Stay Secure with the Latest Linux Advisories

security advisorysoftware updateremote code execution

Rocky Linux 8 RLSA-2025:1314 moderate: doxygen untrusted code execution

Moderate: doxygen security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:1314", "synopsis": "Moderate: doxygen security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for doxygen.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of documented source files. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code structure from undocumented source files. \n\nSecurity Fix(es):\n\n* jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "1850004", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", "description": ""}], "cves": [{"name": "CVE-2020-11023", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-02-13T20:34:40.392800Z", "rpms": {"Rocky Linux 8": {"nvras": ["doxygen-1:1.8.14-13.el8_10.x86_64.rpm", "doxygen-1:1.8.14-13.el8_10.src.rpm", "doxygen-1:1.8.14-13.el8_10.aarch64.rpm", "doxygen-debuginfo-1:1.8.14-13.el8_10.aarch64.rpm", "doxygen-debuginfo-1:1.8.14-13.el8_10.x86_64.rpm", "doxygen-debugsource-1:1.8.14-13.el8_10.aarch64.rpm", "doxygen-debugsource-1:1.8.14-13.el8_10.x86_64.rpm", "doxygen-doxywizard-1:1.8.14-13.el8_10.aarch64.rpm", "doxygen-doxywizard-1:1.8.14-13.el8_10.x86_64.rpm","doxygen-doxywizard-debuginfo-1:1.8.14-13.el8_10.aarch64.rpm", "doxygen-doxywizard-debuginfo-1:1.8.14-13.el8_10.x86_64.rpm", "doxygen-latex-1:1.8.14-13.el8_10.aarch64.rpm", "doxygen-latex-1:1.8.14-13.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux releases a medium-level security notice concerning doxygen. Discover the implications and the essential updates required to ensure safety.. doxygen update, Rocky Linux security, code execution, software update. . LinuxSecurity.com Team

Feb 13, 2025 Rocky Linux