Ubuntu Security Notice 6748-1 - It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack. This issue only affected Ubuntu 22.04 LTS. It was discovered that Sanitize incorrectly handled style elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack.
ab6dc1159009d7c16992352e21fe2f624a1b8ad711051c13905b37a5aa4d784e
==========================================================================
Ubuntu Security Notice USN-6748-1
April 24, 2024
ruby-sanitize vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Sanitize.
Software Description:
- ruby-sanitize: Allowlist-based HTML and CSS sanitizer
Details:
It was discovered that Sanitize incorrectly handled noscript elements
under certain circumstances. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-23627)
It was discovered that Sanitize incorrectly handled style elements under
certain circumstances. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. (CVE-2023-36823)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
ruby-sanitize 6.0.0-1.1ubuntu0.23.10.1
Ubuntu 22.04 LTS:
ruby-sanitize 6.0.0-1ubuntu0.1
Ubuntu 20.04 LTS:
ruby-sanitize 4.6.6-2.1~0.20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6748-1
CVE-2023-23627, CVE-2023-36823
Package Information:
https://launchpad.net/ubuntu/+source/ruby-sanitize/6.0.0-1.1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/ruby-sanitize/6.0.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-sanitize/4.6.6-2.1~0.20.04.2