ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0046
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0046)
Resumen:	The remote host is missing an update for the 'nodejs, yarnpkg' package(s) announced via the MGASA-2024-0046 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nodejs, yarnpkg' package(s) announced via the MGASA-2024-0046 advisory. Vulnerability Insight: This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) More detailed information on each of the vulnerabilities can be found in february 2024 Security Releases blog post. Affected Software/OS: 'nodejs, yarnpkg' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-46809 Common Vulnerability Exposure (CVE) ID: CVE-2024-21892 https://hackerone.com/reports/2237545 http://www.openwall.com/lists/oss-security/2024/03/11/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-22019 https://hackerone.com/reports/2233486 Common Vulnerability Exposure (CVE) ID: CVE-2024-22025 https://hackerone.com/reports/2284065 https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.