Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04 USN-6419-1: moderate jQuery UI Code Injection and XSS Attack

ubuntu
Calendar Grey October 5, 2023
Dist Ubuntu Esm H88
Ensure your Ubuntu installations are patched to mitigate significant vulnerabilities within jQuery UI, safeguarding against possible security breaches.
Several security issues were fixed in jQuery UI.

Summary

Several security issues were fixed in jQuery UI.

Software Description:

- jqueryui: JavaScript UI library for dynamic web applications

Details:

Hong Phat Ly discovered that jQuery UI did not properly manage parameters

from untrusted sources, which could lead to arbitrary web script or HTML

code injection. A remote attacker could possibly use this issue to perform

a cross-site scripting (XSS) attack. This issue only affected

Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103)

Esben Sparre Andreasen discovered that jQuery UI did not properly handle

values from untrusted sources in the Datepicker widget. A remote attacker

could possibly use this issue to perform a cross-site scripting (XSS)

attack and execute arbitrary code. This issue only affected

Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

(CVE-2021-41182, CVE-2021-41183)

It was discovered that jQuery UI did not properly validate values from

untrusted sources. An attacker...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libjs-jquery-ui                 1.12.1+dfsg-5ubuntu0.20.04.1
  node-jquery-ui                  1.12.1+dfsg-5ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libjs-jquery-ui                 1.12.1+dfsg-5ubuntu0.18.04.1~esm3
  node-jquery-ui                  1.12.1+dfsg-5ubuntu0.18.04.1~esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libjs-jquery-ui                 1.10.1+dfsg-1ubuntu0.16.04.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  libjs-jquery-ui                 1.10.1+dfsg-1ubuntu0.14.04.1~esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6419-1

CVE-2016-7103, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184,

CVE-2022-31160

Ubuntu Security Notice USN-6419-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here