Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE: 2019:1883-1 Moderate: Libsass Buffer Overflow Fix

opensuse
Calendar Grey August 14, 2019
Dist Opensuse Esm H88
Fixes 12 security issues in libsass for openSUSE Backports SLE-15-SP1 that enhance system safety and performance.
An update that fixes 12 vulnerabilities is now available.

Description

This update for libsass to version 3.6.1 fixes the following issues:

Security issues fixed:

- CVE-2019-6283: Fixed heap-buffer-overflow in

Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).

- CVE-2019-6284: Fixed heap-based buffer over-read exists in

Sass:Prelexer:alternatives (boo#1121944).

- CVE-2019-6286: Fixed heap-based buffer over-read exists in

Sass:Prelexer:skip_over_scopes (boo#1121945).

- CVE-2018-11499: Fixed use-after-free vulnerability in

sass_context.cpp:handle_error (boo#1096894).

- CVE-2018-19797: Disallowed parent selector in selector_fns arguments

(boo#1118301).

- CVE-2018-19827: Fixed use-after-free vulnerability exists in the

SharedPtr class (boo#1118346).

- CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).

- CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS

expansion (boo#1118349).

- CVE-2018-19839: Fixed buffer-overflow (OOB read) against some...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue buffer overflow moderate severity heap overflow openSUSE sass update

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2019-1883=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

libsass-3_6_1-1-3.6.1-bp151.4.3.1

libsass-devel-3.6.1-bp151.4.3.1

References

https://www.suse.com/security/cve/CVE-2018-11499.html

https://www.suse.com/security/cve/CVE-2018-19797.html

https://www.suse.com/security/cve/CVE-2018-19827.html

https://www.suse.com/security/cve/CVE-2018-19837.html

https://www.suse.com/security/cve/CVE-2018-19838.html

https://www.suse.com/security/cve/CVE-2018-19839.html

https://www.suse.com/security/cve/CVE-2018-20190.html

https://www.suse.com/security/cve/CVE-2018-20821.html

https://www.suse.com/security/cve/CVE-2018-20822.html

https://www.suse.com/security/cve/CVE-2019-6283.html

https://www.suse.com/security/cve/CVE-2019-6284.html

https://www.suse.com/security/cve/CVE-2019-6286.html

https://bugzilla.suse.com/1096894

https://bugzilla.suse.com/1118301

https://bugzilla.suse.com/1118346

https://bugzilla.suse.com/1118348

https://bugzilla.suse.com/1118349

https://bugzilla.suse.com/1118351

https://bugzilla.suse.com/1119789

https://bugzilla.suse.com/1121943

https://bugzilla.suse.com/1121944

https://bugzilla.suse.com/1121945

https://bugzilla.suse.com/1133200

http...

Read the Full Advisory

Announcement ID: openSUSE-SU-2019:1883-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP1

Topics%20covered

Topics Covered

security advisory security issue buffer overflow moderate severity heap overflow openSUSE sass update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here