You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa lxml

Sigurnosni nedostatak programskog paketa lxml

by Dona Šeruga - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4666-1
December 09, 2020

lxml vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

lxml could allow cross-site scripting (XSS) attacks.

Software Description:
– lxml: pythonic binding for the libxml2 and libxslt libraries

Details:

It was discovered that lxml incorrectly handled certain HTML.
An attacker could possibly use this issue to cross-site scripting (XSS) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
python3-lxml 4.5.2-1ubuntu0.1

Ubuntu 20.04 LTS:
python-lxml 4.5.0-1ubuntu0.1
python3-lxml 4.5.0-1ubuntu0.1

Ubuntu 18.04 LTS:
python-lxml 4.2.1-1ubuntu0.2
python3-lxml 4.2.1-1ubuntu0.2

Ubuntu 16.04 LTS:
python-lxml 3.5.0-1ubuntu0.2
python3-lxml 3.5.0-1ubuntu0.2

Ubuntu 14.04 ESM:
python-lxml 3.3.3-1ubuntu0.2+esm1
python3-lxml 3.3.3-1ubuntu0.2+esm1

Ubuntu 12.04 ESM:
python-lxml 2.3.2-1ubuntu0.4
python3-lxml 2.3.2-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4666-1
CVE-2020-27783

Package Information:
https://launchpad.net/ubuntu/+source/lxml/4.5.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/lxml/4.5.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/lxml/4.2.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/lxml/3.5.0-1ubuntu0.2
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl/Q7zAACgkQRbznW4QL
H2mVsBAAgI8B4o5x1/yofJTf1O6i+eEf/39D4HM9UhVrirJTHZVc4UTk0Mt/sIp8
jrrX1Bx6gx+YUEb7agH2EpGq9kzkf8b/Q594bqgTpCe1J2H+uyzICjYJRzIleal6
R+Gv+MhTtB5MO9pkC6dQswdouKEHh+onu7pCm4lxjr/25i9zDfUmZU+jUfHGjhQG
k2vXRE69oQCx8a97YjBK5AT1HUVKUln2kH+m4PWXK/6XElE7yZj44qKC/Xec4uIF
xtn0jyKNrhWs9vtE5Z25rnLLlLAwXi6pytd6xDfIKg5QqVCrMxm1b8tZ0lDK5kVC
8nBkpTZapjZiKZeIO/wb9ldpMqMl12/VTAI3eau8e+N4WMkxtYDx23r7ChEL2heJ
s0glwNvvDL8ijByIwLNkXSfQqqHSfkEQscsr/m1s8Jph8lftYS8M4WfbW3HXqaVE
BzepCco3PlOzbcI270mUCw0gqFxEil6LFf7Omm5PWK8+RVCUpSJ4yAyTzbepXoq6
dhePKVGQap3AFqe9vG5L1O11m57svi9hE97V+KShGCXT6KoKAFS6MdHp+0a1S3Hf
3sDa/l2Wii7fE7NtaHe9/fuzJ/+BEh70h/PErimH9xv2syckseUhSgrztD/jv7bA
or2Szz307hx6mcqS3GJ3caDnQg786RxjM9q9fbHx+4tIBwIzQdE=
=J9dr
—–END PGP SIGNATURE—–

AutorDona Šeruga
Cert idNCERT-REF-2020-12-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Dona Šeruga
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa curl

Otkriveni su sigurnosni nedostaci u programskom paketu curl za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close