MGASA-2020-0372 - Updated nodejs packages fix security vulnerabilities

Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0372.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-9511,
     CVE-2019-9512,
     CVE-2019-9513,
     CVE-2019-9514,
     CVE-2019-9515,
     CVE-2019-9516,
     CVE-2019-9517,
     CVE-2019-9518,
     CVE-2019-15604,
     CVE-2019-15605,
     CVE-2019-15606,
     CVE-2019-16775,
     CVE-2019-16776,
     CVE-2019-16777,
     CVE-2020-8174,
     CVE-2020-8252

The nodejs package has been updated to the latest version in the 10.x branch,
which is 10.22.1 at this time.  It fixes several security issues and other
bugs.  See the upstream changelog and advisories for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=25314
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
- https://github.com/nodejs/node/blob/v10.x/doc/changelogs/CHANGELOG_V10.md
- https://github.com/nghttp2/nghttp2/releases/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252

SRPMS:
- 7/core/libuv-1.34.2-1.mga7
- 7/core/nodejs-10.22.1-9.mga7