Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 39: FEDORA-2024-9e549c9d97 moderate: Node.js Security Vulnerability

fedora
Calendar Grey April 20, 2024
Dist Fedora Esm H88
Fedora 39 introduces Node.js 18.20.2 security updates focusing on mitigating command injection vulnerabilities, thereby improving operational security.
2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows Commits [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

Topics%20covered

Topics Covered

security advisory fedora software update command injection security release nodejs runtime safety

Change Log

* Wed Apr 10 2024 Stephen Gallagher - 1:18.20.2-1 - Update to 18.20.2 * Tue Apr 9 2024 Stephen Gallagher - 1:18.20.1-1 - Update to 18.20.1 * Thu Jan 25 2024 Fedora Release Engineering - 1:18.19.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 1:18.19.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References

Fedora Update Notification FEDORA-2024-8d548b8c96 2024-04-20 01:02:39.396002 Name : nodejs18 Product : Fedora 39 Version : 18.20.2 Release : 1.fc39 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.}

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8d548b8c96' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: nodejs18
Product: Fedora 39
Version: 18.20.2
Release: 1.fc39
URL: https://nodejs.org/en/
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory fedora software update command injection security release nodejs runtime safety

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here