drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in ruby-sanitize
Name: |
Zwei Probleme in ruby-sanitize |
|
ID: |
USN-6748-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 |
|
Datum: |
Mi, 24. April 2024, 23:14 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36823 |
|
Applikationen: |
ruby-sanitize |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0110823426843484631== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------MLM2BI6a0gMq5ABxBibQ7bPK"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------MLM2BI6a0gMq5ABxBibQ7bPK Content-Type: multipart/mixed; boundary="------------uH5S2VuI0vsUZnk0FOmN1dkg"; protected-headers="v1" From: Evan Caville <evan.caville@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <6f648a20-d44c-4e10-a916-cd108f0b68ee@canonical.com> Subject: [USN-6748-1] Sanitize vulnerabilities
--------------uH5S2VuI0vsUZnk0FOmN1dkg Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6748-1 April 24, 2024
ruby-sanitize vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Sanitize.
Software Description: - ruby-sanitize: Allowlist-based HTML and CSS sanitizer
Details:
It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-23627)
It was discovered that Sanitize incorrectly handled style elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2023-36823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: ruby-sanitize 6.0.0-1.1ubuntu0.23.10.1
Ubuntu 22.04 LTS: ruby-sanitize 6.0.0-1ubuntu0.1
Ubuntu 20.04 LTS: ruby-sanitize 4.6.6-2.1~0.20.04.2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6748-1 CVE-2023-23627, CVE-2023-36823
Package Information: https://launchpad.net/ubuntu/+source/ruby-sanitize/6.0.0-1.1ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/ruby-sanitize/6.0.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/ruby-sanitize/4.6.6-2.1~0.20.04.2
--------------uH5S2VuI0vsUZnk0FOmN1dkg--
--------------MLM2BI6a0gMq5ABxBibQ7bPK Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmYoqncFAwAAAAAACgkQWNrRIKaTkWcP dBAAmrZmoWmOq4kXshsbijkIH0TuT5OwfKgCTtbis90LJvMPqsoYATC/jPBlifry2HjSUwHXGm3W i8C3QLKnp0vwEWpHkJmRvT+Qi9ViIBvscAGUhqaXkGtzcK8TGxDM6u+JLMYZykM0zXb0jNEYlc2Y B1WPW4nhs0UshcSHR5aKaWlRzeFuXPZILI0vR70GsWH+FAyoZ6xs/Te1+BzuvttIUTiwcixG8I2i xFeZ806LGgk1CIf068bs9rjsl6CdOublyACOHILzyVcqV+d7jxuiiCAE2jSQN9VHzlaK1BjGMcuD RAVqEF3jpcWGaE9J//pMTe/B9Aqf9uonRZCnhtwaKXX9tEalWZmz44yZLatGp8DjhqTExGXC3QU5 OWp/rnv7s8dvZem9IKAOl8zEX309fUvqKFK1BVyQfR+6fj7snEdvl/8kc+9f7mwJCkgMEjV1++sl dae7VNMqezzf2QhZtl5TaME1bwrkNl6ax4/73wERyZDY43MxfEF5GfegDS2CT5EkprMjM/+VeyN/ kdObwaRIL/IAZ4fZf2bY+i5p8Np0IRyLDqNKd6dq3dYogVfB4ggshEGXIO8XkLKPHlqrvlKA//Pd S1fRWLqqAOc+TpciVeKP+IdYH7MphYMs+TPDMEVMrDCir+xwQW2iIrab8D/sGxK6/vayzKRH7+6S Ce4= =30UQ -----END PGP SIGNATURE-----
--------------MLM2BI6a0gMq5ABxBibQ7bPK--
--===============0110823426843484631== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============0110823426843484631==--
|
|
|
|