Updated nodejs packages fix security vulnerabilities
Publication date: 27 Sep 2020Modification date: 27 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-9511 , CVE-2019-9512 , CVE-2019-9513 , CVE-2019-9514 , CVE-2019-9515 , CVE-2019-9516 , CVE-2019-9517 , CVE-2019-9518 , CVE-2019-15604 , CVE-2019-15605 , CVE-2019-15606 , CVE-2019-16775 , CVE-2019-16776 , CVE-2019-16777 , CVE-2020-8174 , CVE-2020-8252
Description
The nodejs package has been updated to the latest version in the 10.x branch,
which is 10.22.1 at this time. It fixes several security issues and other
bugs. See the upstream changelog and advisories for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=25314
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
- https://github.com/nodejs/node/blob/v10.x/doc/changelogs/CHANGELOG_V10.md
- https://github.com/nghttp2/nghttp2/releases/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252
SRPMS
7/core
- libuv-1.34.2-1.mga7
- nodejs-10.22.1-9.mga7