What Are You Looking For?

Sign Up
MGASA-2023-0264 - Updated nodejs packages fix security vulnerability

Publication date: 24 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0264.html
Type: security
Affected Mageia releases: 8, 9
CVE: CVE-2023-32002,
     CVE-2023-32006,
     CVE-2023-32559

This is a security release. As well, it fixes v8 headers detection
(mga#28809)

The following CVEs are fixed in this release:
  CVE-2023-32002: Policies can be bypassed via Module._load (High)
  CVE-2023-32006: Policies can be bypassed by
    module.constructor.createRequire (Medium)
  CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
  OpenSSL Security Releases
      OpenSSL security advisory 14th July.
      OpenSSL security advisory 19th July.
      OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in
August 2023 Security Releases blog post.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32176
- https://bugs.mageia.org/show_bug.cgi?id=28809
- https://github.com/nodejs/node/releases/tag/v18.17.1
- https://github.com/nodejs/node/releases/tag/v18.17.0
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559

SRPMS:
- 8/core/nodejs-18.17.1-1.mga8
- 9/core/nodejs-18.17.1-1.mga9

Mageia 2023-0264: nodejs security update

This is a security release

Summary

This is a security release. As well, it fixes v8 headers detection (mga#28809)
The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module._load (High) CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium) CVE-2023-32559: Policies can be bypassed via process.binding (Medium) OpenSSL Security Releases OpenSSL security advisory 14th July. OpenSSL security advisory 19th July. OpenSSL security advisory 31st July
More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

References

- https://bugs.mageia.org/show_bug.cgi?id=32176

- https://bugs.mageia.org/show_bug.cgi?id=28809

- https://github.com/nodejs/node/releases/tag/v18.17.1

- https://github.com/nodejs/node/releases/tag/v18.17.0

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559

Resolution

MGASA-2023-0264 - Updated nodejs packages fix security vulnerability

SRPMS

- 8/core/nodejs-18.17.1-1.mga8

- 9/core/nodejs-18.17.1-1.mga9

Severity
Publication date: 24 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0264.html
Type: security
CVE: CVE-2023-32002, CVE-2023-32006, CVE-2023-32559

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo