[FEDORA-2023-608a1417d3] Fedora 38: nodejs16
2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS This is a security
release. ### Notable Changes The following CVEs are fixed in this release: *
CVE-2023-30581:
mainModule.__proto__ Bypass Experimental Policy Mechanism (High) *
CVE-2023-30585:
Privilege escalation via Malicious Registry Key manipulation during Node.js
installer repair process (Medium) * CVE-2023-30588: Process interuption due to invalid Public
Key information in x509 certificates (Medium) *
CVE-2023-30589:
HTTP Request Smuggling via Empty headers separated by CR (Medium) *
CVE-2023-30590:
DiffieHellman does not generate keys after setting a private key (Medium) *
OpenSSL Security Releases * OpenSSL security advisory 28th
March. * OpenSSL security
advisory 20th April. *
OpenSSL security advisory 30th
May * c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc * GHSA-8r8p-23f3-
64c2
* GHSA-54xr-f67r-4pc4 * GHSA-x6mf-
cxr9-8q6v More detailed information on each of the vulnerabilities can be
found in June 2023 Security
Releases
blog post.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/nodejs16?distro=fedora-38
|
< 16.20.1.1.fc38 |
- ID
- FEDORA-2023-608a1417d3
- Severity
- high
- Severity from
- CVE-2023-30581
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-608a1417d3
- Published
-
2023-07-21T02:27:10
(14 months ago) - Modified
-
2023-07-21T02:27:10
(14 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
-
ALPINE:CVE-2023-30589
-
ALSA-2023:4330
-
ALSA-2023:4331
-
ALSA-2023:4536
-
ALSA-2023:4537
-
DSA-5589-1
-
ELSA-2023-4330
-
ELSA-2023-4331
-
ELSA-2023-4536
-
ELSA-2023-4537
-
FEDORA-2023-105880e618
-
FEDORA-2023-61e40652be
-
FEDORA-2023-6b866fbe84
-
FEDORA-2023-cdddce304a
-
FEDORA-2023-f75af676f2
-
GLSA-202405-29
-
NPM:GHSA-CGGH-PQ45-6H9X
-
RHSA-2023:4330
-
RHSA-2023:4331
-
RHSA-2023:4536
-
RHSA-2023:4537
-
SUSE-SU-2023:2655-1
-
SUSE-SU-2023:2662-1
-
SUSE-SU-2023:2663-1
-
SUSE-SU-2023:2669-1
-
SUSE-SU-2023:2861-1
-
SUSE-SU-2023:3306-1
-
SUSE-SU-2023:3408-1
-
SUSE-SU-2023:3455-1
-
USN-6735-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/nodejs16?distro=fedora-38 | fedora |
nodejs16
|
< 16.20.1.1.fc38 | fedora-38 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |