Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 10 articles for you...
219
security advisorysecurity updatemoderate severityRocky Linux 9 RLSA-2024:5815 Moderate Node.js Security Update
Moderate: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:5815", "synopsis": "Moderate: nodejs:20 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.nodejs-packaging, nodejs-nodemon, nodejs-packaging, module.nodejs-nodemon, nodejs, module.nodejs.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)\n\n* nodejs: fs.lstat bypasses permission model (CVE-2024-22018)\n\n* nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2296417", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2296417", "description": ""}, {"ticket": "2296990", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2296990", "description": ""}, {"ticket": "2299281", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2299281", "description": ""}], "cves": [{"name": "CVE-2024-22018", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-22018", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-22020", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-22020", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-36137", "sourceBy": "MITRE", "sourceLink":"https://www.cve.org/CVERecord?id=CVE-2024-36137", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-09-17T00:55:59.307259Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-1:20.16.0-1.module+el9.4.0+25495+f51dca35.aarch64.rpm", "nodejs-1:20.16.0-1.module+el9.4.0+25495+f51dca35.ppc64le.rpm", "nodejs-1:20.16.0-1.module+el9.4.0+25495+f51dca35.s390x.rpm", "nodejs-1:20.16.0-1.module+el9.4.0+25495+f51dca35.src.rpm", "nodejs-1:20.16.0-1.module+el9.4.0+25495+f51dca35.x86_64.rpm", "nodejs-debuginfo-1:20.16.0-1.module+el9.4.0+25495+f51dca35.aarch64.rpm", "nodejs-debuginfo-1:20.16.0-1.module+el9.4.0+25495+f51dca35.ppc64le.rpm", "nodejs-debuginfo-1:20.16.0-1.module+el9.4.0+25495+f51dca35.s390x.rpm", "nodejs-debuginfo-1:20.16.0-1.module+el9.4.0+25495+f51dca35.x86_64.rpm", "nodejs-debugsource-1:20.16.0-1.module+el9.4.0+25495+f51dca35.aarch64.rpm", "nodejs-debugsource-1:20.16.0-1.module+el9.4.0+25495+f51dca35.ppc64le.rpm", "nodejs-debugsource-1:20.16.0-1.module+el9.4.0+25495+f51dca35.s390x.rpm", "nodejs-debugsource-1:20.16.0-1.module+el9.4.0+25495+f51dca35.x86_64.rpm", "nodejs-devel-1:20.16.0-1.module+el9.4.0+25495+f51dca35.aarch64.rpm", "nodejs-devel-1:20.16.0-1.module+el9.4.0+25495+f51dca35.ppc64le.rpm", "nodejs-devel-1:20.16.0-1.module+el9.4.0+25495+f51dca35.s390x.rpm", "nodejs-devel-1:20.16.0-1.module+el9.4.0+25495+f51dca35.x86_64.rpm", "nodejs-docs-1:20.16.0-1.module+el9.4.0+25495+f51dca35.noarch.rpm", "nodejs-full-i18n-1:20.16.0-1.module+el9.4.0+25495+f51dca35.aarch64.rpm", "nodejs-full-i18n-1:20.16.0-1.module+el9.4.0+25495+f51dca35.ppc64le.rpm", "nodejs-full-i18n-1:20.16.0-1.module+el9.4.0+25495+f51dca35.s390x.rpm", "nodejs-full-i18n-1:20.16.0-1.module+el9.4.0+25495+f51dca35.x86_64.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.4.0+25495+f51dca35.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.4.0+25495+f51dca35.src.rpm", "nodejs-packaging-0:2021.06-4.module+el9.4.0+25495+f51dca35.noarch.rpm","nodejs-packaging-0:2021.06-4.module+el9.4.0+25495+f51dca35.src.rpm", "nodejs-packaging-bundler-0:2021.06-4.module+el9.4.0+25495+f51dca35.noarch.rpm", "npm-1:10.8.1-1.20.16.0.1.module+el9.4.0+25495+f51dca35.aarch64.rpm", "npm-1:10.8.1-1.20.16.0.1.module+el9.4.0+25495+f51dca35.ppc64le.rpm", "npm-1:10.8.1-1.20.16.0.1.module+el9.4.0+25495+f51dca35.s390x.rpm", "npm-1:10.8.1-1.20.16.0.1.module+el9.4.0+25495+f51dca35.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Recent updates for nodejs on Rocky Linux 9 have been released, focusing on critical security vulnerabilities as noted in the latest advisory.. Rocky Linux, Node.js, Security Updates, Threat Mitigation. . LinuxSecurity.com Team
Sep 17, 2024
Rocky Linux
89
security advisoryupdateFedoraFedora 39 Advisory: 2023-c981dcad74 Moderate: Netconsole Update
Update to 0.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-c981dcad74 2023-11-03 18:20:20.957547 -------------------------------------------------------------------------------- Name : netconsd Product : Fedora 39 Version : 0.4 Release : 1.fc39 URL : Summary : The Netconsole Daemon Description : This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop them: in order to make the daemon useful, the user must supply one or more "output modules". These modules are shared object files which expose a small ABI that is called by netconsd with the content and metadata for netconsole messages it receives. -------------------------------------------------------------------------------- Update Information: Update to 0.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 25 2023 Davide Cavalca - 0.4-1 - Update to 0.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c981dcad74' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
Fedora
98
security advisorybug fixsecurity fixRed Hat Enterprise Linux 9 RHSA-2023-5532-01 Important Nodejs Security Fix
An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: nodejs security and bug fix update Advisory ID: RHSA-2023:5532-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5532 Issue date: 2023-10-09 CVE Names: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 ===================================================================== 1. Summary: An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002) * nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006) * nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs: Rebase to the latest Nodejs 16 release [rhel-9](BZ#2236434) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2230948 - CVE-2023-32002 nodejs: Permissions policies can be bypassed via Module._load 2230955 - CVE-2023-32006 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() 2230956 - CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding 2236434 - nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.2.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: nodejs-16.20.2-1.el9_2.src.rpm aarch64: nodejs-16.20.2-1.el9_2.aarch64.rpm nodejs-debuginfo-16.20.2-1.el9_2.aarch64.rpm nodejs-debugsource-16.20.2-1.el9_2.aarch64.rpm nodejs-full-i18n-16.20.2-1.el9_2.aarch64.rpm nodejs-libs-16.20.2-1.el9_2.aarch64.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.aarch64.rpm npm-8.19.4-1.16.20.2.1.el9_2.aarch64.rpm noarch: nodejs-docs-16.20.2-1.el9_2.noarch.rpm ppc64le: nodejs-16.20.2-1.el9_2.ppc64le.rpm nodejs-debuginfo-16.20.2-1.el9_2.ppc64le.rpm nodejs-debugsource-16.20.2-1.el9_2.ppc64le.rpm nodejs-full-i18n-16.20.2-1.el9_2.ppc64le.rpm nodejs-libs-16.20.2-1.el9_2.ppc64le.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.ppc64le.rpm npm-8.19.4-1.16.20.2.1.el9_2.ppc64le.rpm s390x: nodejs-16.20.2-1.el9_2.s390x.rpm nodejs-debuginfo-16.20.2-1.el9_2.s390x.rpm nodejs-debugsource-16.20.2-1.el9_2.s390x.rpm nodejs-full-i18n-16.20.2-1.el9_2.s390x.rpm nodejs-libs-16.20.2-1.el9_2.s390x.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.s390x.rpm npm-8.19.4-1.16.20.2.1.el9_2.s390x.rpm x86_64: nodejs-16.20.2-1.el9_2.x86_64.rpm nodejs-debuginfo-16.20.2-1.el9_2.i686.rpm nodejs-debuginfo-16.20.2-1.el9_2.x86_64.rpm nodejs-debugsource-16.20.2-1.el9_2.i686.rpm nodejs-debugsource-16.20.2-1.el9_2.x86_64.rpm nodejs-full-i18n-16.20.2-1.el9_2.x86_64.rpm nodejs-libs-16.20.2-1.el9_2.i686.rpm nodejs-libs-16.20.2-1.el9_2.x86_64.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.i686.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.x86_64.rpm npm-8.19.4-1.16.20.2.1.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-32002 https://access.redhat.com/security/cve/CVE-2023-32006 https://access.redhat.com/security/cve/CVE-2023-32559 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlJBu/AAoJENzjgjWX9erEpbUP/0tmZb36A6M7ItCxnT56D7iN EKC0UURynvvvU2Qh/ZgSTnkkj1KfAUIc83QxKRyacPqeYlVx39iE82+IkrF8KMcq +6DDvb+fBgyelsOHiIx/s8J0OQvOjNK/tdqIP9i0SjrFDd6qlYijzA+FewQMKaSb XuYanaazxMsmGYmUNcyvlE4jP68fzqskHb9l2tC/CyPoEjH19co91lHH68aEgPRK j3cpTxme7dRFWsaPh77b99fXUSywfcNvFvhGiG3IhFlGf2eA/czkqYU4BnzaFhKK U7jJWHflgZnUAP4sQfQAoBYXrUa09hCGOTRxVTMxJ0ov3K6OSywnin2drWcQyIIt SNaDTWoQ1zkEJB6qwIi6C0eCXfUzrXv026oWCMc8epP0gSqQUYesq5f+dc2vlrfl 0gtNeuKqCEFB0MKUuD3dr9Jp1NJt/Wtd1CxIVLR109MuP10VJCD9nEkhzVbcHNp9 bJJ/qLKEioanHCekW70wdyTm7VcGvHDPlutJ+ZOUhUTV3HCzUUbw5u0IRtWa5XMf u4SZXDT6JUOlC5AcxLV7G8k021AWfp6WYorleZKaj7AC8QJfDcqiAxW1fxOEVDDt hxoC0EGJXRKGmXhNBq2XA3IUuMeEt51MHkjz9LDrITuuYBZ3+LQ/WwkwzbzWVIqs qiL8X92PSol0O/Aa3D/c =njn7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 09, 2023
•Important
Red Hat
98
security advisoryRed Hatremote accessRed Hat 8 RHSA-2023-2830 Moderate: tigervnc Remote Access Issues
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: tigervnc security and bug fix update Advisory ID: RHSA-2023:2830-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2830 Issue date: 2023-05-16 CVE Names: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 ==================================================================== 1. Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341) * xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342) * xorg-x11-server: ScreenSaverSetAttributesuse-after-free (CVE-2022-46343) * xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1437569 - x0vncserver incorrectly maps keysym from vncclient running german keyboard 2151755 - CVE-2022-46340 xorg-x11-server: XTestSwapFakeInput stack overflow 2151756 - CVE-2022-46341 xorg-x11-server: XIPassiveUngrab out-of-bounds access 2151757 - CVE-2022-46342 xorg-x11-server: XvdiSelectVideoNotify use-after-free 2151758 - CVE-2022-46343 xorg-x11-server: ScreenSaverSetAttributes use-after-free 2151760 - CVE-2022-46344 xorg-x11-server: XIChangeProperty out-of-bounds access 2151761 - CVE-2022-4283 xorg-x11-server: XkbGetKbdByName use-after-free 2164704 - selinux policy will not allow tigervnc-server to start 2169960 - Backport upstream fix for broken keyboard handling 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: tigervnc-1.12.0-15.el8_8.src.rpm aarch64: tigervnc-1.12.0-15.el8_8.aarch64.rpm tigervnc-debuginfo-1.12.0-15.el8_8.aarch64.rpm tigervnc-debugsource-1.12.0-15.el8_8.aarch64.rpm tigervnc-server-1.12.0-15.el8_8.aarch64.rpm tigervnc-server-debuginfo-1.12.0-15.el8_8.aarch64.rpm tigervnc-server-minimal-1.12.0-15.el8_8.aarch64.rpm tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.aarch64.rpm tigervnc-server-module-1.12.0-15.el8_8.aarch64.rpm tigervnc-server-module-debuginfo-1.12.0-15.el8_8.aarch64.rpm noarch: tigervnc-icons-1.12.0-15.el8_8.noarch.rpm tigervnc-license-1.12.0-15.el8_8.noarch.rpm tigervnc-selinux-1.12.0-15.el8_8.noarch.rpm ppc64le: tigervnc-1.12.0-15.el8_8.ppc64le.rpm tigervnc-debuginfo-1.12.0-15.el8_8.ppc64le.rpm tigervnc-debugsource-1.12.0-15.el8_8.ppc64le.rpm tigervnc-server-1.12.0-15.el8_8.ppc64le.rpm tigervnc-server-debuginfo-1.12.0-15.el8_8.ppc64le.rpm tigervnc-server-minimal-1.12.0-15.el8_8.ppc64le.rpm tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.ppc64le.rpm tigervnc-server-module-1.12.0-15.el8_8.ppc64le.rpm tigervnc-server-module-debuginfo-1.12.0-15.el8_8.ppc64le.rpm s390x: tigervnc-1.12.0-15.el8_8.s390x.rpm tigervnc-debuginfo-1.12.0-15.el8_8.s390x.rpm tigervnc-debugsource-1.12.0-15.el8_8.s390x.rpm tigervnc-server-1.12.0-15.el8_8.s390x.rpm tigervnc-server-debuginfo-1.12.0-15.el8_8.s390x.rpm tigervnc-server-minimal-1.12.0-15.el8_8.s390x.rpm tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.s390x.rpm tigervnc-server-module-1.12.0-15.el8_8.s390x.rpm tigervnc-server-module-debuginfo-1.12.0-15.el8_8.s390x.rpm x86_64: tigervnc-1.12.0-15.el8_8.x86_64.rpm tigervnc-debuginfo-1.12.0-15.el8_8.x86_64.rpm tigervnc-debugsource-1.12.0-15.el8_8.x86_64.rpm tigervnc-server-1.12.0-15.el8_8.x86_64.rpm tigervnc-server-debuginfo-1.12.0-15.el8_8.x86_64.rpm tigervnc-server-minimal-1.12.0-15.el8_8.x86_64.rpm tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.x86_64.rpm tigervnc-server-module-1.12.0-15.el8_8.x86_64.rpm tigervnc-server-module-debuginfo-1.12.0-15.el8_8.x86_64.rpm These packages are GPGsigned by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-4283 https://access.redhat.com/security/cve/CVE-2022-46340 https://access.redhat.com/security/cve/CVE-2022-46341 https://access.redhat.com/security/cve/CVE-2022-46342 https://access.redhat.com/security/cve/CVE-2022-46343 https://access.redhat.com/security/cve/CVE-2022-46344 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNwSdzjgjWX9erEAQhi3w//S3rl5aUsQtxuFcMNoV5MhCPei78m3vGJ KkkWBH0j3+u+/n2Y5bPzWUR6a1KIBl4K9Cph5fDasfcFuEGDAZb+/8FaAW3UAn2N sic8gBIbWz5AYG2lQLQYzpd7AFm6V5LUdKTWMJ0RbHIrGr1GzDHj6Y8oihiwnYQm Z6uPdP/cD2GHe1RDfo5Xonqjme4IYZOQojzEpAv3/dKyLMK0hu4OX7d/PPGu3cMM qpxwb+kbjxa7atyfFBjIsP/RZrtUhdK6HQnVDOv01WgDMNSbG1XSX5aA0rOKcORn spwqIFWC3fCor+NMDQBdkGciGlE5oVdwoSVD9oLYRB0g+ddVgyxnpGyYLTrS4lEx p6UUuZC799YvsKG9+PsH9DPyJ+jwliIGfeRs7CmBaa4RPanUvvUn8dmXY/TE4xWs XKwsempAvTXZuFMYvKXGJoYBhjwBRror2TH0+oWR8MyA0TT3M5zGbSfpTuQTJIOe w7OVLiv9uYMH8DVdUu21vwkG3TyTyCj9Aywv2Tqsx53OPQaN1B5wKxiGzDYnvLqI ZsenQFLqKQiGi+xmlk2SGd29Jjl0rgmh5ObHph8dOoyAp4HGpR/kORt3z/grjIsL 3p4wFXOYtZLuqGbKo9nifLwpnr3X1CtkcJ5MMhr3cCFCXgcs0qAUf87dCCgQz91o 6bQJ8caiSKg=ld2g -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
Red Hat
98
security advisoryRed HatimportantRed Hat Enterprise Linux 9 RHSA-2022:6963-01 Important Nodejs Security Fix
An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nodejs security update Advisory ID: RHSA-2022:6963-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6963 Issue date: 2022-10-17 CVE Names: CVE-2022-35255 CVE-2022-35256 ==================================================================== 1. Summary: An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.17.1). Security Fix(es): * nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: nodejs-16.17.1-1.el9_0.src.rpm aarch64: nodejs-16.17.1-1.el9_0.aarch64.rpm nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm nodejs-libs-16.17.1-1.el9_0.aarch64.rpm nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm noarch: nodejs-docs-16.17.1-1.el9_0.noarch.rpm ppc64le: nodejs-16.17.1-1.el9_0.ppc64le.rpm nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm s390x: nodejs-16.17.1-1.el9_0.s390x.rpm nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm nodejs-libs-16.17.1-1.el9_0.s390x.rpm nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm x86_64: nodejs-16.17.1-1.el9_0.x86_64.rpm nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm nodejs-debugsource-16.17.1-1.el9_0.i686.rpm nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm nodejs-libs-16.17.1-1.el9_0.i686.rpm nodejs-libs-16.17.1-1.el9_0.x86_64.rpm nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-35255 https://access.redhat.com/security/cve/CVE-2022-35256 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY06/ANzjgjWX9erEAQiS3A//a/7YiqLGAi6J4JWVe22EK4VbXRIDQaBy hbNEtORz+NaJVEGQwSqTpbz0Qt5aUVqsyGeHOOCqoRpuziVvNGmK8IPK1qFmXQLg /ZIjgBvWfTSEntUTNpCx3cuACievBJejrjd6xinweFe5LW/fbSEK8vgEG3xlSCCc SvgET9svaD717atxmIzQeunNX78M7EcWFt9S/95GbO0tQMmcBcp36b5JzRvEiYi3 YoMzNGYpQAYpGxIzhDLk068Lky44gxjAC7GM41XkNTEslYXD1x0wKN1j7xLnOQ+E rXpkNkCPHQemK8vtvXk1KYWsHfjblD1SZY4qXudQlNgZcxtegvcWPuRemLC819Ho oNLgWPfWB5bs0Zroka/GNX2gu+n+q10oQGexSS1xwZYXvZn0BJEIcz3wJjnpulaU 4TfHQzfsUvMxnpv4dL4Dwim4Xs/X8E8vRxUBgO6VoV15Ng9K8yrL8vjy0lSbYKhf 57wX7LRZLBngpXhGtR//25Eo8/WUmq05xoxxoZ0cT73idCR5DNQkl75aOJffbfnP xcBkdqFN7UtevgCUITh8ERT1SLwkzdFk0xdnD1bLPU1ZTqkF7dCde1AT8+Xj3U5G YJX9Mb/jKPDPl1WTWtCb7MDy0qynYLVglXpamyi0/8RSXaCPixgk8iBTkJtp3jiF z1Z4gpQsz18=LDBN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 18, 2022
•Important
Red Hat
89
security advisoryfedoracriticalCritical Update Advisory for Node.js 12.22.1 on Fedora 32 Released
https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-d934acdb42 2021-04-19 17:50:37.463405 --------------------------------------------------------------------------------Name : nodejs Product : Fedora 32 Version : 12.22.1 Release : 1.fc32 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. --------------------------------------------------------------------------------Update Information: https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/ --------------------------------------------------------------------------------ChangeLog: * Thu Apr 8 2021 Stephen Gallagher - 1:12.22.1-1 - Update to 12.22.1 * Tue Mar 9 2021 Zuzana Svetlikova
Apr 19, 2021
•Critical
Fedora
89
security advisorycriticalFedoraUbuntu: Critical Python Vulnerability and SQL Injection Threat Found
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-6aaba80ba2 2021-03-19 19:51:22.364492 --------------------------------------------------------------------------------Name : nodejs Product : Fedora 34 Version : 14.16.0 Release : 1.fc34 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. --------------------------------------------------------------------------------Update Information: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #1932016 - CVE-2021-22883 nodejs:10/nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932016 [ 2 ] Bug #1932018 - CVE-2021-22883 nodejs:14/nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932018 [ 3 ] Bug #1932019 - CVE-2021-22883 nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932019 [ 4 ] Bug #1932020 - CVE-2021-22883 nodejs:12/nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932020 [ 5 ] Bug #1932026 - CVE-2021-22884 nodejs:10/nodejs: DNS rebinding in --inspect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932026 [ 6 ] Bug #1932028 - CVE-2021-22884 nodejs:14/nodejs: DNS rebinding in --inspect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932028 [ 7 ] Bug #1932029 - CVE-2021-22884 nodejs: DNS rebinding in --inspect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932029 [ 8 ] Bug #1932030 - CVE-2021-22884 nodejs:12/nodejs: DNS rebinding in --inspect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1932030 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-6aaba80ba2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 19, 2021
•Critical
Fedora
89
security advisoryfedoraupdateFedora 33: 2020-cc19e88a1f Critical Synergy Security Fix for Remote Access
Upstream update to v1.12.0-stable Security fix for CVE-2020-15117. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-cc19e88a1f 2020-12-16 01:40:56.936967 --------------------------------------------------------------------------------Name : synergy Product : Fedora 33 Version : 1.12.0 Release : 1.fc33 URL : https://symless.com/synergy Summary : Share mouse and keyboard between multiple computers over the network Description : Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. --------------------------------------------------------------------------------Update Information: Upstream update to v1.12.0-stable Security fix for CVE-2020-15117 --------------------------------------------------------------------------------ChangeLog: * Mon Dec 7 2020 David Kaufmann - 1:1.12.0-1 - Upstream update to v1.12.0-stable * Tue Sep 22 2020 Jeff Law - 1:1.11.1-4 - Use cmake_in_source_build to fix FTBFS due to recent cmake macro changes * Sat Aug 1 2020 Fedora Release Engineering - 1:1.11.1-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering - 1:1.11.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-cc19e88a1f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 15, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!