MGASA-2022-0200 - Updated ruby-nokogiri packages fix security vulnerability

Publication date: 22 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0200.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-29181

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers,
allowing specially crafted untrusted inputs to cause illegal memory access
errors (segfault) or reads from unrelated memory. Version 1.13.6 contains
a patch for this issue. As a workaround, ensure the untrusted input is a
'String' by calling '#to_s' or equivalent.

References:
- https://bugs.mageia.org/show_bug.cgi?id=30451
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/4J4GGCK2IK6R7HJKHPGPCCZRBXEWHBVC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181

SRPMS:
- 8/core/ruby-nokogiri-1.11.7-1.1.mga8