You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa ruby-nokogiri

Sigurnosni nedostatak programskog paketa ruby-nokogiri

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4175-1
November 05, 2019

ruby-nokogiri vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Nokogiri could be made to execute programs if it received
specially crafted input.

Software Description:
– ruby-nokogiri: HTML, XML, SAX, and Reader parser for Ruby

Details:

It was discovered that Nokogiri incorrectly handled inputs. A remote attacker
could possibly use this issue to execute arbitrary OS commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
ruby-nokogiri 1.10.3+dfsg1-2ubuntu0.1

Ubuntu 19.04:
ruby-nokogiri 1.10.0+dfsg1-2ubuntu0.1

Ubuntu 18.04 LTS:
ruby-nokogiri 1.8.2-1ubuntu0.1

Ubuntu 16.04 LTS:
ruby-nokogiri 1.6.7.2-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4175-1
CVE-2019-5477

Package Information:
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.10.3+dfsg1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.10.0+dfsg1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.8.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.6.7.2-3ubuntu0.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl3BjHIACgkQkGeI6zGn
N/+KAhAAqjkp/SY7wNfaGPdknAP4uVD5WdLhIFyU1X/rzEwqEe1qBesI0gfqtUS/
OGVEykP25ICt4la4fOsxnP939Elyrq1lqgR7hRttojBHaAseyD+8HYznFVCryfQO
phW5FFZNSKX0Zk4AeNEn867fE/vg7gd6XvKVLXZ2HaIx/ob72qY5yeFLd72aLn6e
7TwIYnbIJAsITP3MH/HvqBrL/LKIfRssTC+kCaRGVjR4awQ2cPyX6G5VM0B9OYxY
akDoJUtnkMFWqgzbqkGUD40K18N/A0Be3+3K00dBpBPGSfsISe57/Rfb98c4tgyU
+cv6KqH1o5Ps4xM/giHQRLw/sbHDqdOibHLQRqKjr9/RdSo/yAUdKsOeaxlJKckP
tZ+HtWYxTG5rBfaOrO8Fk4MbDp588DwSwQjBV+1DUsJYxrfkvzUvjzuZAqnuqqjj
e5I+kNd19NhsiwpbLTRaF97/poiWgYMz1M7tluxydVhZvao+Gx0FZsSn+UI65Qlm
SsVQJ9jYTZzKtMmBlrkQ2X2xU8c1MrHWGNsAxWJGeFrvfY2Sq8KKdVyYWpiFh72Z
M81kfdUNAyEXJzkmOrE6stOiORycAVeRwQ3xH2nvkSYllc74TI4iUvYH6kCr//fG
NBI51Lv6hUHtNJ7W9EmIC4WD/zsgIqX/aj5ye1Egj07hIk2C66I=
=EGWy
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Apport

Otkriveni su sigurnosni nedostaci u programskom paketu Apport za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close