========================================================================== Ubuntu Security Notice USN-4543-1 September 25, 2020
ruby-sanitize vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Sanitize could be made to perform XSS attacks if it received specially crafted input. Software Description: - ruby-sanitize: allowlist-based HTML and CSS sanitizer Details: MichaĆ Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2020-4054) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ruby-sanitize 4.6.6-2.1~0.20.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4543-1 CVE-2020-4054 Package Information: https://launchpad.net/ubuntu/+source/ruby-sanitize/4.6.6-2.1~0.20.04.1
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
