ELA-438-1 ruby-nokogiri security update

Debian 9909 Published by

A ruby-nokogiri security update has been released for Debian GNU/Linux 8 Extended LTS to address a XXE vulnerability.



ELA-438-1 ruby-nokogiri security update

Package ruby-nokogiri
Version 1.6.3.1+ds-1+deb8u2
Related CVEs CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. An XXE vulnerability was found in Nokogiri. XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. The new default behavior is to treat all input as untrusted. See also upstream’s security advisory for more information how to mitigate the problem or to restore the old behavior again.

For Debian 8 jessie, these problems have been fixed in version 1.6.3.1+ds-1+deb8u2.

We recommend that you upgrade your ruby-nokogiri packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-438-1 ruby-nokogiri security update

USN-4968-2: LZ4 vulnerability

How to Check TLS/SSL Expiration Date Using OpenSSL

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...