ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0200
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0200)
Resumen:	The remote host is missing an update for the 'ruby-nokogiri' package(s) announced via the MGASA-2022-0200 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby-nokogiri' package(s) announced via the MGASA-2022-0200 advisory. Vulnerability Insight: Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a 'String' by calling '#to_s' or equivalent. Affected Software/OS: 'ruby-nokogiri' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-29181 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m http://seclists.org/fulldisclosure/2022/Dec/23 https://security.gentoo.org/glsa/202208-29 https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6 https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.