What Are You Looking For?

Sign Up
MGASA-2023-0299 - Updated nodejs packages fix security vulnerabilities

Publication date: 22 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0299.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2023-44487,
     CVE-2023-45143,
     CVE-2023-38552,
     CVE-2023-39333

This is a security release. The following CVEs are fixed in this
release:

CVE-2023-44487: nghttp2 Security Release (High)
CVE-2023-45143: undici Security Release (High)
CVE-2023-38552: Integrity checks according to policies can be
circumvented (Medium)
CVE-2023-39333: Code injection via WebAssembly export names (Low)

More detailed information on each of the vulnerabilities can be found in
October 2023 Security Releases blog post.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32403
- https://github.com/nodejs/node/releases/tag/v18.18.2
- https://github.com/nodejs/node/releases/tag/v18.18.1
- https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333

SRPMS:
- 9/core/nodejs-18.18.2-1.mga9
- 9/core/yarnpkg-1.22.19-14.mga9

Mageia 2023-0299: nodejs security update

This is a security release

Summary

This is a security release. The following CVEs are fixed in this release:
CVE-2023-44487: nghttp2 Security Release (High) CVE-2023-45143: undici Security Release (High) CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium) CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.

References

- https://bugs.mageia.org/show_bug.cgi?id=32403

- https://github.com/nodejs/node/releases/tag/v18.18.2

- https://github.com/nodejs/node/releases/tag/v18.18.1

- https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333

Resolution

MGASA-2023-0299 - Updated nodejs packages fix security vulnerabilities

SRPMS

- 9/core/nodejs-18.18.2-1.mga9

- 9/core/yarnpkg-1.22.19-14.mga9

Severity
Publication date: 22 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0299.html
Type: security
CVE: CVE-2023-44487, CVE-2023-45143, CVE-2023-38552, CVE-2023-39333

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo