Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisorymoderatepackage updateopenSUSE Tumbleweed: 2025:15119-1 moderate: kramdown security fix
An update that solves 2 vulnerabilities can now be installed.. # ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media Announcement ID: openSUSE-SU-2025:15119-1 Rating: moderate Cross-References: * CVE-2020-14001 * CVE-2021-28834 CVSS scores: * CVE-2020-14001 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2021-28834 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-kramdown-2.4.0-1.15 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-kramdown 2.4.0-1.15 ## References: * https://www.suse.com/security/cve/CVE-2020-14001.html * https://www.suse.com/security/cve/CVE-2021-28834.html . The latest openSUSE Tumbleweed release resolves critical vulnerabilities in ruby3.4-rubygem-kramdown, enhancing overall system reliability.. openSUSE Tumbleweed, ruby3.4, package security update, kramdown security fix. . LinuxSecurity.com Team
May 18, 2025
OpenSUSE
89
security advisoryfedoracritical updateFedora 34: Critical Update for rubygem-kramdown 2.3.1 Namespace Restriction
New version 2.3.1 is released. Note that a possible security related issue is found on the previous version of rubygem-kramdown where kramdown does not restrict custom Rouge formatters within Rouge::Formatters namespace. This issue is now assigned as CVE-2021-28834. This new rpm should fix this issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-139a6a2f9d 2021-03-26 00:15:07.081055 --------------------------------------------------------------------------------Name : rubygem-kramdown Product : Fedora 34 Version : 2.3.1 Release : 1.fc34 URL : Summary : Fast, pure-Ruby Markdown-superset converter Description : kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions. --------------------------------------------------------------------------------Update Information: New version 2.3.1 is released. Note that a possible security related issue is found on the previous version of rubygem-kramdown where kramdown does not restrict custom Rouge formatters within Rouge::Formatters namespace. This issue is now assigned as CVE-2021-28834. This new rpm should fix this issue. --------------------------------------------------------------------------------ChangeLog: * Sun Mar 21 2021 Mamoru TASAKA - 2.3.0-1 - 2.3.1 * Sun Mar 21 2021 Mamoru TASAKA - 2.3.0-3 - Apply upstream fix for CVE-2021-28834 (rouge formatter namespace restriction) --------------------------------------------------------------------------------References: [ 1 ] Bug #1941045 - CVE-2021-28834 rubygem-kramdown: allows arbitrary classes to be instantiated [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1941045 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-139a6a2f9d' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 25, 2021
•Critical
Fedora
172
security advisoryinformation leakcode executionUbuntu 20.10: USN-4562-2 Moderate: Kramdown Code Execution Risk
kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4562-2 October 26, 2020 ruby-kramdown vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 Summary: kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file. Software Description: - ruby-kramdown: Fast, pure-Ruby Markdown-superset converter - ruby library Details: It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: kramdown 1.17.0-4ubuntu0.20.10.1 ruby-kramdown 1.17.0-4ubuntu0.20.10.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4562-2 https://ubuntu.com/security/notices/USN-4562-1 CVE-2020-14001 Package Information: https://launchpad.net/ubuntu/+source/ruby-kramdown/1.17.0-4ubuntu0.20.10.1 -- ubuntu-security-announce mailing list
Oct 26, 2020
Ubuntu
89
security advisorysecurity issueFedoraFedora 32: 2020-f6eee9a2d3 Critical: rubygem-kramdown Code Execution
A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-f6eee9a2d3 2020-08-20 01:10:33.168119 --------------------------------------------------------------------------------Name : rubygem-kramdown Product : Fedora 32 Version : 2.1.0 Release : 3.fc32 URL : Summary : Fast, pure-Ruby Markdown-superset converter Description : kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions. --------------------------------------------------------------------------------Update Information: A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. --------------------------------------------------------------------------------ChangeLog: * Mon Aug 10 2020 Mamoru TASAKA - 2.1.0-3 - Backport upstream patch for CVE-2020-14001 (bug 1858395) --------------------------------------------------------------------------------References: [ 1 ] Bug #1858414 - CVE-2020-14001 rubygem-kramdown: processing template options inside documents allows unintended read access or embedded Ruby code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1858414 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-f6eee9a2d3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 19, 2020
•Critical
Fedora
89
security advisoryFedorarubyFedora 31: 2020-5c70d97eca Critical: Rubygem-Kramdown Code Exec
A security flaw was found on ruby kramdown which may lead to unintended code execution. THis vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-5c70d97eca 2020-08-20 01:03:35.305841 --------------------------------------------------------------------------------Name : rubygem-kramdown Product : Fedora 31 Version : 1.17.0 Release : 6.fc31 URL : Summary : Fast, pure-Ruby Markdown-superset converter Description : kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions. --------------------------------------------------------------------------------Update Information: A security flaw was found on ruby kramdown which may lead to unintended code execution. THis vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. --------------------------------------------------------------------------------ChangeLog: * Mon Aug 10 2020 Mamoru TASAKA - 1.17.0-6 - Backport upstream patch for CVE-2020-14001 (bug 1858395) --------------------------------------------------------------------------------References: [ 1 ] Bug #1858414 - CVE-2020-14001 rubygem-kramdown: processing template options inside documents allows unintended read access or embedded Ruby code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1858414 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-5c70d97eca' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 19, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!