[USN-4562-1] kramdown vulnerability
mike.salvatore at canonical.com
Wed Sep 30 22:02:04 UTC 2020
Ubuntu Security Notice USN-4562-1
September 30, 2020
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
kramdown could be made to crash, run programs, or leak sensitive information if
it opened a specially crafted file.
- ruby-kramdown: Fast, pure-Ruby Markdown-superset converter - ruby library
It was discovered that kramdown insecurely handled certain crafted input.
An attacker could use this vulnerability to read restricted files or
execute arbitrary code.
The problem can be corrected by updating your system to the following
Ubuntu 20.04 LTS:
In general, a standard system update will make all the necessary changes.
More information about the ubuntu-security-announce