RedHat: RHSA-2020-5571:01 Moderate: python-XStatic-Bootstrap-SCSS security
Summary
python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library
packaged for setuptools / pip.
Security Fix(es):
* XSS in the data-target attribute (CVE-2016-10735)
* Cross-site Scripting (XSS) in the data-container property of tooltip
(CVE-2018-14042)
* XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* XSS in the affix configuration target property (CVE-2018-20677)
* XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:
Source:
python-XStatic-Bootstrap-SCSS-3.4.1.0-1.el7ost.src.rpm
noarch:
python-XStatic-Bootstrap-SCSS-3.4.1.0-1.el7ost.noarch.rpm
xstatic-bootstrap-scss-common-3.4.1.0-1.el7ost.noarch.rpm
Red Hat OpenStack Platform 13.0:
Source:
python-XStatic-Bootstrap-SCSS-3.4.1.0-1.el7ost.src.rpm
noarch:
python-XStatic-Bootstrap-SCSS-3.4.1.0-1.el7ost.noarch.rpm
xstatic-bootstrap-scss-common-3.4.1.0-1.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack Platform 13 (Queens).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat OpenStack Platform 13.0 - noarch
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch
Bugs Fixed
1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute
1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property
1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute
1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute