| Summary: | nodejs-chownr new security issue CVE-2017-18869 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie_ryushu> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, mageia, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://nvd.nist.gov/vuln/detail/CVE-2017-18869 | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | nodejs-chownr-1.0.1-3.mga8.src.rpm | CVE: | CVE-2017-18869 |
| Status comment: | |||
|
Description
Zombie Ryushu
2020-12-29 10:18:01 CET
Zombie Ryushu
2020-12-29 10:18:11 CET
CVE:
(none) =>
CVE-2017-18869
David Walser
2020-12-29 17:11:12 CET
Whiteboard:
(none) =>
MGA7TOO This is for you Stig. CC:
(none) =>
ouaurelien version 1.1.4 pushed in cauldron CC:
(none) =>
mageia fixed in mga7:
src:
- nodejs-chownr-1.1.0-1.mga7Status comment:
Fixed upstream in 1.1.0 =>
(none) Advisory: ======================== Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks (CVE-2017-18869). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18869 MGA7-64 MATE on Peaq C1011 No installation issues This is a developers library. OK on clean install. CC:
(none) =>
herman.viaene Thank you, Herman. Validating. Advisory in Comment 4. Keywords:
(none) =>
validated_update
Thomas Backlund
2021-04-02 21:14:14 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0169.html Resolution:
(none) =>
FIXED |