Stay Secure with the Latest Linux Advisories

security advisorysoftware updatecross-site scripting

Ubuntu 18.04 LTS: USN-4560-1 Critical: Gon Gem XSS Threat

Gon gem could be made to run programs if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-4560-1 September 30, 2020 ruby-gon vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Gon gem could be made to run programs if it received specially crafted network traffic. Software Description: - ruby-gon: Ruby library to send data to JavaScript from a Ruby application Details: It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: ruby-gon 6.1.0-1+deb9u1build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4560-1 CVE-2020-25739 Package Information: https://launchpad.net/ubuntu/+source/ruby-gon/6.1.0-1+deb9u1build0.18.04.1 -- ubuntu-security-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . A significant vulnerability in the Gon gem permits the execution of scripts through specially designed network messages. Apply an update to protect against CSRF attacks.. gon gem security, ruby library vulnerabilities, ubuntu software advisory, xss attack prevention. . Severity: Critical. LinuxSecurity.com Team

Sep 30, 2020 •Critical Ubuntu