Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 8 MGASA-2023-0226 Medium: NodeJS Security Threats Resolved

mageia
Calendar Grey July 7, 2023
Dist Mageia Esm H88
Mageia 8 upgrade swaps out nodejs 14 for 18 LTS, fixing significant security flaws and boosting overall protection.
Current nodejs 14 branch in Mageia 8 is end of life and there are no more security updates

Summary

Current nodejs 14 branch in Mageia 8 is end of life and there are no more security updates.
This release allows to move to the new nodejs 18 LTS branch and fixes the following CVEs CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) OpenSSL Security Releases OpenSSL security advisory 28th March. OpenSSL security advisory 20th April. OpenSSL security advisory 30th May c-ares vulnerabilities: GHSA-9g78-jv2r-p7vc GHSA-8r8p-23f3-64c2 GHSA-54xr-f67r-4pc4 GHSA-x6mf-cxr9-8q6v

References

- https://bugs.mageia.org/show_bug.cgi?id=32047

- https://github.com/nodejs/node/releases/tag/v18.16.1

- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/

- https://www.cve.org/CVERecord?id=CVE-2023-30581

- https://www.cve.org/CVERecord?id=CVE-2023-30582

- https://www.cve.org/CVERecord?id=CVE-2023-30583

- https://www.cve.org/CVERecord?id=CVE-2023-30584

- https://www.cve.org/CVERecord?id=CVE-2023-30585

- https://www.cve.org/CVERecord?id=CVE-2023-30586

- https://www.cve.org/CVERecord?id=CVE-2023-30587

- https://www.cve.org/CVERecord?id=CVE-2023-30588

- https://www.cve.org/CVERecord?id=CVE-2023-30589

- https://www.cve.org/CVERecord?id=CVE-2023-30590

Resolution

SRPMS

- 8/core/nodejs-18.16.1-1.mga8

Severity
medium
Lowest
Low
Medium
High
Critical

Publication date: 07 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0226.html
Type: security
CVE: CVE-2023-30581, CVE-2023-30582, CVE-2023-30583, CVE-2023-30584, CVE-2023-30585, CVE-2023-30586, CVE-2023-30587, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here