Mageia 2020-0372: nodejs security update
Summary
The nodejs package has been updated to the latest version in the 10.x branch,
which is 10.22.1 at this time. It fixes several security issues and other
bugs. See the upstream changelog and advisories for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=25314
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
- - https://github.com/nghttp2/nghttp2/releases/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252
Resolution
MGASA-2020-0372 - Updated nodejs packages fix security vulnerabilities
SRPMS
- 7/core/libuv-1.34.2-1.mga7
- 7/core/nodejs-10.22.1-9.mga7