Advisories » MGASA-2025-0041

Updated nodejs packages fix security vulnerabilities

Publication date: 07 Feb 2025
Modification date: 07 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23083 , CVE-2025-23085

Description

Worker permission bypass via InternalWorker leak in diagnostics.
(CVE-2025-23083)
GOAWAY HTTP/2 frames cause memory leak outside heap. (CVE-2025-23085)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33947
• https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
• https://www.openwall.com/lists/oss-security/2025/01/21/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23083
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085

SRPMS

9/core

• nodejs-22.13.1-2.mga9