Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: nokogiri
date: 2016-06-07
url: https://github.com/sparklemotion/nokogiri/issues/1473
cve: 2015-8806
title: Denial of service or RCE from libxml2 and libxslt
description: "Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt,\nwhich
  are libraries Nokogiri depends on. It was discovered that libxml2 and\nlibxslt incorrectly
  handled certain malformed documents, which can allow\nmalicious users to cause issues
  ranging from denial of service to remote code\nexecution attacks.\n\nFor more information,
  the Ubuntu Security Notice is a good start: \nhttp://www.ubuntu.com/usn/usn-2994-1/\n"
unaffected_versions:
- "< 1.6.0"
patched_versions:
- ">= 1.6.8"
related:
  cve: '["2016-1762", "2016-1833", "2016-1834", "2016-1835", "2016-1836", "2016-1837",
    "2016-1838", "2016-1839", "2016-1840", "2016-2073", "2016-3627", "2016-3705",
    "2016-4447", "2016-4449", "2016-4483"]'
  url: '["https://github.com/sparklemotion/nokogiri/issues/1473", "https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028",
    "https://mail.gnome.org/archives/xml/2016-May/msg00023.html", "http://www.ubuntu.com/usn/usn-2994-1/"]'