openSUSE-SU-2019:1883-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1883-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:1883-1
Related
Published
2019-08-14T10:51:26Z
Modified
2019-08-14T10:51:26Z
Summary
Security update for libsass
Details

This update for libsass to version 3.6.1 fixes the following issues:

Security issues fixed:

  • CVE-2019-6283: Fixed heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (boo#1121943).
  • CVE-2019-6284: Fixed heap-based buffer over-read exists in Sass:Prelexer:alternatives (boo#1121944).
  • CVE-2019-6286: Fixed heap-based buffer over-read exists in Sass:Prelexer:skipoverscopes (boo#1121945).
  • CVE-2018-11499: Fixed use-after-free vulnerability in sasscontext.cpp:handleerror (boo#1096894).
  • CVE-2018-19797: Disallowed parent selector in selector_fns arguments (boo#1118301).
  • CVE-2018-19827: Fixed use-after-free vulnerability exists in the SharedPtr class (boo#1118346).
  • CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348).
  • CVE-2018-19838: Fixed stack-overflow at IMPLEMENTASTOPERATORS expansion (boo#1118349).
  • CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid input (boo#1118351).
  • CVE-2018-20190: Fixed Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789).
  • CVE-2018-20821: Fixed uncontrolled recursion in Sass:Parser:parsecssvariable_value (boo#1133200).
  • CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator() (boo#1133201).

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / libsass

Package

Name
libsass
Purl
pkg:rpm/suse/libsass&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.1-bp151.4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libsass-devel": "3.6.1-bp151.4.3.1",
            "libsass-3_6_1-1": "3.6.1-bp151.4.3.1"
        }
    ]
}