RubySecRUBY:NOKOGIRI-2017-5029

HistoryMay 08, 2017 - 9:00 p.m.

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29

2017-05-0821:00:00

RubySec

rubysec.com

nokogiri version 1.7.2 has been released.

This is a security update based on 1.7.1, addressing two upstream
libxslt 1.1.29 vulnerabilities classified as “Medium” by Canonical
and given a CVSS3 score of “6.5 Medium” and “8.8 High” by RedHat.

These patches only apply when using Nokogiri’s vendored libxslt
package. If you’re using your distro’s system libraries, there’s no
need to upgrade from 1.7.0.1 or 1.7.1 at this time.

Full details are available at the github issue linked to in the
changelog below.

1.7.2 / 2017-05-09

Security Notes

[MRI] Upstream libxslt patches are applied to the vendored libxslt
1.1.29 which address CVE-2017-5029 and CVE-2016-4738.

For more information:

https://github.com/sparklemotion/nokogiri/issues/1634
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html

CPENameOperatorVersion
nokogirilt1.7.2

CPE	Name	Operator	Version
	nokogiri	lt	1.7.2

References

github.com/sparklemotion/nokogiri/issues/1634

nessus 37

freebsd 2

gentoo 1

openvas 33

ubuntucve 2

debian 6

redhatcve 2

cve 2

debiancve 2

prion 2

osv 5

mageia 3

ibm 1

github 1

archlinux 2

alpinelinux 1

ubuntu 2

photon 2

apple 20

fedora 4

suse 2

redhat 1

chrome 1

tenable 1

nessus

GLSA-201804-01 : libxslt: Multiple vulnerabilities

2018-04-04 00:00:00

FreeBSD : GitLab -- multiple vulnerabilities (6a177c87-9933-11e7-93f7-d43d7e971a1b)

2017-09-15 00:00:00

SUSE SLES11 Security Update : libxslt (SUSE-SU-2017:1282-1)

2017-05-16 00:00:00

freebsd

GitLab -- multiple vulnerabilities

2017-09-07 00:00:00

chromium -- multiple vulnerabilities

2017-03-09 00:00:00

gentoo

libxslt: Multiple vulnerabilities

2018-04-04 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2017:1313-1)

2021-04-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2017:1282-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2021-1094)

2021-01-19 00:00:00

ubuntucve

CVE-2016-4738

2016-09-25 00:00:00

CVE-2017-5029

2017-03-10 00:00:00

debian

[SECURITY] [DSA 3709-1] libxslt security update

2016-11-08 21:41:31

[SECURITY] [DLA 700-1] libxslt security update

2016-11-05 13:34:15

[SECURITY] [DSA 3709-1] libxslt security update

2016-11-08 21:41:31

redhatcve

CVE-2016-4738

2016-10-26 08:17:25

CVE-2017-5029

2017-03-10 09:20:20

cve

CVE-2016-4738

2016-09-25 10:59:00

CVE-2017-5029

2017-04-24 23:59:00

debiancve

CVE-2016-4738

2016-09-25 10:59:00

CVE-2017-5029

2017-04-24 23:59:00

prion

Memory corruption

2016-09-25 10:59:00

Integer overflow

2017-04-24 23:59:00

osv

libxslt - security update

2016-11-05 00:00:00

libxslt - security update

2017-03-23 00:00:00

Nokogiri implementation of libxslt lacks integer overflow checks

2018-07-31 18:21:29

mageia

Updated libxslt packages fix security vulnerability

2016-11-22 01:18:01

Updated libxslt packages fix security vulnerability

2017-05-02 09:37:59

Updated chromium-browser-stable packages fix security vulnerability

2017-04-21 10:24:22

ibm

Security Bulletin: Vulnerabilities in libxslt affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

2023-04-14 14:32:25

github

Nokogiri implementation of libxslt lacks integer overflow checks

2018-07-31 18:21:29

archlinux

[ASA-201703-5] libxslt: arbitrary code execution

2017-03-12 00:00:00

[ASA-201703-4] chromium: multiple issues

2017-03-11 00:00:00

alpinelinux

CVE-2017-5029

2017-04-24 23:59:00

ubuntu

Libxslt vulnerabilities

2017-04-28 00:00:00

Oxide vulnerabilities

2017-03-29 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0018

2017-05-31 00:00:00

Important Photon OS Security Update - PHSA-2017-0044

2017-05-31 00:00:00

apple

About the security content of iCloud for Windows 6.2

2017-03-28 00:00:00

About the security content of iCloud for Windows 6.2 - Apple Support

2017-04-24 06:47:37

About the security content of watchOS 3 - Apple Support

2020-07-27 08:13:37

fedora

[SECURITY] Fedora 30 Update: mingw-libxslt-1.1.33-1.fc30

2019-06-18 18:15:35

[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.9.0-4.fc26

2017-07-06 22:53:47

[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.9.0-4.fc25

2017-07-12 03:27:41

suse

Security update for Chromium (important)

2017-03-18 00:09:23

Security update for Chromium (important)

2017-03-18 00:08:56

redhat

(RHSA-2017:0499) Important: chromium-browser security update

2017-03-14 06:03:42

chrome

Stable Channel Update for Desktop

2017-03-09 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for RUBY:NOKOGIRI-2017-5029