mirror of
git://slackware.nl/current.git
synced 2024-12-27 09:59:16 +01:00
14a06990b9
l/nodejs-20.11.1-x86_64-1.txz: Upgraded. This update fixes security issues: Code injection and privilege escalation through Linux capabilities - (High). http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks - (High). Path traversal by monkey-patching Buffer internals - (High). setuid() does not drop all privileges due to io_uring - (High). Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium). Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium). Improper handling of wildcards in --allow-fs-read and --allow-fs-write - (Medium). Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21892 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21896 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21891 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025 (* Security fix *) l/pcre2-10.43-x86_64-1.txz: Upgraded. |
||
---|---|---|
.. | ||
pcre2.SlackBuild | ||
pcre2.url | ||
slack-desc |