Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Mageia: 2023-0291 Moderate: Ruby RedCloth Security Update

mageia
Calendar Grey October 20, 2023
Dist Mageia Esm H88
Mageia 2023-0291 upgrades Ruby-RedCloth to mitigate a Denial of Service vulnerability and enhance overall security protocols.
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0

Summary

A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. (CVE-2023-31606)

References

- https://bugs.mageia.org/show_bug.cgi?id=32284

- https://ubuntu.com/security/notices/USN-6358-1

- https://www.cve.org/CVERecord?id=CVE-2023-31606

Resolution

SRPMS

- 9/core/ruby-RedCloth-4.3.2-7.1.mga9

- 8/core/ruby-RedCloth-4.3.2-5.1.mga8

Publication date: 20 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0291.html
Type: security
CVE: CVE-2023-31606

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here