1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5395-1] nodejs security update

    From Aron Xu@21:1/5 to All on Tue May 2 16:00:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5395-1 security@debian.org https://www.debian.org/security/ Aron Xu
    May 02, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : nodejs
    CVE ID : CVE-2023-23920
    Debian Bug : 1031834

    An untrusted search path vulnerability was discovered in Node.js, which
    could result in unexpected searching or loading ICU data when running
    with elevated privileges.

    For the stable distribution (bullseye), this problem has been fixed in
    version 12.22.12~dfsg-1~deb11u4.

    We recommend that you upgrade your nodejs packages.

    For the detailed security status of nodejs please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/nodejs

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRRFPEACgkQO1LKKgqv 2VRMawf+N0s4VgVCylQXvLg4vsTMjLcKr2rlfNZvynju309TCAcFBFYdk8LAAB8f Z+aWfnhJctIIv84grCAFsz78rmdbOsUwlaGVYe0BLhwcRPoVv818Uh5frX1VPits L044cE9Rudw26D4lkaySqtXqm2gC3uopvBuR+FISRJEl5xkI6d8/FCYL7Z72c8FI n7NyB8cuHV7BVhGAJ/PhDg5sqw+8fR5sFMeKMUvPSbEipqb4s4Di+AGGG42O7dYt AZM3HdfMsco0RyvyqdrXtxifZY8a603IXLmWeSBa4OEn0mlQIHj26LEAWpz4dKWv oM7HnnqNfUOztqVjjWavQ5KVXMIiyQ==
    =bvBz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)