MGASA-2023-0299

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0299.html

Import Source

https://advisories.mageia.org/MGASA-2023-0299.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0299

Related

Published

2023-10-22T21:04:51Z

Modified

2023-10-22T19:48:47Z

Summary

Updated nodejs packages fix security vulnerabilities

Details

This is a security release. The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High) CVE-2023-45143: undici Security Release (High) CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium) CVE-2023-39333: Code injection via WebAssembly export names (Low)

More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / nodejs

Package

Name: nodejs
Purl: pkg:rpm/mageia/nodejs?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.18.2-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / yarnpkg

Package

Name: yarnpkg
Purl: pkg:rpm/mageia/yarnpkg?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.19-14.mga9

Ecosystem specific

{
    "section": "core"
}