Test ID:	1.3.6.1.4.1.25623.1.0.893230
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-3230-1)
Summary:	The remote host is missing an update for the Debian 'jqueryui' package(s) announced via the DLA-3230-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'jqueryui' package(s) announced via the DLA-3230-1 advisory. Vulnerability Insight: jQuery-UI, the official jQuery user interface library, is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery were reported to have the following vulnerabilities. CVE-2021-41182 jQuery-UI was accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. This has been fixed and now any string value passed to the `altField` option is now treated as a CSS selector. CVE-2021-41183 jQuery-UI was accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. This has been fixed and now the values passed to various `*Text` options are now always treated as pure text, not HTML. CVE-2021-41184 jQuery-UI was accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. This has been fixed and now any string value passed to the `of` option is now treated as a CSS selector. CVE-2022-31160 jQuery-UI was potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( refresh )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. For Debian 10 buster, these problems have been fixed in version 1.12.1+dfsg-5+deb10u1. We recommend that you upgrade your jqueryui packages. For the detailed security status of jqueryui please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'jqueryui' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41182 FEDORA-2021-013ab302be https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ FEDORA-2021-51c256bf87 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ FEDORA-2021-ab38307fc3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ FEDORA-2022-9d655503ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ FEDORA-2022-bf18450366 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ [debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63 https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc https://security.netapp.com/advisory/ntap-20211118-0004/ https://www.drupal.org/sa-contrib-2022-004 https://www.drupal.org/sa-core-2022-002 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.tenable.com/security/tns-2022-09 https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2021-41183 https://bugs.jqueryui.com/ticket/15284 https://github.com/jquery/jquery-ui/pull/1953 https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 https://www.drupal.org/sa-core-2022-001 Common Vulnerability Exposure (CVE) ID: CVE-2021-41184 https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 Common Vulnerability Exposure (CVE) ID: CVE-2022-31160 https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XBR3G3JR5ZIOJDO4224M3INXDS2VFDD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB2FJQXCNHO32VGVOC6DY6IPGVE4VDU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5LGNTICB5BRFAG3DHVVELS6H3CZSQMO/ https://www.drupal.org/sa-contrib-2022-052 https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.