Advisories » MGASA-2018-0182

Updated jupyter-notebook packages fix security vulnerability

Publication date: 26 Mar 2018
Modification date: 26 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-8768

Description

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged
notebook file can bypass sanitization to execute JavaScript in the
notebook context. Specifically, invalid HTML is 'fixed' by jQuery after
sanitization, making it dangerous.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22780
• http://openwall.com/lists/oss-security/2018/03/15/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768

SRPMS

6/core

• jupyter-notebook-4.2.0-1.1.mga6