摘要:
libsass security update
安全等级: High
公告ID: KylinSec-SA-2024-1027
发布日期: 2024年1月5日
Libsass is a Sass CSS precompiler which is ported for C/C++. This version is more efficient and portable than the original Ruby version. Keeping light and sample is its degisn philosophy which makes it more easier to be built and integrated with a immense amount of platforms and languages. Installation of saccs is needed if you want to run is directly as libsass is just a library.
Security Fix(es):
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.(CVE-2022-26592)
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357)
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-26592 | KY3.4-4A | libsass | Fixed |
| CVE-2022-26592 | KY3.4-5A | libsass | Fixed |
| CVE-2022-26592 | KY3.5.1 | libsass | Fixed |
| CVE-2022-26592 | KY3.5.2 | libsass | Fixed |
| CVE-2022-43357 | KY3.4-4A | libsass | Fixed |
| CVE-2022-43357 | KY3.4-5A | libsass | Fixed |
| CVE-2022-43357 | KY3.5.1 | libsass | Fixed |
| CVE-2022-43357 | KY3.5.2 | libsass | Fixed |
| CVE-2022-43358 | KY3.4-4A | libsass | Fixed |
| CVE-2022-43358 | KY3.4-5A | libsass | Fixed |
| CVE-2022-43358 | KY3.5.1 | libsass | Fixed |
| CVE-2022-43358 | KY3.5.2 | libsass | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libsass-devel | x86_64 | 3.6.4-2.kb2.ky3_5 |
| libsass | x86_64 | 3.6.4-2.kb2.ky3_5 |
| libsass | aarch64 | 3.6.4-2.kb2.ky3_5 |
| libsass-devel | aarch64 | 3.6.4-2.kb2.ky3_5 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libsass | x86_64 | 3.6.4-2.kb1.ky3_4 |
| libsass-devel | x86_64 | 3.6.4-2.kb1.ky3_4 |
| libsass | aarch64 | 3.6.4-2.kb1.ky3_4 |
| libsass-devel | aarch64 | 3.6.4-2.kb1.ky3_4 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libsass-devel | x86_64 | 3.6.4-2.kb1.ky3_4 |
| libsass | x86_64 | 3.6.4-2.kb1.ky3_4 |
| libsass | aarch64 | 3.6.4-2.kb1.ky3_4 |
| libsass-devel | aarch64 | 3.6.4-2.kb1.ky3_4 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libsass | x86_64 | 3.6.4-2.ky3_5 |
| libsass-devel | x86_64 | 3.6.4-2.ky3_5 |
| libsass | aarch64 | 3.6.4-2.ky3_5 |
| libsass-devel | aarch64 | 3.6.4-2.ky3_5 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
