exploitDog

SUSE-SU-2018:3928-1

Опубликовано: 27 нояб. 2018

Источник: suse-cvrf

Описание

Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues:

Security issue fixed:

CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist (bsc#1113969).

Список пакетов

SUSE Linux Enterprise High Availability Extension 15

ruby2.5-rubygem-loofah-2.2.2-4.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183928-1/
Link for SUSE-SU-2018:3928-1
https://lists.suse.com/pipermail/sle-security-updates/2018-November/004900.html
E-Mail link for SUSE-SU-2018:3928-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1113969
SUSE Bug 1113969
https://www.suse.com/security/cve/CVE-2018-16468/
SUSE CVE CVE-2018-16468 page

Описание

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-loofah-2.2.2-4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16468.html
CVE-2018-16468
https://bugzilla.suse.com/1113969
SUSE Bug 1113969