1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • kramdown vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, September 30, 2020 20:10:04
    ruby-kramdown vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS

    Summary

    kramdown could be made to crash, run programs, or leak sensitive
    information if it opened a specially crafted file.

    Software Description

    * ruby-kramdown - Fast, pure-Ruby Markdown-superset converter -
    ruby library

    Details

    It was discovered that kramdown insecurely handled certain crafted
    input. An attacker could use this vulnerability to read restricted
    files or execute arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    kramdown - 1.17.0-4ubuntu0.1
    ruby-kramdown - 1.17.0-4ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-14001

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)