Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryhigh severityFedoraFedora 40: FEDORA-2024-129d8ca6fc High: Type Confusion in Jsoup
Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : jsoup Product : Fedora 40 Version : 1.17.2 Release : 2.fc40 URL : https://jsoup.org/ Summary : Java library for working with real-world HTML Description : jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do. * scrape and parse HTML from a URL, file, or string * find and extract data, using DOM traversal or CSS selectors * manipulate the HTML elements, attributes, and text * clean user-submitted content against a safelist, to prevent XSS attacks * output tidy HTML jsoup is designed to deal with all varieties of HTML found in the wild; from pristine and validating, to invalid tag-soup; jsoup will create a sensible parse tree. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 1 2024 Jiri Vanek - 1.17.2-2 - bump of release for for java-21-openjdk as systemjdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2024
Fedora
100
security advisorymoderateinput sanitizationSUSE: 2022:5011-2 Moderate: JsonParser Security Flaw Detected
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for jsoup ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4011-1 Rating: moderate References: #1203459 Cross-References: CVE-2022-36033 CVSS scores: CVE-2022-36033 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-36033 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jsoup fixes the following issues: Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459). Patch Instructions: Toinstall this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4011=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4011=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4011=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4011=1 Package List: - openSUSE Leap 15.4 (noarch): jsoup-1.15.3-150200.3.6.1 jsoup-javadoc-1.15.3-150200.3.6.1 - openSUSE Leap 15.3 (noarch): jsoup-1.15.3-150200.3.6.1 jsoup-javadoc-1.15.3-150200.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): jsoup-1.15.3-150200.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jsoup-1.15.3-150200.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-36033.html https://bugzilla.suse.com/1203459 . A recent SUSE Security Update addresses a vulnerability related to jsoup's handling of input validation. Ensure your environments are safeguarded by applying this patch.. jsoup Update, SUSE Security, Input Sanitization Fix, Linux Updates, Software Security. . LinuxSecurity.com Team
Nov 16, 2022
SuSE
100
security advisorysecurity issueimportantSUSE Container Update: 2022:649-1 Important for bci/openjdk-devel
The container bci/openjdk-devel was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:649-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.8 , bci/openjdk-devel:latest Container Release : 15.8 Severity : important Type : security References : 1189749 CVE-2021-37714 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1265-1 Released: Tue Apr 19 15:22:37 2022 Summary: Security update for jsoup, jsr-305 Type: security Severity: important References: 1189749,CVE-2021-37714 This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749). Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2 - Generate tarball using source service instead of a script The following package changes have been done: - jsoup-1.14.2-150200.3.3.1 updated . SUSE Container Refresh for bci/openjdk-runtime targeting critical vulnerabilities such as CVE-2023-12345.. SUSE Container, bci/openjdk-devel, security update, jsoup patch. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2022
•Important
SuSE
100
security advisoryimportantparsing issueSUSE: 2022:1265-1 Critical Update: jsoup Parsing Vulnerability Repair
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for jsoup, jsr-305 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1265-1 Rating: important References: #1189749 Cross-References: CVE-2021-37714 CVSS scores: CVE-2021-37714 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37714 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749). Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2 - Generate tarball using source service instead of a script Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1265=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1265=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1265=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1265=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1265=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1265=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1265=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1265=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1265=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1265=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patchSUSE-SLE-Module-Development-Tools-15-SP3-2022-1265=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1265=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1265=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1265=1 Package List: - openSUSE Leap 15.4 (noarch): jsoup-1.14.2-150200.3.3.1 jsoup-javadoc-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 jsr-305-javadoc-3.0.2-150200.3.3.1 - openSUSE Leap 15.3 (noarch): jsoup-1.14.2-150200.3.3.1 jsoup-javadoc-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 jsr-305-javadoc-3.0.2-150200.3.3.1 - SUSE Manager Server 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Manager Proxy 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Enterprise Storage 7 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-37714.html https://bugzilla.suse.com/1189749 . A patch for jsoup and jsr-305 resolves a significant parsing flaw in SUSE environments.. SUSE, jsoup, jsr-305, enterprise storage. . Severity: Important. LinuxSecurity.com Team
Apr 19, 2022
•Important
SuSE
197
security advisorycross-site scriptingJessieDebian 8 Jessie: DLA-2075-1 Critical: Jsoup XSS Issue Resolved
An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '> ' at EOF a cross-site scripting (XSS) vulnerability could appear. . Package : jsoup Version : 1.8.1-1+deb8u1 CVE ID : CVE-2015-6748 An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '> ' at EOF a cross-site scripting (XSS) vulnerability could appear. For Debian 8 "Jessie", this problem has been fixed in version 1.8.1-1+deb8u1. We recommend that you upgrade your jsoup packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Implement jsoup update to mitigate XSS vulnerabilities in Debian 8 Jessie. Essential security issue addressed in the latest package release.. jsoup security, Debian 8 update, XSS vulnerability fix. . Severity: Critical. LinuxSecurity.com Team
Jan 26, 2020
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!