{"id":"MGASA-2023-0226","summary":"Updated nodejs packages fix security vulnerability","details":"Current nodejs 14 branch in Mageia 8 is end of life and there are no more\nsecurity updates.\n\nThis release allows to move to the new nodejs 18 LTS branch and fixes the\nfollowing CVEs\nCVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism\n(High)\nCVE-2023-30585: Privilege escalation via Malicious Registry Key\nmanipulation during Node.js installer repair process (Medium)\nCVE-2023-30588: Process interuption due to invalid Public Key information\nin x509 certificates (Medium)\nCVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR\n(Medium)\nCVE-2023-30590: DiffieHellman does not generate keys after setting a\nprivate key (Medium)\nOpenSSL Security Releases\n OpenSSL security advisory 28th March.\n OpenSSL security advisory 20th April.\n OpenSSL security advisory 30th May\nc-ares vulnerabilities:\n GHSA-9g78-jv2r-p7vc\n GHSA-8r8p-23f3-64c2\n GHSA-54xr-f67r-4pc4\n GHSA-x6mf-cxr9-8q6v\n","modified":"2026-01-30T14:39:35.568104Z","published":"2023-07-07T05:54:45Z","related":["CVE-2023-30581","CVE-2023-30582","CVE-2023-30583","CVE-2023-30584","CVE-2023-30585","CVE-2023-30586","CVE-2023-30587","CVE-2023-30588","CVE-2023-30589","CVE-2023-30590"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0226.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32047"},{"type":"REPORT","url":"https://github.com/nodejs/node/releases/tag/v18.16.1"},{"type":"REPORT","url":"https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.16.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0226.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}