Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
172
security advisorycross site scriptingUbuntuUbuntu 20.04 LTS Roundcube 1.4.3 Regression Fix CVE 2026-0001
USN-8097-1 introduced a regression in roundcube. ========================================================================== Ubuntu Security Notice USN-8097-2 March 18, 2026 roundcube regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: USN-8097-1 introduced a regression in roundcube Software Description: - roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack Details: USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube Webmail did not properly sanitize the animate tag within SVG documents. An attacker could possibly use this issue to cause a cross-site scripting attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm7 Available with Ubuntu Pro roundcube-plugins 1.4.3+dfsg.1-1ubuntu0.1~esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8097-2 https://ubuntu.com/security/notices/USN-8097-1 https://launchpad.net/bugs/2144682 . Roundcube security fix in Ubuntu 20.04 LTS addresses regression affecting email rendering and XSS.. Roundcube Security Fix, Ubuntu 20.04 LTS, XSS Vulnerability, HTML Sanitization Issue. . Severity: Important. LinuxSecurity.com Team
Mar 18, 2026
•Important
Ubuntu
202
security advisorymoderateupdateopenSUSE Tumbleweed: 2025:15125-1 moderate: ruby html sanitizer update
An update that solves 9 vulnerabilities can now be installed.. # ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 on GA media Announcement ID: openSUSE-SU-2025:15125-1 Rating: moderate Cross-References: * CVE-2015-7578 * CVE-2015-7579 * CVE-2015-7580 * CVE-2018-3741 * CVE-2022-23517 * CVE-2022-23518 * CVE-2022-23519 * CVE-2022-23520 * CVE-2022-32209 CVSS scores: * CVE-2018-3741 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2022-23517 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-23518 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2022-23519 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2022-23520 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2022-32209 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * openSUSE Tumbleweed An update that solves 9 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-rails-html-sanitizer 1.6.0-1.7 ## References: * https://www.suse.com/security/cve/CVE-2015-7578.html * https://www.suse.com/security/cve/CVE-2015-7579.html * https://www.suse.com/security/cve/CVE-2015-7580.html * https://www.suse.com/security/cve/CVE-2018-3741.html * https://www.suse.com/security/cve/CVE-2022-23517.html * https://www.suse.com/security/cve/CVE-2022-23518.html * https://www.suse.com/security/cve/CVE-2022-23519.html * https://www.suse.com/security/cve/CVE-2022-23520.html * https://www.suse.com/security/cve/CVE-2022-32209.html . This advisory highlights vulnerabilities in the ruby3.4-rubygem-rails-html-sanitizer package, urging users to update for enhanced security against XSS threats. ruby security, openSUSE advisory, moderate severity, web application security. . LinuxSecurity.com Team
May 18, 2025
OpenSUSE
197
security advisoryXSSDebianDebian 11: DLA-3902-1: ruby-rails-html-sanitizer critical: XSS issues
Multiple vulnerabilities have been fixed in ruby-rails-html-sanitizer, a Ruby library for sanitizing HTML fragments in Rails applications. CVE-2022-23517 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1
Sep 28, 2024
•Critical
Debian LTS
87
security advisorydebiancross-site scriptingDebian 5: DSA-5616-1 Critical: Ruby-Sanitize Cross-Site Scripting
It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitised elements, which may result in cross-site scripting. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5616-1
Feb 05, 2024
•Critical
Debian
197
security advisorycriticaldebianDebian Buster: DLA-3566-1 Critical: HTML Sanitizer XSS And DoS Risks
Multiple vulnerabilities were discovered in Rails HTML Sanitizers, an HTML sanitization library for Ruby on Rails applications. An attacker could launch cross-site scripting (XSS) and denial-of-service (DoS) attacks through crafted HTML/XML documents. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3566-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby-rails-html-sanitizer Version : 1.0.4-1+deb10u2 CVE ID : CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520 Debian Bug : 1027153 Multiple vulnerabilities were discovered in Rails HTML Sanitizers, an HTML sanitization library for Ruby on Rails applications. An attacker could launch cross-site scripting (XSS) and denial-of-service (DoS) attacks through crafted HTML/XML documents. CVE-2022-23517 Certain configurations use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. CVE-2022-23518 Cross-site scripting via data URIs when used in combination with Loofah > = 2.1.0. CVE-2022-23519 XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. CVE-2022-23520 XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer'sallowed tags to allow both "select" and "style" elements. For Debian 10 buster, these problems have been fixed in version 1.0.4-1+deb10u2. We recommend that you upgrade your ruby-rails-html-sanitizer packages. For the detailed security status of ruby-rails-html-sanitizer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby-rails-html-sanitizer Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Several security flaws in ruby-rails-html-sanitizer have been addressed. It's advisable to upgrade promptly to mitigate against XSS and DoS threats.. ruby On Rails, HTML Sanitization, Debian Security. . Severity: Critical. LinuxSecurity.com Team
Sep 13, 2023
•Critical
Debian LTS
89
security advisoryfedoraupdateFedora 36: FEDORA-2022-ea8f4e232d Critical: HTML Sanitizer Update
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-microcosm-cc-bluemonday Product : Fedora 36 Version : 1.0.17 Release : 4.fc36 URL : https://github.com/microcosm-cc/bluemonday Summary : Fast golang HTML sanitizer Description : bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 1.0.17-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
197
security advisoryupdatedebianDebian 9 Stretch: DLA-2419-1 Moderate: dompurify.js mXSS Issues
Two issues have been found in dompurify.js, an XSS sanitizer for HTML, MathML and SVG. Both issues are related to mXSS issues in SVG- or MATH-elements. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2419-1
Oct 29, 2020
Debian LTS
89
security advisoryfedorasoftware updateFedora 22 Critical Advisory: Rubygem-Rails-HTML-Sanitizer XSS Threat
Security fix for CVE-2015-7578 CVE-2015-7579 CVE-2015-7580. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-3a2606f993 2016-02-28 04:00:02.128747 -------------------------------------------------------------------------------- Name : rubygem-rails-html-sanitizer Product : Fedora 22 Version : 1.0.1 Release : 2.fc22 URL : https://github.com/rails/rails-html-sanitizer Summary : This gem is responsible to sanitize HTML fragments in Rails applications Description : HTML sanitization to Rails applications. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1301920 - CVE-2015-7578 rails-html-sanitizer: XSS vulnerability due to unremoved attributes from tags https://bugzilla.redhat.com/show_bug.cgi?id=1301920 [ 2 ] Bug #1302014 - CVE-2015-7579 rubygem-rails-html-sanitizer: XSS vulnerability in Action View's strip_tags function https://bugzilla.redhat.com/show_bug.cgi?id=1302014 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-rails-html-sanitizer' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Feb 28, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!