Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 38: FEDORA-2023-4d2fd884ea High: Nodejs 20.8.1 Security Fix

fedora
Calendar Grey October 26, 2023
Dist Fedora Esm H88
Critical update for nodejs20 addressing several serious vulnerabilities on Fedora 38. Upgrade immediately to bolster security!
## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-44487](-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](- bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) * [CVE-2023-39332](-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High) * [CVE-2023-39331](-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High) * [CVE-2023-38552](-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium) * [CVE-2023-39333](-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](- releases/) blog post.

Topics%20covered

Topics Covered

security advisory high severity Fedora code injection nodejs nghttp2 undici

Change Log

* Mon Oct 16 2023 Stephen Gallagher - 1:20.8.1-1 - Update to 20.8.1

References

Fedora Update Notification FEDORA-2023-4d2fd884ea 2023-10-26 01:50:50.421746 Name : nodejs20 Product : Fedora 38 Version : 20.8.1 Release : 1.fc38 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.}

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4d2fd884ea' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: nodejs20
Product: Fedora 38
Version: 20.8.1
Release: 1.fc38
URL: https://nodejs.org/en/
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory high severity Fedora code injection nodejs nghttp2 undici

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here