You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa lxml

Sigurnosni nedostatak programskog paketa lxml

by Vlatka Mišić - 0

==========================================================================
Ubuntu Security Notice USN-4666-2
December 11, 2020

lxml vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

lxml could allow cross-site scripting (XSS) attacks.

Software Description:
– lxml: pythonic binding for the libxml2 and libxslt librarie

Details:

USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides
the corresponding additional patch in order to properly fix the vulnerability.

Original advisory details:

It was discovered that lxml incorrectly handled certain HTML.
An attacker could possibly use this issue to cross-site scripting (XSS) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
python3-lxml 4.5.2-1ubuntu0.3

Ubuntu 20.04 LTS:
python-lxml 4.5.0-1ubuntu0.2
python3-lxml 4.5.0-1ubuntu0.2

Ubuntu 18.04 LTS:
python-lxml 4.2.1-1ubuntu0.3
python3-lxml 4.2.1-1ubuntu0.3

Ubuntu 16.04 LTS:
python-lxml 3.5.0-1ubuntu0.3
python3-lxml 3.5.0-1ubuntu0.3

Ubuntu 14.04 ESM:
python-lxml 3.3.3-1ubuntu0.2+esm2
python3-lxml 3.3.3-1ubuntu0.2+esm2

Ubuntu 12.04 ESM:
python-lxml 2.3.2-1ubuntu0.5
python3-lxml 2.3.2-1ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4666-2
https://usn.ubuntu.com/4666-1
CVE-2020-27783

Package Information:
https://launchpad.net/ubuntu/+source/lxml/4.5.2-1ubuntu0.3
https://launchpad.net/ubuntu/+source/lxml/4.5.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/lxml/4.2.1-1ubuntu0.3
https://launchpad.net/ubuntu/+source/lxml/3.5.0-1ubuntu0.3
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl/SyOcACgkQRbznW4QL
H2km3BAAsvOzqktXf9sJEzBfAnxdMbfVjvm0xVHCo4oEeu/1GPVFy/I2DVaLcFm0
95uYVc/uP9eC/l5sli9MjSOqZDwOa+Z1hsMC4BTIoWtfHaAm1SIUDAgV5wQiKb87
VMuGRRR1Tv2oi8NqHOz3L8iSADi8HzgwvIPlBIgwWK2YsEdR3nPfdwrTjvtcWXCm
oiBePfTlkPUlxVX2qH7O19Txm4sd2miAHqPBEmU/0Am76DhZWw9kEKUKaBy1QxMI
a69zJQAKmD8J2YaPmh+yFFF7QIRESfb6au4Bdk6L8H48smp64vwQpBvKypSedwQW
fBUuWPcAFv6f7pfZX917bbju2fBfNqeYK44Mc2ScLIkQy2s73rTRe5gq6ZUhyar0
x48Pptz25UEbmbIluNoWtMtFc22el4pauD9a0N0RZFw2/u6/lpLQOAgmqvNiF5Wv
oF5ukTUz9gh9+mZhc5StKoiUu/M4Z+QTkIWyl8XlI+pnAZco2MXnM6AY/eKL6LVr
meqr2Qy+O01Acq9KZl+u8zMuWsT3sC3dS9gm5WiP1ju8CzIz2IhR3ozqcg5oYHgx
/jgYrdHpjDTrcr5De3C6QMnSlkv4vOBW05oiA170hEXo8kpWxfOSpfo2k000MPEs
EIZ09iutpsh0jmKHj43QCUxTwRhbVoHU08pz/v4YsLATtagjw+U=
=/h/b
—–END PGP SIGNATURE—–

Vlatka Mišić
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa openssl

Otkriven je sigurnosni nedostatak u programskom paketu openssl za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close