Advisories ยป MGASA-2023-0264

Updated nodejs packages fix security vulnerability

Publication date: 24 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-32002 , CVE-2023-32006 , CVE-2023-32559


This is a security release. As well, it fixes v8 headers detection

The following CVEs are fixed in this release:
  CVE-2023-32002: Policies can be bypassed via Module._load (High)
  CVE-2023-32006: Policies can be bypassed by
    module.constructor.createRequire (Medium)
  CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
  OpenSSL Security Releases
      OpenSSL security advisory 14th July.
      OpenSSL security advisory 19th July.
      OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in
August 2023 Security Releases blog post.