Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS: USN-4543-1 Critical: ruby-sanitize XSS Risk

ubuntu
Calendar Grey September 25, 2020
Dist Ubuntu Esm H88
Critical XSS flaw in Ruby impacts Ubuntu 20.04 LTS; guidance for patching is available.
Sanitize could be made to perform XSS attacks if it received specially crafted input.

Summary

Sanitize could be made to perform XSS attacks if it received specially

crafted input.

Software Description:

- ruby-sanitize: allowlist-based HTML and CSS sanitizer

Details:

Michał Bentkowski discovered that Sanitize did not properly sanitize some

math or svg HTML under certain circumstances. A remote attacker could

potentially exploit this to conduct cross-site scripting (XSS) attacks.

(CVE-2020-4054)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  ruby-sanitize                   4.6.6-2.1~0.20.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4543-1

CVE-2020-4054

Severity
critical
Lowest
Low
Medium
High
Critical

September 25, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here