Updated nodejs packages fix security vulnerabilities
Publication date: 24 May 2025Modification date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167
Description
Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string. (CVE-2025-23165) Improper error handling in async cryptographic operations crashes process. (CVE-2025-23166) Improper HTTP header block termination in llhttp. (CVE-2025-23167)
References
SRPMS
9/core
- nodejs-22.16.0-1.mga9