FEDORA-2023-f66fc0f62a
Packages in this update:
nodejs20-20.8.1-1.fc37
Update description:
2023-10-13, Version 20.8.1 (Current), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
CVE-2023-44487: nghttp2 Security Release (High)
CVE-2023-45143: undici Security Release (High)
CVE-2023-39332: Path traversal through path stored in Uint8Array (High)
CVE-2023-39331: Permission model improperly protects against path traversal (High)
CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
More Stories
icecat-flatpak-115.18.0-2
FEDORA-FLATPAK-2024-5ad8ccec67 Packages in this update: icecat-flatpak-115.18.0-2 Update description: Updated patchset for CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 Read More
mupdf-1.24.6-2.fc40
FEDORA-2024-bfc5e25437 Packages in this update: mupdf-1.24.6-2.fc40 Update description: fix CVE-2024-46657 (rhbz#2331626) Read More
mupdf-1.21.1-6.el9
FEDORA-EPEL-2024-94a20f339a Packages in this update: mupdf-1.21.1-6.el9 Update description: fix CVE-2024-46657 (rhbz#2331625) Read More
DSA-5837-1 fastnetmon – security update
Two security issues have been discovered in FastNetMon, a fast DDoS analyzer: Malformed Netflow/sFlow traffic could result in denial of...
DSA-5836-1 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information...
DSA-5835-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54479 Seunghyun Lee discovered that processing maliciously crafted web...