ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0049
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0049)
Resumen:	The remote host is missing an update for the 'libsass' package(s) announced via the MGASA-2020-0049 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libsass' package(s) announced via the MGASA-2020-0049 advisory. Vulnerability Insight: Use-after-free vulnerability in sass_context.cpp:handle_error (CVE-2018-11499). Null pointer dereference in Sass::Selector_List::populate_extends (CVE-2018-19797). Use-after-free vulnerability exists in the SharedPtr class (CVE-2018-19827). Stack overflow in Eval::operator() (CVE-2018-19837). Stack-overflow at IMPLEMENT_AST_OPERATORS expansion (CVE-2018-19838). Buffer-overflow (OOB read) against some invalid input (CVE-2018-19839). Null pointer dereference in Sass::Eval::operator() (Sass::Supports_Operator*) (CVE-2018-20190). Uncontrolled recursion in Sass:Parser:parse_css_variable_value (CVE-2018-20821). Stack-overflow at Sass::Inspect::operator() (CVE-2018-20822). Heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (CVE-2019-6283). Heap-based buffer over-read exists in Sass:Prelexer:alternatives (CVE-2019-6284). Heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes (CVE-2019-6286). Affected Software/OS: 'libsass' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-11499 https://github.com/sass/libsass/issues/2643 SuSE Security Announcement: openSUSE-SU-2019:1791 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html SuSE Security Announcement: openSUSE-SU-2019:1800 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html SuSE Security Announcement: openSUSE-SU-2019:1883 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2018-19797 https://github.com/sass/libsass/issues/2779 Common Vulnerability Exposure (CVE) ID: CVE-2018-19827 https://github.com/sass/libsass/issues/2782 Common Vulnerability Exposure (CVE) ID: CVE-2018-19837 https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f https://github.com/sass/libsass/issues/2659 Common Vulnerability Exposure (CVE) ID: CVE-2018-19838 https://github.com/sass/libsass/issues/2660 Common Vulnerability Exposure (CVE) ID: CVE-2018-19839 https://github.com/sass/libsass/issues/2657 https://github.com/sass/libsass/pull/2767 Common Vulnerability Exposure (CVE) ID: CVE-2018-20190 BugTraq ID: 106232 http://www.securityfocus.com/bid/106232 https://github.com/sass/libsass/issues/2786 Common Vulnerability Exposure (CVE) ID: CVE-2018-20821 https://github.com/sass/libsass/issues/2658 Common Vulnerability Exposure (CVE) ID: CVE-2018-20822 https://github.com/sass/libsass/issues/2671 Common Vulnerability Exposure (CVE) ID: CVE-2019-6283 https://github.com/sass/libsass/issues/2814 Common Vulnerability Exposure (CVE) ID: CVE-2019-6284 https://github.com/sass/libsass/issues/2816 Common Vulnerability Exposure (CVE) ID: CVE-2019-6286 https://github.com/sass/libsass/issues/2815
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.