MGASA-2023-0226

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0226.html

Import Source

https://advisories.mageia.org/MGASA-2023-0226.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0226

Related

CVE-2023-30581
CVE-2023-30582
CVE-2023-30583
CVE-2023-30584
CVE-2023-30585
CVE-2023-30586
CVE-2023-30587
CVE-2023-30588
CVE-2023-30589
CVE-2023-30590

Published

2023-07-07T05:54:45Z

Modified

2023-07-07T04:41:51Z

Summary

Updated nodejs packages fix security vulnerability

Details

Current nodejs 14 branch in Mageia 8 is end of life and there are no more security updates.

This release allows to move to the new nodejs 18 LTS branch and fixes the following CVEs CVE-2023-30581: mainModule.proto Bypass Experimental Policy Mechanism (High) CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) OpenSSL Security Releases OpenSSL security advisory 28th March. OpenSSL security advisory 20th April. OpenSSL security advisory 30th May c-ares vulnerabilities: GHSA-9g78-jv2r-p7vc GHSA-8r8p-23f3-64c2 GHSA-54xr-f67r-4pc4 GHSA-x6mf-cxr9-8q6v

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / nodejs

Package

Name: nodejs
Purl: pkg:rpm/mageia/nodejs?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.16.1-1.mga8

Ecosystem specific

{
    "section": "core"
}