Описание
Security update for libsass
This update for libsass fixes the following DoS vulnerabilities:
- CVE-2017-11554: Stack consumption vulnerability allowed remote DoS via crafted input (1050148)
- CVE-2017-11555: Illegal address access in Eval::operator allowed remote DoS via crafted input (boo#1050149)
- CVE-2017-11556: Stack consumption vulnerability allowed remote DoS via crafted input (boo#1050150)
- CVE-2017-11605: Heap based buffer over-read allowed remote DoS via crafted input (boo#1050151)
- CVE-2017-11608: Heap-based buffer over-read allowed remote DoS via crafted input (boo#1050380)
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2939-1
- SUSE Security Ratings
Описание
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Затронутые продукты
Ссылки
- CVE-2017-11554
- SUSE Bug 1050148
Описание
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Затронутые продукты
Ссылки
- CVE-2017-11555
- SUSE Bug 1050149
Описание
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.
Затронутые продукты
Ссылки
- CVE-2017-11556
- SUSE Bug 1050150
Описание
There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-11605
- SUSE Bug 1050151
Описание
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-11608
- SUSE Bug 1050380