Mageia: 2023-0264 High Severity Nodejs Security Threats Report
mageia
September 24, 2023
This is a security release
Summary
This is a security release. As well, it fixes v8 headers detection
(mga#28809)
The following CVEs are fixed in this release:
CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32006: Policies can be bypassed by
module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
OpenSSL Security Releases
OpenSSL security advisory 14th July.
OpenSSL security advisory 19th July.
OpenSSL security advisory 31st July
More detailed information on each of the vulnerabilities can be found in
August 2023 Security Releases blog post.
References
- https://bugs.mageia.org/show_bug.cgi?id=32176
- https://bugs.mageia.org/show_bug.cgi?id=28809
- https://github.com/nodejs/node/releases/tag/v18.17.1
- https://github.com/nodejs/node/releases/tag/v18.17.0
- https://www.cve.org/CVERecord?id=CVE-2023-32002
- https://www.cve.org/CVERecord?id=CVE-2023-32006
- https://www.cve.org/CVERecord?id=CVE-2023-32559
Topics Covered
Resolution
SRPMS
- 8/core/nodejs-18.17.1-1.mga8
- 9/core/nodejs-18.17.1-1.mga9
PREVIOUS
NEXT
Publication date: 24 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0264.html
Type: security
CVE: CVE-2023-32002,
CVE-2023-32006,
CVE-2023-32559
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!