Home / mailingsPDF  

[USN-8394-1] YARD vulnerability

Posted on 05 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8394-1
June 05, 2026

yard vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

YARD could be made to expose sensitive information over the network.

Software Description:
- yard: A documentation generation tool for the Ruby programming language

Details:

It was discovered that YARD incorrectly sanitized paths in its built-in
documentation server. An attacker could possibly use this issue to read arbitrary
files from the server host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
yard 0.9.38-1ubuntu0.1~esm1
Available with Ubuntu Pro
yard-doc 0.9.38-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
yard 0.9.36-1ubuntu0.1~esm1
Available with Ubuntu Pro
yard-doc 0.9.36-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
yard 0.9.26-1ubuntu0.1+esm1
Available with Ubuntu Pro
yard-doc 0.9.26-1ubuntu0.1+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
yard 0.9.24-1+deb11u1ubuntu0.1~esm1
Available with Ubuntu Pro
yard-doc 0.9.24-1+deb11u1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
yard 0.9.12-2ubuntu0.1~esm2
Available with Ubuntu Pro
yard-doc 0.9.12-2ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
yard 0.8.7.6+git20160220-3ubuntu0.1~esm2
Available with Ubuntu Pro
yard-doc 0.8.7.6+git20160220-3ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8394-1
CVE-2026-41493

--===============2430363268109278614==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :