Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 14 articles for you...
89

Fedora 44 python-jupytext Important Denial of Service 2026-301cbbe347

This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-301cbbe347 2026-05-17 01:26:47.130078+00:00 -------------------------------------------------------------------------------- Name : python-jupytext Product : Fedora 44 Version : 1.19.1 Release : 4.fc44 URL : https://jupytext.readthedocs.io/ Summary : Save Jupyter notebooks as text documents or scripts Description : Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter notebooks as - Markdown files (or MyST Markdown files, or R Markdown or Quarto text notebooks) - Scripts in many languages. Common use cases for Jupytext are: - Doing version control on Jupyter Notebooks - Editing, merging or refactoring notebooks in your favorite text editor - Applying Q&A checks on notebooks. -------------------------------------------------------------------------------- Update Information: This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once) CVE-2026-4800 (lodash) CVE-2026-6321 (fast-uri) CVE-2026-41240 (DOMPurify) This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime. -------------------------------------------------------------------------------- ChangeLog: * Thu May 7 2026 Jerry James - 1.19.1-4 - Update various npm components used in the build - Fix CVE-2025-69873: updateajv to 6.15.0/8.20.0 - Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2 - Fix CVE-2026-3449: update @tootallnate/once to 3.0.1 - Fix CVE-2026-4800: update lodash to 4.18.1 - Fix CVE-2026-6321: update fast-uri to 3.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444210 [ 2 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444288 [ 3 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454050 [ 4 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463432 [ 5 ] Bug #2466943 - CVE-2026-6321 python-jupytext: fast-uri: Path traversal vulnerability allows bypass of security policies [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2466943 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-301cbbe347' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for python-jupytext on Fedora, addressing multiple npm security issues including denial of service.. python-jupytext Fedora security npm DenialOfService update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 17, 2026 Important Fedora
89

Fedora 42 python-jupytext Security Update 2026-793b55138d CVE Enhancements

This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-793b55138d 2026-05-17 01:05:24.299184+00:00 -------------------------------------------------------------------------------- Name : python-jupytext Product : Fedora 42 Version : 1.19.1 Release : 4.fc42 URL : https://jupytext.readthedocs.io/ Summary : Save Jupyter notebooks as text documents or scripts Description : Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter notebooks as - Markdown files (or MyST Markdown files, or R Markdown or Quarto text notebooks) - Scripts in many languages. Common use cases for Jupytext are: - Doing version control on Jupyter Notebooks - Editing, merging or refactoring notebooks in your favorite text editor - Applying Q&A checks on notebooks. -------------------------------------------------------------------------------- Update Information: This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once) CVE-2026-4800 (lodash) CVE-2026-6321 (fast-uri) CVE-2026-41240 (DOMPurify) This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime. -------------------------------------------------------------------------------- ChangeLog: * Fri May 8 2026 Jerry James - 1.19.1-4 - Update various npm components used in the build - Fix CVE-2025-69873: updateajv to 6.15.0/8.20.0 - Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2 - Fix CVE-2026-3449: update @tootallnate/once to 3.0.1 - Fix CVE-2026-4800: update lodash to 4.18.1 - Fix CVE-2026-6321: update fast-uri to 3.1.2 * Fri May 8 2026 Jerry James - 1.19.1-3 - Permit building with any version of nodejs * Fri May 8 2026 Jerry James - 1.19.1-2 - Adapt to nodejs24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439389 - CVE-2025-69873 python-jupytext: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439389 [ 2 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444210 [ 3 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444288 [ 4 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454050 [ 5 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463432 [ 6 ] Bug #2466943 - CVE-2026-6321 python-jupytext: fast-uri: Path traversal vulnerability allows bypass of security policies [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2466943 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-793b55138d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Upgrade python-jupytext to enhance security against multiple CVEs in Fedora 42 with npm package updates.. python-jupytext Fedora 42 security npm packages threat. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 17, 2026 Important Fedora
217

Oracle Linux 8 ELSA-2024-2778 critical: Nodejs updates and fixes

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-2778 http://linux.oracle.com/errata/ELSA-2024-2778.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.12.2-2.module+el8.9.0+90318+7fb2e04b.x86_64.rpm nodejs-devel-20.12.2-2.module+el8.9.0+90318+7fb2e04b.x86_64.rpm nodejs-docs-20.12.2-2.module+el8.9.0+90318+7fb2e04b.noarch.rpm nodejs-full-i18n-20.12.2-2.module+el8.9.0+90318+7fb2e04b.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.9.0+90082+b6a613a6.noarch.rpm nodejs-packaging-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm npm-10.5.0-1.20.12.2.2.module+el8.9.0+90318+7fb2e04b.x86_64.rpm aarch64: nodejs-20.12.2-2.module+el8.9.0+90318+7fb2e04b.aarch64.rpm nodejs-devel-20.12.2-2.module+el8.9.0+90318+7fb2e04b.aarch64.rpm nodejs-docs-20.12.2-2.module+el8.9.0+90318+7fb2e04b.noarch.rpm nodejs-full-i18n-20.12.2-2.module+el8.9.0+90318+7fb2e04b.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.9.0+90082+b6a613a6.noarch.rpm nodejs-packaging-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm npm-10.5.0-1.20.12.2.2.module+el8.9.0+90318+7fb2e04b.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//nodejs-20.12.2-2.module+el8.9.0+90318+7fb2e04b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.9.0+90082+b6a613a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.9.0+90082+b6a613a6.src.rpm Related CVEs: CVE-2024-22025 CVE-2024-25629 CVE-2024-27982 CVE-2024-27983 CVE-2024-28182 Description of changes: nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629(c-ares) nodejs-nodemon nodejs-packaging _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle has announced critical updates for Oracle Linux 8, addressing numerous security vulnerabilities in nodejs; further information disclosed.. Oracle Linux Update, Nodejs Fixes, Important Nodejs Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 14, 2024 Critical Oracle
217

Oracle Linux 9 ELSA-2023-5532 Critical: Nodejs Security Advisory

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-5532 https://linux.oracle.com/errata/ELSA-2023-5532.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-16.20.2-1.el9_2.x86_64.rpm nodejs-docs-16.20.2-1.el9_2.noarch.rpm nodejs-full-i18n-16.20.2-1.el9_2.x86_64.rpm nodejs-libs-16.20.2-1.el9_2.i686.rpm nodejs-libs-16.20.2-1.el9_2.x86_64.rpm npm-8.19.4-1.16.20.2.1.el9_2.x86_64.rpm aarch64: nodejs-16.20.2-1.el9_2.aarch64.rpm nodejs-docs-16.20.2-1.el9_2.noarch.rpm nodejs-full-i18n-16.20.2-1.el9_2.aarch64.rpm nodejs-libs-16.20.2-1.el9_2.aarch64.rpm npm-8.19.4-1.16.20.2.1.el9_2.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-16.20.2-1.el9_2.src.rpm Related CVEs: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 Description of changes: [1:16.20.2-1] - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . The Oracle Linux advisory ELSA-2023-5532 offers essential updates aimed at addressing the latest security vulnerabilities associated with nodejs.. Oracle Linux Update, Nodejs Security Advisory, Npm Dependency Resolution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 11, 2023 Critical Oracle
217

Oracle Linux 9 ELSA-2022-6963 Critical: Node.js Security Threats

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-6963 https://linux.oracle.com/errata/ELSA-2022-6963.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-16.17.1-1.el9_0.x86_64.rpm nodejs-docs-16.17.1-1.el9_0.noarch.rpm nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm nodejs-libs-16.17.1-1.el9_0.i686.rpm nodejs-libs-16.17.1-1.el9_0.x86_64.rpm npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm aarch64: nodejs-16.17.1-1.el9_0.aarch64.rpm nodejs-docs-16.17.1-1.el9_0.noarch.rpm nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm nodejs-libs-16.17.1-1.el9_0.aarch64.rpm npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/nodejs-16.17.1-1.el9_0.src.rpm Related CVEs: CVE-2022-35255 CVE-2022-35256 Description of changes: [16.17.1-1] - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Notice ELSA-2022-6963 outlines important security enhancements and fixes for Node.js, ensuring system protection and reliability.. Oracle Linux Updates, Node.js Patches, Security Resolutions. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 18, 2022 Critical Oracle
203

Mageia: 2022-0294 Moderate: Nodejs Installation Issue Security Advisory

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in . MGASA-2022-0294 - Updated nodejs packages fix security vulnerability Publication date: 25 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0294.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-43616, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222 The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differsfrom package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. (CVE-2021-43616) DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212) HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (CVE-2022-32213) HTTP Request Smuggling - Improper Delimiting of Header Fields (CVE-2022-32214) HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215) Attempt to read openssl.cnf from /home/iojs/build/ upon startup (CVE-2022-32222) References: - https://bugs.mageia.org/show_bug.cgi?id=30078 - https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ - https://github.com/nodejs/node/releases/tag/v14.19.0 - https://github.com/nodejs/node/releases/tag/v14.19.1 - https://github.com/nodejs/node/releases/tag/v14.19.2 - https://github.com/nodejs/node/releases/tag/v14.19.3 - https://github.com/nodejs/node/releases/tag/v14.20.0 - https://www.cve.org/CVERecord?id=CVE-2021-43616 - https://www.cve.org/CVERecord?id=CVE-2022-32212 - https://www.cve.org/CVERecord?id=CVE-2022-32213 -https://www.cve.org/CVERecord?id=CVE-2022-32214 - https://www.cve.org/CVERecord?id=CVE-2022-32215 - https://www.cve.org/CVERecord?id=CVE-2022-32222 SRPMS: - 8/core/nodejs-14.20.0-1.1.mga8 . Mageia has announced security note MGASA-2022-0294, addressing various vulnerabilities in nodejs packages to enhance system security.. nodejs Security Updates, Mageia Nodejs Vulnerabilities, Npm Package Threats. . LinuxSecurity.com Team

Calendar%202 Aug 25, 2022 Mageia
98

Red Hat Enterprise Linux 8 RHSA-2022-4796-01 Important: Nodejs Update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nodejs:16 security update Advisory ID: RHSA-2022:4796-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4796 Issue date: 2022-05-30 CVE Names: CVE-2021-43616 ==================================================================== 1. Summary: An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * npm: npm ci succeeds when package-lock.json doesn't match package.json (CVE-2021-43616) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2050282 - CVE-2021-43616 npm: npm ci succeeds when package-lock.json doesn't match package.json 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.src.rpm nodejs-nodemon-2.0.15-1.module+el8.6.0+15294+54b291d2.src.rpm nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm aarch64: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.aarch64.rpm noarch: nodejs-docs-16.14.0-4.module+el8.6.0+15294+54b291d2.noarch.rpm nodejs-nodemon-2.0.15-1.module+el8.6.0+15294+54b291d2.noarch.rpm nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm ppc64le: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.ppc64le.rpm s390x: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.s390x.rpm x86_64: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.x86_64.rpm These packages are GPG signed by Red Hat forsecurity. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-43616 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpTR69zjgjWX9erEAQj9cRAAgQ425qbjyzyJ2iM0SJ7HeGAEuwfde27X sV3OUlmy/eTumRxthsl6BpnqatAeFsFQN6kIKVtptjeQhTRGYS42kGR3Izt9rniP 9vNRIJq9EoOncJIK8O+3OQDxdNnO/CakEo1XG2rLGOa4I2DQwyhsn/lQxM+vDAZv KMB+keNAtBrqzWABdyAmHJwnq5Iw0Z/PDOQYvq/nn4p9DGLeYLF9IlJdmzYjC/Jj c662UMKoq5+iyTyQMvFkXDO3oqGfpQhrMPSJ5VioMR86s6FFNE9LlLjf+h+a4xgr gAmWY7ktBzFN2ERfbNMJzyXYDrKAEEZPG5SDgL1egg/pqhioflKahnhRGRy0BpvC WwI3sWFiPp9X39VhpD3bDX/SsfK/mG+1dy7HZlYIoAH5EmXPBN7BUEGZd1Zp8T6z ScbVjdXnd50WvsHFlEjMjgNf7bt8m0pc8Vvb8mwVDVOdTpAUG/SVBKI/6Jp+uD5k KmO3rFjB9e/hZ1gwlqiM5y/EUzcDNVYdEAeRffgbCktZpsHPrL3cfj74JgeNGrsq YbfwcFzM6wNrMZnYsSFyLW8IEaf40m/mdQH+mxcN5LD81B0la77OfHipNjs/J90u L/RsvMtYnQ4AtxTaG9n+uGgpHKzPwnWKlRNLtjc9hkVko3S2O9BRQZwktN1YlzU1 78vx6BhnkIE=9JmC -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Stay secure with the latest Node.js 16 update for Red Hat Enterprise Linux 8, addressing critical vulnerabilities and enhancing package management safety. Red Hat Enterprise Linux,nodejs security update,npm security fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 30, 2022 Important Red Hat
100

openSUSE 15.4: 2022:1694-1 Moderate: NodeJS8 Authentication Issues

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1694-1 Rating: moderate References: #1194819 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1694=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1694=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-150200.10.22.1 nodejs8-debuginfo-8.17.0-150200.10.22.1 nodejs8-debugsource-8.17.0-150200.10.22.1 nodejs8-devel-8.17.0-150200.10.22.1 npm8-8.17.0-150200.10.22.1 - openSUSE Leap 15.4 (noarch): nodejs8-docs-8.17.0-150200.10.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-150200.10.22.1 nodejs8-debuginfo-8.17.0-150200.10.22.1 nodejs8-debugsource-8.17.0-150200.10.22.1 nodejs8-devel-8.17.0-150200.10.22.1 npm8-8.17.0-150200.10.22.1 - openSUSE Leap 15.3 (noarch): nodejs8-docs-8.17.0-150200.10.22.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 . New release for Node.js 8 has been issued addressing three known vulnerabilities, make sure your environment is secure and current.. nodejs8 security update, openSUSE patch, moderate threat, software update, authentication fix. . LinuxSecurity.com Team

Calendar%202 May 17, 2022 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200