MGASA-2026-0257

Source
https://advisories.mageia.org/MGASA-2026-0257.html
Import Source
https://advisories.mageia.org/MGASA-2026-0257.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0257
Upstream
  • CVE-2026-48617
  • CVE-2026-48937
Published
2026-07-18T05:48:16Z
Modified
2026-07-18T06:00:05.267571972Z
Summary
Updated nodejs packages fix security vulnerabilities
Details

lib,test: redact proxy credentials in tunnel errors. (CVE-2026-48615) permission: handle process.chdir on writereport. (CVE-2026-48617) tls: normalize hostname for server identity checks. (CVE-2026-48618) http2: cap originSet size to prevent unbounded memory growth. (CVE-2026-48619) tls: fix case-sensitive SNI context matching. (CVE-2026-48928) dns,net: reject hostnames with embedded NUL bytes. (CVE-2026-48930) http: fix response queue poisoning in http.Agent. (CVE-2026-48931) crypto: guard WebCrypto cipher output length. (CVE-2026-48933) tls: bind reusable sessions to authenticated host. (CVE-2026-48934) permission: disable FileHandle utimes with permission model. (CVE-2026-48935) deps: fix integration issues with the latest nghttp2. (CVE-2026-48937)

References
Credits

Affected packages

Mageia:10 / nodejs

Package

Name
nodejs
Purl
pkg:rpm/mageia/nodejs?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.23.1-2.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0257.json"

Mageia:9 / nodejs

Package

Name
nodejs
Purl
pkg:rpm/mageia/nodejs?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.23.1-2.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0257.json"