Lucene search

K
mageiaGentoo FoundationMGASA-2023-0264
HistorySep 25, 2023 - 1:16 a.m.

Updated nodejs packages fix security vulnerability

2023-09-2501:16:18
Gentoo Foundation
advisories.mageia.org
25
nodejs
security
vulnerability
fix
openssl
advisory
bypass
policies
detection
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

This is a security release. As well, it fixes v8 headers detection (mga#28809) The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module._load (High) CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium) CVE-2023-32559: Policies can be bypassed via process.binding (Medium) OpenSSL Security Releases OpenSSL security advisory 14th July. OpenSSL security advisory 19th July. OpenSSL security advisory 31st July More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchnodejs<ย 18.17.1-1nodejs-18.17.1-1.mga8
Mageia9noarchnodejs<ย 18.17.1-1nodejs-18.17.1-1.mga9
Mageia9noarchyarnpkg<ย 1.22.19-13yarnpkg-1.22.19-13.mga9

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%