Mageia 9 MGASA-2024-0046 High: Code Injection and DoS Risks
mageia
February 22, 2024
This is a security release
Summary
This is a security release. The following CVEs are fixed in this
release:
CVE-2024-21892 - Code injection and privilege escalation through Linux
capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded
chunk extension allows DoS attacks- (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing
variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) -
(Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch()
brotli decoding - (Medium)
More detailed information on each of the vulnerabilities can be found in
february 2024 Security Releases blog post.
References
- https://bugs.mageia.org/show_bug.cgi?id=32861
- https://github.com/nodejs/node/releases/tag/v18.19.1
- https://github.com/nodejs/node/releases/tag/v18.19.0
- https://github.com/yarnpkg/yarn/releases/tag/v1.22.21
- https://github.com/yarnpkg/yarn/releases/tag/v1.22.20
- https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
- https://www.cve.org/CVERecord?id=CVE-2024-21892
- https://www.cve.org/CVERecord?id=CVE-2024-22019
- https://www.cve.org/CVERecord?id=CVE-2023-46809
- https://www.cve.org/CVERecord?id=CVE-2024-22025
Topics Covered
Resolution
SRPMS
- 9/core/nodejs-18.19.1-1.mga9
- 9/core/yarnpkg-1.22.21-0.10.2.4.1.mga9
PREVIOUS
NEXT
Publication date: 22 Feb 2024
URL: https://advisories.mageia.org/MGASA-2024-0046.html
Type: security
CVE: CVE-2024-21892,
CVE-2024-22019,
CVE-2023-46809,
CVE-2024-22025
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!