Security update for libsass SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1791-1 Final 1 1 2019-07-23T11:22:02Z current 2019-07-23T11:22:02Z 2019-07-23T11:22:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsass This update for libsass to version 3.6.1 fixes the following issues: Security issues fixed: - CVE-2019-6283: Fixed heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (boo#1121943). - CVE-2019-6284: Fixed heap-based buffer over-read exists in Sass:Prelexer:alternatives (boo#1121944). - CVE-2019-6286: Fixed heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes (boo#1121945). - CVE-2018-11499: Fixed use-after-free vulnerability in sass_context.cpp:handle_error (boo#1096894). - CVE-2018-19797: Disallowed parent selector in selector_fns arguments (boo#1118301). - CVE-2018-19827: Fixed use-after-free vulnerability exists in the SharedPtr class (boo#1118346). - CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348). - CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS expansion (boo#1118349). - CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid input (boo#1118351). - CVE-2018-20190: Fixed Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789). - CVE-2018-20821: Fixed uncontrolled recursion in Sass:Parser:parse_css_variable_value (boo#1133200). - CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator() (boo#1133201). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1791 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html E-Mail link for openSUSE-SU-2019:1791-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1096894 SUSE Bug 1096894 https://bugzilla.suse.com/1118301 SUSE Bug 1118301 https://bugzilla.suse.com/1118346 SUSE Bug 1118346 https://bugzilla.suse.com/1118348 SUSE Bug 1118348 https://bugzilla.suse.com/1118349 SUSE Bug 1118349 https://bugzilla.suse.com/1118351 SUSE Bug 1118351 https://bugzilla.suse.com/1119789 SUSE Bug 1119789 https://bugzilla.suse.com/1121943 SUSE Bug 1121943 https://bugzilla.suse.com/1121944 SUSE Bug 1121944 https://bugzilla.suse.com/1121945 SUSE Bug 1121945 https://bugzilla.suse.com/1133200 SUSE Bug 1133200 https://bugzilla.suse.com/1133201 SUSE Bug 1133201 https://www.suse.com/security/cve/CVE-2018-11499/ SUSE CVE CVE-2018-11499 page https://www.suse.com/security/cve/CVE-2018-19797/ SUSE CVE CVE-2018-19797 page https://www.suse.com/security/cve/CVE-2018-19827/ SUSE CVE CVE-2018-19827 page https://www.suse.com/security/cve/CVE-2018-19837/ SUSE CVE CVE-2018-19837 page https://www.suse.com/security/cve/CVE-2018-19838/ SUSE CVE CVE-2018-19838 page https://www.suse.com/security/cve/CVE-2018-19839/ SUSE CVE CVE-2018-19839 page https://www.suse.com/security/cve/CVE-2018-20190/ SUSE CVE CVE-2018-20190 page https://www.suse.com/security/cve/CVE-2018-20821/ SUSE CVE CVE-2018-20821 page https://www.suse.com/security/cve/CVE-2018-20822/ SUSE CVE CVE-2018-20822 page https://www.suse.com/security/cve/CVE-2019-6283/ SUSE CVE CVE-2019-6283 page https://www.suse.com/security/cve/CVE-2019-6284/ SUSE CVE CVE-2019-6284 page https://www.suse.com/security/cve/CVE-2019-6286/ SUSE CVE CVE-2019-6286 page openSUSE Leap 15.0 openSUSE Leap 15.1 libsass-3_6_1-1-3.6.1-lp151.3.3.1 libsass-devel-3.6.1-lp151.3.3.1 libsass-3_6_1-1-3.6.1-lp151.3.3.1 as a component of openSUSE Leap 15.0 libsass-devel-3.6.1-lp151.3.3.1 as a component of openSUSE Leap 15.0 libsass-3_6_1-1-3.6.1-lp151.3.3.1 as a component of openSUSE Leap 15.1 libsass-devel-3.6.1-lp151.3.3.1 as a component of openSUSE Leap 15.1 A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. CVE-2018-11499 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-11499.html CVE-2018-11499 https://bugzilla.suse.com/1096894 SUSE Bug 1096894 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. CVE-2018-19797 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-19797.html CVE-2018-19797 https://bugzilla.suse.com/1118301 SUSE Bug 1118301 In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-19827 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-19827.html CVE-2018-19827 https://bugzilla.suse.com/1118346 SUSE Bug 1118346 In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. CVE-2018-19837 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-19837.html CVE-2018-19837 https://bugzilla.suse.com/1118348 SUSE Bug 1118348 In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). CVE-2018-19838 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-19838.html CVE-2018-19838 https://bugzilla.suse.com/1118349 SUSE Bug 1118349 In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. CVE-2018-19839 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-19839.html CVE-2018-19839 https://bugzilla.suse.com/1118351 SUSE Bug 1118351 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file. CVE-2018-20190 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-20190.html CVE-2018-20190 https://bugzilla.suse.com/1119789 SUSE Bug 1119789 The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). CVE-2018-20821 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-20821.html CVE-2018-20821 https://bugzilla.suse.com/1133200 SUSE Bug 1133200 LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). CVE-2018-20822 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2018-20822.html CVE-2018-20822 https://bugzilla.suse.com/1133201 SUSE Bug 1133201 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. CVE-2019-6283 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2019-6283.html CVE-2019-6283 https://bugzilla.suse.com/1121943 SUSE Bug 1121943 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. CVE-2019-6284 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2019-6284.html CVE-2019-6284 https://bugzilla.suse.com/1121944 SUSE Bug 1121944 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. CVE-2019-6286 openSUSE Leap 15.0:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.0:libsass-devel-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-3_6_1-1-3.6.1-lp151.3.3.1 openSUSE Leap 15.1:libsass-devel-3.6.1-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html https://www.suse.com/security/cve/CVE-2019-6286.html CVE-2019-6286 https://bugzilla.suse.com/1121945 SUSE Bug 1121945