Malware Devil

Loading...

Monday, December 21, 2020

ESB-2020.4203.2 – UPDATE [Debian] lxml: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.4203.2
                           lxml security update
                             21 December 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           lxml
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
                   Reduced Security     -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-27783 CVE-2018-19787 

Reference:         ESB-2018.3831
                   ESB-2018.3829

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html
   https://www.debian.org/lts/security/2020/dla-2467-2

Comment: This bulletin contains two (2) Debian security advisories.

Revision History:  December 21 2020: DLA-2467-2 completes fix for CVE-2020-27783
                   November 27 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2467-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                  Roberto C. Sánchez
December 18, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lxml
Version        : 3.7.1-1+deb9u3
CVE ID         : CVE-2020-27783

The fix for CVE-2020-27783, released as DLA 2467-1, was incomplete as
the  component was still affected by the vulnerability.  This
update includes an additional patch that completes the fix.  Note that a
package with version 3.7.1-1+deb9u2 was uploaded, but before the
publication of the advisory a regression was discovered, which was
immediately corrected prior to publication of this advisory.

For Debian 9 stretch, this problem has been fixed in version
3.7.1-1+deb9u3.

We recommend that you upgrade your lxml packages.

For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2467-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
November 26, 2020                             https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : lxml
Version        : 3.7.1-1+deb9u1
CVE ID         : CVE-2018-19787 CVE-2020-27783


CVE-2018-19787

    It was discovered that there was a XSS injection vulnerability in
    the LXML HTML/XSS manipulation library for Python.

CVE-2020-27783

    javascript escaping through the  and

Read More

The post ESB-2020.4203.2 – UPDATE [Debian] lxml: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/12/21/esb-2020-4203-2-update-debian-lxml-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4203-2-update-debian-lxml-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...