Mageia 2021-0092: nodejs security update
Summary
Two vulnerabilities were discovered in Node.js, which could result in
denial of service or DNS rebinding attacks.
Upgrade from Mageia 7 to 8 problem fixed.
References
- https://bugs.mageia.org/show_bug.cgi?id=28445
- https://bugs.mageia.org/show_bug.cgi?id=28481
- https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
- https://nodejs.org/en/blog/release/v10.24.0/
- https://nodejs.org/en/blog/release/v14.16.0/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884
Resolution
MGASA-2021-0092 - Updated nodejs packages fix security vulnerabilities
SRPMS
- 7/core/nodejs-10.24.0-10.mga7
- 8/core/nodejs-14.16.0-1.mga8