Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian: DSA-4743-1 Moderate: ruby-kramdown Code Execution Risk

debian
Calendar Grey August 10, 2020
Debian Logo
Debian Security Notice DSA-4744-2 highlights a vulnerability in python-requests that compromises data integrity and remote code execution.
A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code exe...

Summary

The Update introduces a new option 'forbidden_inline_options' to
restrict the options allowed with the {::options /} extension. By
default the 'template' option is forbidden.

For the stable distribution (buster), this problem has been fixed in
version 1.17.0-1+deb10u1.

We recommend that you upgrade your ruby-kramdown packages.

For the detailed security status of ruby-kramdown please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/source-package/ruby-kramdown

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Package: ruby-kramdown
CVE ID: CVE-2020-14001

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here