openSUSE: 2019:1883-1: moderate: libsass

    Date14 Aug 2019
    CategoryopenSUSE
    214
    Posted ByLinuxSecurity Advisories
    An update that fixes 12 vulnerabilities is now available.
       openSUSE Security Update: Security update for libsass
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1883-1
    Rating:             moderate
    References:         #1096894 #1118301 #1118346 #1118348 #1118349 
                        #1118351 #1119789 #1121943 #1121944 #1121945 
                        #1133200 #1133201 
    Cross-References:   CVE-2018-11499 CVE-2018-19797 CVE-2018-19827
                        CVE-2018-19837 CVE-2018-19838 CVE-2018-19839
                        CVE-2018-20190 CVE-2018-20821 CVE-2018-20822
                        CVE-2019-6283 CVE-2019-6284 CVE-2019-6286
                       
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes 12 vulnerabilities is now available.
    
    Description:
    
       This update for libsass to version 3.6.1 fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2019-6283: Fixed heap-buffer-overflow in
         Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).
       - CVE-2019-6284: Fixed heap-based buffer over-read exists in
         Sass:Prelexer:alternatives (boo#1121944).
       - CVE-2019-6286: Fixed heap-based buffer over-read exists in
         Sass:Prelexer:skip_over_scopes (boo#1121945).
       - CVE-2018-11499: Fixed use-after-free vulnerability in
         sass_context.cpp:handle_error (boo#1096894).
       - CVE-2018-19797: Disallowed parent selector in selector_fns arguments
         (boo#1118301).
       - CVE-2018-19827: Fixed use-after-free vulnerability exists in the
         SharedPtr class (boo#1118346).
       - CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).
       - CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS
         expansion (boo#1118349).
       - CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid
         input (boo#1118351).
       - CVE-2018-20190: Fixed Null pointer dereference in
         Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789).
       - CVE-2018-20821: Fixed uncontrolled recursion in
         Sass:Parser:parse_css_variable_value (boo#1133200).
       - CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator()
         (boo#1133201).
    
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-1883=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          libsass-3_6_1-1-3.6.1-bp151.4.3.1
          libsass-devel-3.6.1-bp151.4.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-11499.html
       https://www.suse.com/security/cve/CVE-2018-19797.html
       https://www.suse.com/security/cve/CVE-2018-19827.html
       https://www.suse.com/security/cve/CVE-2018-19837.html
       https://www.suse.com/security/cve/CVE-2018-19838.html
       https://www.suse.com/security/cve/CVE-2018-19839.html
       https://www.suse.com/security/cve/CVE-2018-20190.html
       https://www.suse.com/security/cve/CVE-2018-20821.html
       https://www.suse.com/security/cve/CVE-2018-20822.html
       https://www.suse.com/security/cve/CVE-2019-6283.html
       https://www.suse.com/security/cve/CVE-2019-6284.html
       https://www.suse.com/security/cve/CVE-2019-6286.html
       https://bugzilla.suse.com/1096894
       https://bugzilla.suse.com/1118301
       https://bugzilla.suse.com/1118346
       https://bugzilla.suse.com/1118348
       https://bugzilla.suse.com/1118349
       https://bugzilla.suse.com/1118351
       https://bugzilla.suse.com/1119789
       https://bugzilla.suse.com/1121943
       https://bugzilla.suse.com/1121944
       https://bugzilla.suse.com/1121945
       https://bugzilla.suse.com/1133200
       https://bugzilla.suse.com/1133201
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.