Stay Secure with the Latest Linux Advisories

security advisoryfedorasoftware update

Fedora 39: FEDORA-2024-9e549c9d97 moderate: Node.js Security Vulnerability

2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-8d548b8c96 2024-04-20 01:02:39.396002 -------------------------------------------------------------------------------- Name : nodejs18 Product : Fedora 39 Version : 18.20.2 Release : 1.fc39 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.} -------------------------------------------------------------------------------- Update Information: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows Commits [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 10 2024 Stephen Gallagher - 1:18.20.2-1 - Update to 18.20.2 * Tue Apr 9 2024 Stephen Gallagher - 1:18.20.1-1 - Update to 18.20.1 * Thu Jan 25 2024 Fedora Release Engineering - 1:18.19.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 1:18.19.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8d548b8c96' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora 39 introduces Node.js 18.20.2 security updates focusing on mitigating command injection vulnerabilities, thereby improving operational security.. Node.js Security Advisory,Fedora Software Update,Command Injection Node.js,JavaScript Runtime Security. . LinuxSecurity.com Team

Apr 20, 2024 Fedora