An update for tidy is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1073 Final 1.0 1.0 2024-01-12 Initial 2024-01-12 2024-01-12 openEuler SA Tool V1.0 2024-01-12 tidy security update An update for tidy is now available for openEuler-22.03-LTS-SP3. When editing HTML it's easy to make mistakes. Wouldn't it be nice if there was a simple way to fix these mistakes automatically and tidy up sloppy editing into nicely laid out markup? Well now there is! Dave Raggett's HTML TIDY is a free utility for doing just that. It also works great on the atrociously hard to read markup generated by specialized HTML editors and conversion tools, and can help you identify where you need to pay further attention on making your pages more accessible to people with disabilities. Security Fix(es): An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.(CVE-2021-33391) An update for tidy is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical tidy https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1073 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33391 https://nvd.nist.gov/vuln/detail/CVE-2021-33391 openEuler-22.03-LTS-SP3 tidy-debuginfo-5.7.28-2.oe2203sp3.aarch64.rpm libtidy-5.7.28-2.oe2203sp3.aarch64.rpm tidy-debugsource-5.7.28-2.oe2203sp3.aarch64.rpm tidy-5.7.28-2.oe2203sp3.aarch64.rpm libtidy-devel-5.7.28-2.oe2203sp3.aarch64.rpm tidy-help-5.7.28-2.oe2203sp3.noarch.rpm tidy-5.7.28-2.oe2203sp3.src.rpm libtidy-5.7.28-2.oe2203sp3.x86_64.rpm tidy-5.7.28-2.oe2203sp3.x86_64.rpm tidy-debuginfo-5.7.28-2.oe2203sp3.x86_64.rpm libtidy-devel-5.7.28-2.oe2203sp3.x86_64.rpm tidy-debugsource-5.7.28-2.oe2203sp3.x86_64.rpm An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. 2024-01-12 CVE-2021-33391 openEuler-22.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H tidy security update 2024-01-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1073