Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 38: FEDORA-2024-3744975c4b Moderate: rubygem-yard XSS Fix XSS

fedora
Calendar Grey March 21, 2024
Dist Fedora Esm H88
A vulnerability in rubygem-yard allows generated documentation to be susceptible to XSS threats. Please update to the latest RPM for a fix.
A security flaw was found on rubygem-yard that documents generated by yard may be vulnerable to XSS attack

Summary

YARD is a documentation generation tool for the Ruby programming language.

It enables the user to generate consistent, usable documentation that can be

exported to a number of formats very easily, and also supports extending for

custom Ruby constructs such as custom class level definitions.

Update Information:

A security flaw was found on rubygem-yard that documents generated by yard may be vulnerable to XSS attack. This issue is now assigned as CVE-2024-27285 . This new rpm is supposed to fix this issue.

Topics%20covered

Topics Covered

security advisory software update Fedora XSS attack rubygem-yard

Change Log

* Fri Mar 1 2024 Mamoru TASAKA - 0.9.36-1 - 0.9.36 * Fri Jan 26 2024 Fedora Release Engineering - 0.9.34-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Nov 10 2023 Mamoru TASAKA - 0.9.34-4 - Testsuite: remove invalid yield usage from spec (for ruby3.3) * Mon Sep 25 2023 Mamoru TASAKA - 0.9.34-3 - Backport upstream patch for BOM detection change in ruby33 * Fri Jul 21 2023 Fedora Release Engineering - 0.9.34-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Apr 13 2023 Mamoru TASAKA - 0.9.34-1 - 0.9.34 * Wed Apr 12 2023 Mamoru TASAKA - 0.9.33-1 - 0.9.33

References

Fedora Update Notification FEDORA-2024-3744975c4b 2024-03-21 01:27:46.105047 Name : rubygem-yard Product : Fedora 38 Version : 0.9.36 Release : 1.fc38 URL : https://yardoc.org/ Summary : Documentation tool for consistent and usable documentation in Ruby Description : YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3744975c4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: rubygem-yard
Product: Fedora 38
Version: 0.9.36
Release: 1.fc38
URL: https://yardoc.org/
Summary: Documentation tool for consistent and usable documentation in Ruby

Topics%20covered

Topics Covered

security advisory software update Fedora XSS attack rubygem-yard

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here