Headline
Ubuntu Security Notice USN-6424-1
Ubuntu Security Notice 6424-1 - It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6424-1October 10, 2023ruby-kramdown vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:kramdown could be made to execute arbitrary code if it received speciallycrafted input.Software Description:- ruby-kramdown: Fast, pure-Ruby Markdown-superset converter - ruby libraryDetails:It was discovered that kramdown did not restrict Rouge formatters to thecorrect namespace. An attacker could use this issue to cause kramdown toexecute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS: ruby-kramdown 1.17.0-4ubuntu0.2In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6424-1 CVE-2021-28834Package Information: https://launchpad.net/ubuntu/+source/ruby-kramdown/1.17.0-4ubuntu0.2