Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 16.04 LTS: USN-4498-1 Critical Loofah XSS Security Advisory

ubuntu
Calendar Grey September 15, 2020
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4500-1 highlights a vulnerability in the OpenSSL library that could potentially permit remote code execution via malformed Cert files.
Loofah could be made to perform XSS attacks if a crafted SVG element is republished

Summary

Loofah could be made to perform XSS attacks if a crafted SVG element is

republished

Software Description:

- ruby-loofah: manipulation and transformation of HTML/XML documents and

fragments

Details:

It was discovered that Loofah does not properly sanitize JavaScript in

sanitized output. An attacker could possibly use this issue to perform

XSS attacks. (CVE-2019-15587)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  ruby-loofah                     2.0.3-2+deb9u3build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4498-1

CVE-2019-15587

Severity
critical
Lowest
Low
Medium
High
Critical

September 15, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here