Amazon Linux 2022 Security Advisory: ALAS-2022-062
Advisory Release Date: 2022-05-04 21:07 Pacific
Advisory Updated Date: 2022-05-06 16:19 Pacific
Severity:
Important
Issue Overview:
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. (CVE-2022-24836)
Affected Packages:
rubygem-nokogiri
Issue Correction:
Run dnf update --releasever=2022.0.20220504 rubygem-nokogiri to update your system.
New Packages:
aarch64:
rubygem-nokogiri-debugsource-1.11.7-2.amzn2022.aarch64
rubygem-nokogiri-debuginfo-1.11.7-2.amzn2022.aarch64
rubygem-nokogiri-1.11.7-2.amzn2022.aarch64
rubygem-nokogiri-doc-1.11.7-2.amzn2022.aarch64
src:
rubygem-nokogiri-1.11.7-2.amzn2022.src
x86_64:
rubygem-nokogiri-debugsource-1.11.7-2.amzn2022.x86_64
rubygem-nokogiri-debuginfo-1.11.7-2.amzn2022.x86_64
rubygem-nokogiri-1.11.7-2.amzn2022.x86_64
rubygem-nokogiri-doc-1.11.7-2.amzn2022.x86_64