[ALSA-2021:3623] Important: nodejs:12 security and bug fix update
Type:
security
Severity:
important
Release date:
2021-09-21
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930) * nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940) * c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672) * nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931) * nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803) * nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804) * nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:12/nodejs: Make FIPS options always available (BZ#1993927)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-6.14.14-1.12.22.5.1.module_el8.4.0+2529+af52a4c7.aarch64.rpm 0a2d1701985007d5850c9fbea9e2446fd96c176524efd8f92af6791348263727
aarch64 nodejs-12.22.5-1.module_el8.4.0+2529+af52a4c7.aarch64.rpm 1679fbc2047632ea9a56e3274aefbc194eb86a945ad44f8f547c19ef70c3c5ea
aarch64 nodejs-full-i18n-12.22.5-1.module_el8.4.0+2529+af52a4c7.aarch64.rpm 37e9d1ffdd00a18c15c2deaa4e6030a70b395dc69b24fa659a1f3375eb0bf6f9
aarch64 nodejs-devel-12.22.5-1.module_el8.4.0+2529+af52a4c7.aarch64.rpm 497662fee825b86e82619e6f3cf82208b90f5aba15984287eb37aabc4c53292f
noarch nodejs-packaging-17-3.module_el8.4.0+2224+b07ac28e.noarch.rpm 34d06c7655fa3e83fb4c8cd1af3eeee4471f30a9231142e5561fa34eac5e1cb5
noarch nodejs-docs-12.22.5-1.module_el8.4.0+2529+af52a4c7.noarch.rpm 4424677605763b1415e6e398752d3986c22da949b08351646ae1047528437f95
noarch nodejs-packaging-17-3.module_el8.4.0+2521+c668cc9f.noarch.rpm 48a2bb3aaf5af5eb9eff27d730f873dfcb942c9bc4ff765f9fbcaddd031cd78f
noarch nodejs-packaging-17-3.module_el8.3.0+2023+d2377ea3.noarch.rpm 866fca29b11c2772a119fa9bcf208c5d4a6e7cea51445fcb2194e1ad3c4ddc0e
noarch nodejs-nodemon-2.0.3-1.module_el8.4.0+2521+c668cc9f.noarch.rpm 9d421316512b1ef3258536e633a07d90a8fe282153109d04cd255c96e923915e
ppc64le nodejs-devel-12.22.5-1.module_el8.5.0+85+79a7b441.ppc64le.rpm 2cc19f69434beb6090bfa310e8a75d379006e3be8733d6c1d97253d1ec10b656
ppc64le npm-6.14.14-1.12.22.5.1.module_el8.5.0+85+79a7b441.ppc64le.rpm 32945823205ea203f0d63605eacadd9199bc85a447956c844cb3dffe3e1568ab
ppc64le nodejs-full-i18n-12.22.5-1.module_el8.5.0+85+79a7b441.ppc64le.rpm 34b8d3660afc4175e397dba3f50e374c5d5df2682459173349c2d745c366a867
ppc64le nodejs-12.22.5-1.module_el8.5.0+85+79a7b441.ppc64le.rpm d2638ed7f9cda2600ab892fe11ee7f5f485b6946054eb134b6e6eff94da1ba78
x86_64 nodejs-12.22.5-1.module_el8.4.0+2529+af52a4c7.x86_64.rpm 4b7e2dafe30da0afb24cb12dda633caed3ec68452e41ec118e6caaff1fcd54ef
x86_64 npm-6.14.14-1.12.22.5.1.module_el8.4.0+2529+af52a4c7.x86_64.rpm 5a315195f265645beadc2a0e656ffd9d6a78e6c0e06d3ce01f1f2a06b7956aa4
x86_64 nodejs-devel-12.22.5-1.module_el8.4.0+2529+af52a4c7.x86_64.rpm bd524f2a5b5043c7c1271d9c6d4be3547b06278ad17262f4b5fd62805002ba7f
x86_64 nodejs-full-i18n-12.22.5-1.module_el8.4.0+2529+af52a4c7.x86_64.rpm e371c278d692d99df640e290663b85e8a3ba23267d7b45e2ffd63da2b0ef4614
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.