Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0049)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0049
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0049)
Summary:	The remote host is missing an update for the 'libsass' package(s) announced via the MGASA-2020-0049 advisory.
Description:	Summary: The remote host is missing an update for the 'libsass' package(s) announced via the MGASA-2020-0049 advisory. Vulnerability Insight: Use-after-free vulnerability in sass_context.cpp:handle_error (CVE-2018-11499). Null pointer dereference in Sass::Selector_List::populate_extends (CVE-2018-19797). Use-after-free vulnerability exists in the SharedPtr class (CVE-2018-19827). Stack overflow in Eval::operator() (CVE-2018-19837). Stack-overflow at IMPLEMENT_AST_OPERATORS expansion (CVE-2018-19838). Buffer-overflow (OOB read) against some invalid input (CVE-2018-19839). Null pointer dereference in Sass::Eval::operator() (Sass::Supports_Operator) (CVE-2018-20190). Uncontrolled recursion in Sass:Parser:parse_css_variable_value (CVE-2018-20821). Stack-overflow at Sass::Inspect::operator() (CVE-2018-20822). Heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const) (CVE-2019-6283). Heap-based buffer over-read exists in Sass:Prelexer:alternatives (CVE-2019-6284). Heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes (CVE-2019-6286). Affected Software/OS: 'libsass' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-11499 https://github.com/sass/libsass/issues/2643 SuSE Security Announcement: openSUSE-SU-2019:1791 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html SuSE Security Announcement: openSUSE-SU-2019:1800 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html SuSE Security Announcement: openSUSE-SU-2019:1883 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2018-19797 https://github.com/sass/libsass/issues/2779 Common Vulnerability Exposure (CVE) ID: CVE-2018-19827 https://github.com/sass/libsass/issues/2782 Common Vulnerability Exposure (CVE) ID: CVE-2018-19837 https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f https://github.com/sass/libsass/issues/2659 Common Vulnerability Exposure (CVE) ID: CVE-2018-19838 https://github.com/sass/libsass/issues/2660 Common Vulnerability Exposure (CVE) ID: CVE-2018-19839 https://github.com/sass/libsass/issues/2657 https://github.com/sass/libsass/pull/2767 Common Vulnerability Exposure (CVE) ID: CVE-2018-20190 BugTraq ID: 106232 http://www.securityfocus.com/bid/106232 https://github.com/sass/libsass/issues/2786 Common Vulnerability Exposure (CVE) ID: CVE-2018-20821 https://github.com/sass/libsass/issues/2658 Common Vulnerability Exposure (CVE) ID: CVE-2018-20822 https://github.com/sass/libsass/issues/2671 Common Vulnerability Exposure (CVE) ID: CVE-2019-6283 https://github.com/sass/libsass/issues/2814 Common Vulnerability Exposure (CVE) ID: CVE-2019-6284 https://github.com/sass/libsass/issues/2816 Common Vulnerability Exposure (CVE) ID: CVE-2019-6286 https://github.com/sass/libsass/issues/2815
Copyright	Copyright (C) 2022 Greenbone AG