What Are You Looking For?

Sign Up
MGASA-2020-0232 - Updated dojo packages fix security vulnerability

Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0232.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-5258,
     CVE-2020-5259

Advisory text to describe the update.
Wrap lines at ~75 chars.
Updated dojo package fixes security vulnerabilities:

In affected versions of dojo, the deepCopy method is vulnerable to
prototype Pollution. An attacker could manipulate these attributes
to overwrite, or pollute, a JavaScript application object prototype
of the base object by injecting other values (CVE-2020-5258).

The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype
Pollution. An attacker could manipulate these attributes to overwrite, or
pollute, a JavaScript application object prototype of the base object by
injecting other values (CVE-2020-5259).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26335
- https://www.debian.org/lts/security/2020/dla-2139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5258
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5259

SRPMS:
- 7/core/dojo-1.14.6-1.mga7

Mageia 2020-0232: dojo security update

Advisory text to describe the update

Summary

Advisory text to describe the update. Wrap lines at ~75 chars. Updated dojo package fixes security vulnerabilities:
In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values (CVE-2020-5258).
The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values (CVE-2020-5259).

References

- https://bugs.mageia.org/show_bug.cgi?id=26335

- https://www.debian.org/lts/security/2020/dla-2139

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5258

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5259

Resolution

MGASA-2020-0232 - Updated dojo packages fix security vulnerability

SRPMS

- 7/core/dojo-1.14.6-1.mga7

Severity
Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0232.html
Type: security
CVE: CVE-2020-5258, CVE-2020-5259

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo