve into the latest security enhancement for openSUSE involving libsass, addressing various vulnerabilities proficiently.
An update that fixes 12 vulnerabilities is now available.

Description

This update for libsass to version 3.6.1 fixes the following issues:

Security issues fixed:

- CVE-2019-6283: Fixed heap-buffer-overflow in

Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).

- CVE-2019-6284: Fixed heap-based buffer over-read exists in

Sass:Prelexer:alternatives (boo#1121944).

- CVE-2019-6286: Fixed heap-based buffer over-read exists in

Sass:Prelexer:skip_over_scopes (boo#1121945).

- CVE-2018-11499: Fixed use-after-free vulnerability in

sass_context.cpp:handle_error (boo#1096894).

- CVE-2018-19797: Disallowed parent selector in selector_fns arguments

(boo#1118301).

- CVE-2018-19827: Fixed use-after-free vulnerability exists in the

SharedPtr class (boo#1118346).

- CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).

- CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS

expansion (boo#1118349).

- CVE-2018-19839: Fixed buffer-overflow (OOB read) against some...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate heap overflow openSUSE Backports libsass

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1800=1

Package List

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

libsass-3_6_1-1-3.6.1-bp150.3.3.1

libsass-devel-3.6.1-bp150.3.3.1

References

https://www.suse.com/security/cve/CVE-2018-11499.html

https://www.suse.com/security/cve/CVE-2018-19797.html

https://www.suse.com/security/cve/CVE-2018-19827.html

https://www.suse.com/security/cve/CVE-2018-19837.html

https://www.suse.com/security/cve/CVE-2018-19838.html

https://www.suse.com/security/cve/CVE-2018-19839.html

https://www.suse.com/security/cve/CVE-2018-20190.html

https://www.suse.com/security/cve/CVE-2018-20821.html

https://www.suse.com/security/cve/CVE-2018-20822.html

https://www.suse.com/security/cve/CVE-2019-6283.html

https://www.suse.com/security/cve/CVE-2019-6284.html

https://www.suse.com/security/cve/CVE-2019-6286.html

https://bugzilla.suse.com/1096894

https://bugzilla.suse.com/1118301

https://bugzilla.suse.com/1118346

https://bugzilla.suse.com/1118348

https://bugzilla.suse.com/1118349

https://bugzilla.suse.com/1118351

https://bugzilla.suse.com/1119789

https://bugzilla.suse.com/1121943

https://bugzilla.suse.com/1121944

https://bugzilla.suse.com/1121945

https://bugzilla.suse.com/1133200

http...

Read the Full Advisory

Announcement ID: openSUSE-SU-2019:1800-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15

Topics%20covered

Topics Covered

security advisory moderate heap overflow openSUSE Backports libsass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here