home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.announce.security      Debian security announcements I think?      29 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 20 of 29   
   Moritz Muehlenhoff to All   
   [SECURITY] [DSA 5991-1] nodejs security    
   29 Aug 25 20:20:02   
   
   From: jmm@debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   - -------------------------------------------------------------------------   
   Debian Security Advisory DSA-5991-1                   security@debian.org   
   https://www.debian.org/security/                       Moritz Muehlenhoff   
   August 29, 2025                       https://www.debian.org/security/faq   
   - -------------------------------------------------------------------------   
      
   Package        : nodejs   
   CVE ID         : CVE-2023-46809 CVE-2024-21892 CVE-2024-22019   
                    CVE-2024-22020 CVE-2024-22025 CVE-2024-27982   
   		 CVE-2024-27983 CVE-2025-47153   
      
   Multiple vulnerabilities were discovered in Node.js, which could result   
   in denial of service, HTTP request smuggling, privilege escalation, a   
   side channel attack against PKCS#1 1.5 or a bypass of network import   
   restrictions.   
      
   For the oldstable distribution (bookworm), these problems have been fixed   
   in version 18.20.4+dfsg-1~deb12u1.   
      
   We recommend that you upgrade your nodejs packages.   
      
   For the detailed security status of nodejs please refer to   
   its security tracker page at:   
   https://security-tracker.debian.org/tracker/nodejs   
      
   Further information about Debian Security Advisories, how to apply   
   these updates to your system and frequently asked questions can be   
   found at: https://www.debian.org/security/   
      
   Mailing list: debian-security-announce@lists.debian.org   
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmix6wEACgkQEMKTtsN8   
   TjbvSg//dk+LUYWD/3ztcNzZnP+/2lNclPO+iMZdPtOWAGIGMlWUciVJuWkC6AO6   
   jPdLAFqQLtWAnEJALn4wt4SZifCBrgU/QKOEoddwokVANn0aMM9lR4vmBa527f2F   
   Q4DMDa+pyEDlKAhbc3w3aJobRDmdO7WncPP7TK7A2WXJJ0aron9aQCRNXqtMOK5m   
   GnY1awu6gvCAiJWwsf1N+/gVM11KBiGlL/12FWxK7FiXdlHbNvvx/OO/d4INNuxw   
   y2Xn/faELbEU9ecMWxUh+kmHd+mqX2tNhAbOH85qrkUU1wfUMrO07sCEAnAaApuj   
   9+jtZzBdeDOi1xR4MIrH4JxliD656zJHX9wKSIOb+p4vZ86o2/L7EaWtmmDWdCdA   
   xsxhGNxtq6DCip5GxO5pLO0ftGToXar6zZbrou+kE5oXp2xLAtO/jgiPPAOl7HBg   
   k78tbCZdxiFy0F+HzDQZFAct5xYKU9eaNHYVAXZF48BW4u38XsievMmSg1aVGpZs   
   XzSwy2BKYkhC1bD/2ISApvZrcBcgxXbXOQXXEsxiFK7IUPtHcR3Mc9uRgP/KRNQ/   
   x/WYShdmhSQTlvORv5UeAmEjZqYcRS7qYQQ3tk09coY22NAUl+CfzrIuPCvkY/Gc   
   DaIbudBi4HcPnmYJAe7GpR6Jw+rSnDdfJXVN6D3SRy2IfVLMVPU=   
   =mHjX   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca