Several security issues were fixed in CKEditor.
Software Description:
- ckeditor: Text editor which can be embedded into web pages
Details:
Kevin Backhouse discovered that CKEditor did not properly sanitize HTML
content. An attacker could possibly use this issue to perform cross site
scripting and obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-24728)
It was discovered that CKEditor did not properly handle the creation of
editor instances in the Iframe Dialog and Media Embed packages. An
attacker could possibly use this issue to perform cross site scripting
and obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-28439)
It was discovered that CKEditor did not properly handle parsing HTML
content. An attacker could possibly use this issue to perform cross site
scripting and obtai...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 ckeditor 4.22.1+dfsg1-2ubuntu0.24.10.1 Ubuntu 24.04 LTS ckeditor 4.22.1+dfsg1-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS ckeditor 4.16.2+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS ckeditor 4.12.1+dfsg-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS ckeditor 4.5.7+dfsg-2ubuntu0.18.04.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS ckeditor 4.5.7+dfsg-2ubuntu0.16.04.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7258-1
CVE-2022-24728, CVE-2023-28439, CVE-2024-24815, CVE-2024-24816,
CVE-2024-43411
Get the latest Linux and open source security news straight to your inbox.