Mageia 9: MGASA-2024-0282 High Severity Nodejs And Yarnpkg Issues
mageia
August 28, 2024
Nodejs 22 is the new active LTS branch and 5 CVE are fixed
Summary
Nodejs 22 is the new active LTS branch and 5 CVE are fixed.
CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
CVE-2024-22018 - fs.lstat bypasses permission model (Low)
CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
yarn package is updated with npm 10.8.2
References
- https://bugs.mageia.org/show_bug.cgi?id=33415
- https://github.com/nodejs/node/releases/tag/v22.6.0
- https://github.com/nodejs/node/releases/tag/v22.5.1
- https://github.com/nodejs/node/releases/tag/v22.5.0
- https://github.com/nodejs/node/releases/tag/v22.4.1
- https://github.com/nodejs/node/releases/tag/v22.3.0
- https://github.com/nodejs/node/releases/tag/v22.2.0
- https://github.com/nodejs/node/releases/tag/v22.1.0
- https://github.com/nodejs/node/releases/tag/v22.0.0
- https://github.com/yarnpkg/yarn/releases/tag/v1.22.22
- https://www.cve.org/CVERecord?id=CVE-2024-22020
- https://www.cve.org/CVERecord?id=CVE-2024-36137
- https://www.cve.org/CVERecord?id=CVE-2024-36138
- https://www.cve.org/CVERecord?id=CVE-2024-22018
- https://www.cve.org/CVERecord?id=CVE-2024-37372
Topics Covered
Resolution
SRPMS
- 9/core/nodejs-22.6.0-1.mga9
- 9/core/yarnpkg-1.22.22-0.10.8.2.1.mga9
PREVIOUS
NEXT
Publication date: 28 Aug 2024
URL: https://advisories.mageia.org/MGASA-2024-0282.html
Type: security
CVE: CVE-2024-22020,
CVE-2024-36137,
CVE-2024-36138,
CVE-2024-22018,
CVE-2024-37372
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!