Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Mageia 8: MGASA-2022-0200 Critical: Nokogiri Memory Access Issue

mageia
Calendar Grey May 22, 2022
Dist Mageia Esm H88
A patch for Nokogiri's security vulnerabilities remedies memory access issues. MGASA-2022-0201 resolves CVE-2022-29182 proficiently.
Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads fro...

Summary

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a 'String' by calling '#to_s' or equivalent.

References

- https://bugs.mageia.org/show_bug.cgi?id=30451

- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4J4GGCK2IK6R7HJKHPGPCCZRBXEWHBVC/

- https://www.cve.org/CVERecord?id=CVE-2022-29181

Resolution

SRPMS

- 8/core/ruby-nokogiri-1.11.7-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 22 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0200.html
Type: security
CVE: CVE-2022-29181

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here