Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3191 ruby-kaminari security update 23 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ruby-kaminari Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-11082 Reference: ESB-2020.2265 ESB-2020.1890 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2763 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2763-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany September 22, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby-kaminari Version : 0.17.0-3+deb9u1 CVE ID : CVE-2020-11082 Debian Bug : 961847 A security vulnerability has been found in Kaminari, a pagination engine plugin for Rails 3+ and other modern frameworks, that would allow an attacker to inject arbitrary code into pages with pagination links. For Debian 9 stretch, this problem has been fixed in version 0.17.0-3+deb9u1. We recommend that you upgrade your ruby-kaminari packages. For the detailed security status of ruby-kaminari please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-kaminari Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFLTjxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRN6RAAzoYbkPM4FhSt76v36uui0DaDg/23JxC05nGQgnj+4zJSoELvMAQDpFee M+WuLGEzO+wfDIiM5/5MMAG71AAYKQD6v1Bkpkx9eR6MAhO/ikAQE5pHP0tDrnVs UFKM+0S4IA+Z9MXViYpOvUbLxKoKWZ5WWMpKUkugc9jYUqW81t6HCfjoO9BGxboa 8m77YJCxwCXl0yaFQMd5vQtLC6JSbbRW+xzs6/8OmxV8TSfCvwcObfQ91OV5nWzz 9gp5yXb3mIefuqz1Y0QfQzZ/ZWubwc7NYkqg0jRbwe3g7pSK3iYrORiRi9L1sVs8 0JGBHKvLK9UQQYckiGJWkBvXGS7YICA1kghLGZhZ18ZdcizuUqp74FKsSllxP9Z7 zeeqpx9f1YEA0uJYU+U/O8IJbDNjjMdRGOL32mULnGmztN4itI5rYcppPMC24yhq u73UFL/s68NnN4hoZpT3maf4MkaeqFE3tkTWWKcPJxqwqfYf9/GiP55tgdL7Vyec oGhC8inxksVCAA+Ey+gYE2QDxS5N7u7epJNlJFU+OEgE6lDvEE+MXsZuY6/IXU1H zqxSeflr/Y96ZDaDRwCWiIp8zF7lLAMkXyE1eIfGH0EW/uKwfMIhv8jnFD2rvY2H gRAA6OXbcMOAjuFMqHUkSOl8KAqlpLTD/gam4eV3ZNjxeyACwnM= =7zAD - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUvdouNLKJtyKPYoAQit9g//X5HFV17vkhC6q4bDZYEqWWwCWCBAZGs1 AoG1m5vSPEjPt5BcJsBxH8idIvXmQ8GMWLeLPxPZbsqE/RtBW14kG0TOYGDLKVU4 f6jz+yjhwFDSj+7A8qc/lvlnMzJ6VU85EvKpNaXWrr7Ejlw7wEWV+n9qUBS1/t8E /tgZzhxvB6AwTffjGGDQEFAShRusEPNQb13ATZeFwVRtZDRjh+oPi1ZUlZoQVHzz 88Ktv18bu5m4yg9xuWEP8cIUEuaGMEPBiI94RwOgT/bP+ZJE9lmxEyRKLZFXaPP1 63VUp4QrpofHPVURHvXJBl9goEUjQMUvsye1qof/AMd6BxJ9z4nDoH37ytHJ2OtP K0VkLxN1Wz+wCekOAA2/GQdprbXVofnTAdVJAr6ubPRkEQE6ppY3wSK6oXsgj2TC /e1lMxoYd5pu0nknTi+47Y5sBhRqSOwBbGnsbvlWLyknPcOXmEkpiHCF0whvj5xW bYC+Y5l2tIoQ1MHmMZEOaZGQlEL0m65OZ/OBGdmzDh5BQOow4YukrfY472x9t/pP uVkGkNiy1k7dDlg++cddbv1U4DWiijx/fQhl4NOG5cxaGYxNvo287VMeDLJxr16c hLtgppiq1jWG3RH7y0GIs5PC9qb9Uo9AAeiAZiE8LS8vvmd0w7d7rLR5oatn18se LBKs0nv1xGE= =Qx7x -----END PGP SIGNATURE-----