Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 37: FEDORA-2023-f66fc0f62a High: Nodejs20 Path Traversal Issues

fedora
Calendar Grey October 26, 2023
Dist Fedora Esm H88
This patch addresses significant security flaws in nodejs20 for Fedora 37, implementing essential remedies for multiple CVEs.
## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-44487](-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](- bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) * [CVE-2023-39332](-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High) * [CVE-2023-39331](-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High) * [CVE-2023-38552](-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) * [CVE-2023-39333](-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](- releases/) blog post.

Change Log

* Mon Oct 16 2023 Stephen Gallagher - 1:20.8.1-1 - Update to 20.8.1

References

Fedora Update Notification FEDORA-2023-f66fc0f62a 2023-10-26 01:34:25.902772 Name : nodejs20 Product : Fedora 37 Version : 20.8.1 Release : 1.fc37 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.}

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f66fc0f62a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: nodejs20
Product: Fedora 37
Version: 20.8.1
Release: 1.fc37
Summary: JavaScript runtime

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here