{"id":"MGASA-2023-0264","summary":"Updated nodejs packages fix security vulnerability","details":"This is a security release. As well, it fixes v8 headers detection\n(mga#28809)\n\nThe following CVEs are fixed in this release:\n  CVE-2023-32002: Policies can be bypassed via Module._load (High)\n  CVE-2023-32006: Policies can be bypassed by\n    module.constructor.createRequire (Medium)\n  CVE-2023-32559: Policies can be bypassed via process.binding (Medium)\n  OpenSSL Security Releases\n      OpenSSL security advisory 14th July.\n      OpenSSL security advisory 19th July.\n      OpenSSL security advisory 31st July\n\nMore detailed information on each of the vulnerabilities can be found in\nAugust 2023 Security Releases blog post.\n","modified":"2026-04-16T04:41:06.301696617Z","published":"2023-09-24T22:16:18Z","upstream":["CVE-2023-32002","CVE-2023-32006","CVE-2023-32559"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0264.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32176"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28809"},{"type":"WEB","url":"https://github.com/nodejs/node/releases/tag/v18.17.1"},{"type":"WEB","url":"https://github.com/nodejs/node/releases/tag/v18.17.0"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.17.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0264.json"}},{"package":{"name":"nodejs","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.17.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0264.json"}},{"package":{"name":"yarnpkg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/yarnpkg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.19-13.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0264.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}