Описание
Security update for libsass
This update for libsass to version 3.6.1 fixes the following issues:
Security issues fixed:
- CVE-2019-6283: Fixed heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).
- CVE-2019-6284: Fixed heap-based buffer over-read exists in Sass:Prelexer:alternatives (boo#1121944).
- CVE-2019-6286: Fixed heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes (boo#1121945).
- CVE-2018-11499: Fixed use-after-free vulnerability in sass_context.cpp:handle_error (boo#1096894).
- CVE-2018-19797: Disallowed parent selector in selector_fns arguments (boo#1118301).
- CVE-2018-19827: Fixed use-after-free vulnerability exists in the SharedPtr class (boo#1118346).
- CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).
- CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS expansion (boo#1118349).
- CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid input (boo#1118351).
- CVE-2018-20190: Fixed Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789).
- CVE-2018-20821: Fixed uncontrolled recursion in Sass:Parser:parse_css_variable_value (boo#1133200).
- CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator() (boo#1133201).
Список пакетов
openSUSE Leap 15.0
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1791-1
- SUSE Security Ratings
- SUSE Bug 1096894
- SUSE Bug 1118301
- SUSE Bug 1118346
- SUSE Bug 1118348
- SUSE Bug 1118349
- SUSE Bug 1118351
- SUSE Bug 1119789
- SUSE Bug 1121943
- SUSE Bug 1121944
- SUSE Bug 1121945
- SUSE Bug 1133200
- SUSE Bug 1133201
- SUSE CVE CVE-2018-11499 page
- SUSE CVE CVE-2018-19797 page
- SUSE CVE CVE-2018-19827 page
- SUSE CVE CVE-2018-19837 page
- SUSE CVE CVE-2018-19838 page
- SUSE CVE CVE-2018-19839 page
Описание
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-11499
- SUSE Bug 1096894
Описание
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Затронутые продукты
Ссылки
- CVE-2018-19797
- SUSE Bug 1118301
Описание
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-19827
- SUSE Bug 1118346
Описание
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
Затронутые продукты
Ссылки
- CVE-2018-19837
- SUSE Bug 1118348
Описание
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Затронутые продукты
Ссылки
- CVE-2018-19838
- SUSE Bug 1118349
Описание
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Затронутые продукты
Ссылки
- CVE-2018-19839
- SUSE Bug 1118351
Описание
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Затронутые продукты
Ссылки
- CVE-2018-20190
- SUSE Bug 1119789
Описание
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Затронутые продукты
Ссылки
- CVE-2018-20821
- SUSE Bug 1133200
Описание
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Затронутые продукты
Ссылки
- CVE-2018-20822
- SUSE Bug 1133201
Описание
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Затронутые продукты
Ссылки
- CVE-2019-6283
- SUSE Bug 1121943
Описание
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Затронутые продукты
Ссылки
- CVE-2019-6284
- SUSE Bug 1121944
Описание
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Затронутые продукты
Ссылки
- CVE-2019-6286
- SUSE Bug 1121945