Oracle Linux: CVE-2020-11022: ELSA-2020-4670: idm:DL1 and idm:client security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
Description
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.
Solution(s)
- oracle-linux-upgrade-apache-commons-collections
- oracle-linux-upgrade-apache-commons-lang
- oracle-linux-upgrade-apache-commons-net
- oracle-linux-upgrade-bea-stax-api
- oracle-linux-upgrade-bind-dyndb-ldap
- oracle-linux-upgrade-custodia
- oracle-linux-upgrade-glassfish-fastinfoset
- oracle-linux-upgrade-glassfish-jaxb-api
- oracle-linux-upgrade-glassfish-jaxb-core
- oracle-linux-upgrade-glassfish-jaxb-runtime
- oracle-linux-upgrade-glassfish-jaxb-txw2
- oracle-linux-upgrade-ipa-client
- oracle-linux-upgrade-ipa-client-common
- oracle-linux-upgrade-ipa-client-epn
- oracle-linux-upgrade-ipa-client-samba
- oracle-linux-upgrade-ipa-common
- oracle-linux-upgrade-ipa-healthcheck
- oracle-linux-upgrade-ipa-healthcheck-core
- oracle-linux-upgrade-ipa-python-compat
- oracle-linux-upgrade-ipa-selinux
- oracle-linux-upgrade-ipa-server
- oracle-linux-upgrade-ipa-server-common
- oracle-linux-upgrade-ipa-server-dns
- oracle-linux-upgrade-ipa-server-trust-ad
- oracle-linux-upgrade-jackson-annotations
- oracle-linux-upgrade-jackson-core
- oracle-linux-upgrade-jackson-databind
- oracle-linux-upgrade-jackson-jaxrs-json-provider
- oracle-linux-upgrade-jackson-jaxrs-providers
- oracle-linux-upgrade-jackson-module-jaxb-annotations
- oracle-linux-upgrade-jakarta-commons-httpclient
- oracle-linux-upgrade-javassist
- oracle-linux-upgrade-javassist-javadoc
- oracle-linux-upgrade-jquery-ui
- oracle-linux-upgrade-jss
- oracle-linux-upgrade-jss-javadoc
- oracle-linux-upgrade-ldapjdk
- oracle-linux-upgrade-ldapjdk-javadoc
- oracle-linux-upgrade-opendnssec
- oracle-linux-upgrade-pki-base
- oracle-linux-upgrade-pki-base-java
- oracle-linux-upgrade-pki-ca
- oracle-linux-upgrade-pki-kra
- oracle-linux-upgrade-pki-server
- oracle-linux-upgrade-pki-servlet-4-0-api
- oracle-linux-upgrade-pki-servlet-engine
- oracle-linux-upgrade-pki-symkey
- oracle-linux-upgrade-pki-tools
- oracle-linux-upgrade-python2-ipaclient
- oracle-linux-upgrade-python2-ipalib
- oracle-linux-upgrade-python2-ipaserver
- oracle-linux-upgrade-python3-custodia
- oracle-linux-upgrade-python3-ipaclient
- oracle-linux-upgrade-python3-ipalib
- oracle-linux-upgrade-python3-ipaserver
- oracle-linux-upgrade-python3-jwcrypto
- oracle-linux-upgrade-python3-kdcproxy
- oracle-linux-upgrade-python3-nss
- oracle-linux-upgrade-python3-pki
- oracle-linux-upgrade-python3-pyusb
- oracle-linux-upgrade-python3-qrcode
- oracle-linux-upgrade-python3-qrcode-core
- oracle-linux-upgrade-python3-yubico
- oracle-linux-upgrade-python-nss-doc
- oracle-linux-upgrade-relaxngdatatype
- oracle-linux-upgrade-resteasy
- oracle-linux-upgrade-slapi-nis
- oracle-linux-upgrade-slf4j
- oracle-linux-upgrade-slf4j-jdk14
- oracle-linux-upgrade-softhsm
- oracle-linux-upgrade-softhsm-devel
- oracle-linux-upgrade-stax-ex
- oracle-linux-upgrade-tomcatjss
- oracle-linux-upgrade-velocity
- oracle-linux-upgrade-xalan-j2
- oracle-linux-upgrade-xerces-j2
- oracle-linux-upgrade-xml-commons-apis
- oracle-linux-upgrade-xml-commons-resolver
- oracle-linux-upgrade-xmlstreambuffer
- oracle-linux-upgrade-xsom
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center