==========================================================================
Ubuntu Security Notice USN-4175-1
November 05, 2019
ruby-nokogiri vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Nokogiri could be made to execute programs if it received
specially crafted input.
Software Description:
– ruby-nokogiri: HTML, XML, SAX, and Reader parser for Ruby
Details:
It was discovered that Nokogiri incorrectly handled inputs. A remote attacker
could possibly use this issue to execute arbitrary OS commands.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
ruby-nokogiri 1.10.3+dfsg1-2ubuntu0.1
Ubuntu 19.04:
ruby-nokogiri 1.10.0+dfsg1-2ubuntu0.1
Ubuntu 18.04 LTS:
ruby-nokogiri 1.8.2-1ubuntu0.1
Ubuntu 16.04 LTS:
ruby-nokogiri 1.6.7.2-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4175-1
CVE-2019-5477
Package Information:
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.10.3+dfsg1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.10.0+dfsg1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.8.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-nokogiri/1.6.7.2-3ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl3BjHIACgkQkGeI6zGn
N/+KAhAAqjkp/SY7wNfaGPdknAP4uVD5WdLhIFyU1X/rzEwqEe1qBesI0gfqtUS/
OGVEykP25ICt4la4fOsxnP939Elyrq1lqgR7hRttojBHaAseyD+8HYznFVCryfQO
phW5FFZNSKX0Zk4AeNEn867fE/vg7gd6XvKVLXZ2HaIx/ob72qY5yeFLd72aLn6e
7TwIYnbIJAsITP3MH/HvqBrL/LKIfRssTC+kCaRGVjR4awQ2cPyX6G5VM0B9OYxY
akDoJUtnkMFWqgzbqkGUD40K18N/A0Be3+3K00dBpBPGSfsISe57/Rfb98c4tgyU
+cv6KqH1o5Ps4xM/giHQRLw/sbHDqdOibHLQRqKjr9/RdSo/yAUdKsOeaxlJKckP
tZ+HtWYxTG5rBfaOrO8Fk4MbDp588DwSwQjBV+1DUsJYxrfkvzUvjzuZAqnuqqjj
e5I+kNd19NhsiwpbLTRaF97/poiWgYMz1M7tluxydVhZvao+Gx0FZsSn+UI65Qlm
SsVQJ9jYTZzKtMmBlrkQ2X2xU8c1MrHWGNsAxWJGeFrvfY2Sq8KKdVyYWpiFh72Z
M81kfdUNAyEXJzkmOrE6stOiORycAVeRwQ3xH2nvkSYllc74TI4iUvYH6kCr//fG
NBI51Lv6hUHtNJ7W9EmIC4WD/zsgIqX/aj5ye1Egj07hIk2C66I=
=EGWy
—–END PGP SIGNATURE—–
—