FEDORA-2023-608a1417d3
Packages in this update:
nodejs16-16.20.1-1.fc38
Update description:
2023-06-20, Version 16.20.1 ‘Gallium’ (LTS), @RafaelGSS
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
OpenSSL security advisory 28th March.
OpenSSL security advisory 20th April.
OpenSSL security advisory 30th May
c-ares vulnerabilities:
GHSA-9g78-jv2r-p7vc
GHSA-8r8p-23f3-64c2
GHSA-54xr-f67r-4pc4
GHSA-x6mf-cxr9-8q6v
More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
More Stories
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an...
USN-7198-1: rlottie vulnerabilities
Paolo Giai discovered a series of stack-based overflow vulnerabilities in the blit and gray_render_cubic functions of a custom fork of...
stb-0^20241002git31707d1-5.fc41
FEDORA-2025-6a64d3b2fc Packages in this update: stb-0^20241002git31707d1-5.fc41 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
Multiple vulnerabilities in SonicWall SonicOS could allow a remote attacker to bypass authentication.
Multiple vulnerabilities have been discovered in SonicWall SonicOS that could allow for authentication bypass. SonicOS is SonicWall’s operating system designed...
xen-4.19.1-3.fc41
FEDORA-2025-933a9a977e Packages in this update: xen-4.19.1-3.fc41 Update description: work around debugedit bug to fix aarch64 builds xen-hypervisor %post doesn't load...
thunderbird-128.6.0-1.fc40
FEDORA-2025-91031f9df9 Packages in this update: thunderbird-128.6.0-1.fc40 Update description: Update to 128.6.0 https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/ Read More