[FEDORA-2023-608a1417d3] Fedora 38: nodejs16
2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS This is a security
release. ### Notable Changes The following CVEs are fixed in this release: *
CVE-2023-30581:
mainModule.__proto__
Bypass Experimental Policy Mechanism (High) *
CVE-2023-30585:
Privilege escalation via Malicious Registry Key manipulation during Node.js
installer repair process (Medium) * CVE-2023-30588: Process interuption due to invalid Public
Key information in x509 certificates (Medium) *
CVE-2023-30589:
HTTP Request Smuggling via Empty headers separated by CR (Medium) *
CVE-2023-30590:
DiffieHellman does not generate keys after setting a private key (Medium) *
OpenSSL Security Releases * OpenSSL security advisory 28th
March. * OpenSSL security
advisory 20th April. *
OpenSSL security advisory 30th
May * c-ares vulnerabilities:
* GHSA-9g78-jv2r-p7vc * GHSA-8r8p-23f3-
64c2
* GHSA-54xr-f67r-4pc4 * GHSA-x6mf-
cxr9-8q6v More detailed information on each of the vulnerabilities can be
found in June 2023 Security
Releases
blog post.
Package | Affected Version |
---|---|
pkg:rpm/fedora/nodejs16?distro=fedora-38 | < 16.20.1.1.fc38 |
- ID
- FEDORA-2023-608a1417d3
- Severity
- high
- Severity from
- CVE-2023-30581
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-608a1417d3
- Published
-
2023-07-21T02:27:10
(14 months ago) - Modified
-
2023-07-21T02:27:10
(14 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
- ALPINE:CVE-2023-30589
- ALSA-2023:4330
- ALSA-2023:4331
- ALSA-2023:4536
- ALSA-2023:4537
- DSA-5589-1
- ELSA-2023-4330
- ELSA-2023-4331
- ELSA-2023-4536
- ELSA-2023-4537
- FEDORA-2023-105880e618
- FEDORA-2023-61e40652be
- FEDORA-2023-6b866fbe84
- FEDORA-2023-cdddce304a
- FEDORA-2023-f75af676f2
- GLSA-202405-29
- NPM:GHSA-CGGH-PQ45-6H9X
- RHSA-2023:4330
- RHSA-2023:4331
- RHSA-2023:4536
- RHSA-2023:4537
- SUSE-SU-2023:2655-1
- SUSE-SU-2023:2662-1
- SUSE-SU-2023:2663-1
- SUSE-SU-2023:2669-1
- SUSE-SU-2023:2861-1
- SUSE-SU-2023:3306-1
- SUSE-SU-2023:3408-1
- SUSE-SU-2023:3455-1
- USN-6735-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/nodejs16?distro=fedora-38 | fedora | nodejs16 | < 16.20.1.1.fc38 | fedora-38 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |