Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0257.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-48615, CVE-2026-48617, CVE-2026-48618, CVE-2026-48619, CVE-2026-48928, CVE-2026-48930, CVE-2026-48931, CVE-2026-48933, CVE-2026-48934, CVE-2026-48935, CVE-2026-48937 Description: lib,test: redact proxy credentials in tunnel errors. (CVE-2026-48615) permission: handle process.chdir on writereport. (CVE-2026-48617) tls: normalize hostname for server identity checks. (CVE-2026-48618) http2: cap originSet size to prevent unbounded memory growth. (CVE-2026-48619) tls: fix case-sensitive SNI context matching. (CVE-2026-48928) dns,net: reject hostnames with embedded NUL bytes. (CVE-2026-48930) http: fix response queue poisoning in http.Agent. (CVE-2026-48931) crypto: guard WebCrypto cipher output length. (CVE-2026-48933) tls: bind reusable sessions to authenticated host. (CVE-2026-48934) permission: disable FileHandle utimes with permission model. (CVE-2026-48935) deps: fix integration issues with the latest nghttp2. (CVE-2026-48937) References: - https://bugs.mageia.org/show_bug.cgi?id=35724 - https://nodejs.org/en/blog/release/v22.23.0 - https://nodejs.org/en/blog/vulnerability/june-2026-security-releases - https://www.cve.org/CVERecord?id=CVE-2026-48615 - https://www.cve.org/CVERecord?id=CVE-2026-48617 - https://www.cve.org/CVERecord?id=CVE-2026-48618 - https://www.cve.org/CVERecord?id=CVE-2026-48619 - https://www.cve.org/CVERecord?id=CVE-2026-48928 - https://www.cve.org/CVERecord?id=CVE-2026-48930 - https://www.cve.org/CVERecord?id=CVE-2026-48931 - https://www.cve.org/CVERecord?id=CVE-2026-48933 - https://www.cve.org/CVERecord?id=CVE-2026-48934 - https://www.cve.org/CVERecord?id=CVE-2026-48935 - https://www.cve.org/CVERecord?id=CVE-2026-48937 SRPMS: - 10/core/nodejs-22.23.1-2.mga10 - 9/core/nodejs-22.23.1-2.mga9 . Security vulnerabilities identified in Node.js for Mageia 10 and 9 requireimmediate attention. Patching instructions included.. nodejs security update,mageia vulnerability,critical security alert. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.