Sign In

Forgot your password?

Not a Member Yet?

Become a full participant in the LinuxSecurity.com community of open source security experts - not just an onlooker.

Contribute

MGASA-2021-0092 - Updated nodejs packages fix security vulnerabilities

Publication date: 28 Feb 2021
URL: https://advisories.mageia.org/MGASA-2021-0092.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-22883,
     CVE-2021-22884

Two vulnerabilities were discovered in Node.js, which could result in
denial of service or DNS rebinding attacks.
Upgrade from Mageia 7 to 8 problem fixed.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28445
- https://bugs.mageia.org/show_bug.cgi?id=28481
- https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
- https://nodejs.org/en/blog/release/v10.24.0/
- https://nodejs.org/en/blog/release/v14.16.0/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884

SRPMS:
- 7/core/nodejs-10.24.0-10.mga7
- 8/core/nodejs-14.16.0-1.mga8

Mageia 2021-0092: nodejs security update

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks

Summary

CVE: CVE-2021-22883, CVE-2021-22884 Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. Upgrade from Mageia 7 to 8 problem fixed.