Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0046
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0046)
Zusammenfassung:	The remote host is missing an update for the 'nodejs, yarnpkg' package(s) announced via the MGASA-2024-0046 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'nodejs, yarnpkg' package(s) announced via the MGASA-2024-0046 advisory. Vulnerability Insight: This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) More detailed information on each of the vulnerabilities can be found in february 2024 Security Releases blog post. Affected Software/OS: 'nodejs, yarnpkg' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-46809 Common Vulnerability Exposure (CVE) ID: CVE-2024-21892 https://hackerone.com/reports/2237545 http://www.openwall.com/lists/oss-security/2024/03/11/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-22019 https://hackerone.com/reports/2233486 Common Vulnerability Exposure (CVE) ID: CVE-2024-22025 https://hackerone.com/reports/2284065 https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.