[ALSA-2022:6448] Moderate: nodejs:14 security and bug fix update
Type:
security
Severity:
moderate
Release date:
2022-11-24
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212) * nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213) * nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214) * nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215) * got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367) * nodejs:14/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111417)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-6.14.17-1.14.20.0.2.module_el8.6.0+3261+490666b3.aarch64.rpm 19feff10c5464df32ef0429b3c324c3effa687b43c2f4ef1661b71210f65e932
aarch64 nodejs-devel-14.20.0-2.module_el8.6.0+3261+490666b3.aarch64.rpm 38c043a442ceecc15e20bc5142386b102dfcf7f2e01dc78ab94f67b57ab7f5b7
aarch64 nodejs-14.20.0-2.module_el8.6.0+3261+490666b3.aarch64.rpm 88efa31194f47c87b9c69f98e407aa7efe3ab6df5c4a6ab9a3f3310df760e4c0
aarch64 nodejs-full-i18n-14.20.0-2.module_el8.6.0+3261+490666b3.aarch64.rpm a96297d173842634511079bba7c4ba70e2c1c2f0671b7ff797b6295cec24368b
noarch nodejs-nodemon-2.0.19-2.module_el8.6.0+3261+490666b3.noarch.rpm 3fc1746096791c98b03b70040c6e2a76c192ed1f045020f5190e0632fd6f75a9
noarch nodejs-packaging-23-3.module_el8.5.0+2618+8d46dafd.noarch.rpm 4eaf7a47bcf25d9511b9d22e4d927a284d4256b063d7ef611908e8475f9d6646
noarch nodejs-docs-14.20.0-2.module_el8.6.0+3261+490666b3.noarch.rpm 9472612815c3448084714a861049790a3858e6f58d18761ec7ecf5e0970f68d4
ppc64le nodejs-full-i18n-14.20.0-2.module_el8.6.0+3261+490666b3.ppc64le.rpm 90397960bafda38839fad14d596ac011de5bb152cc75df924075f44ec5141c70
ppc64le npm-6.14.17-1.14.20.0.2.module_el8.6.0+3261+490666b3.ppc64le.rpm 92ee242d453c7874cd1147043b3c4a01483f599882a95f6f8f885636ad835e20
ppc64le nodejs-devel-14.20.0-2.module_el8.6.0+3261+490666b3.ppc64le.rpm 967bd670c9e663da3cce75ec434f504d226321c5edeaa591380cbd9861375b1a
ppc64le nodejs-14.20.0-2.module_el8.6.0+3261+490666b3.ppc64le.rpm d2fd4b19ec0a7e4b2500bfcdab28240a11935cb8f53b45362e0ff3e58443c81b
s390x npm-6.14.17-1.14.20.0.2.module_el8.6.0+3261+490666b3.s390x.rpm 0d50e3afeb36db8df6a90eb8e3da5caa525942ac26715e0c979c0327736c5e5d
s390x nodejs-devel-14.20.0-2.module_el8.6.0+3261+490666b3.s390x.rpm 1090bfafb645fb0486ed18e3ed23621fe322fd14c911981c836c2fb6e2ab6b9a
s390x nodejs-full-i18n-14.20.0-2.module_el8.6.0+3261+490666b3.s390x.rpm 3cf649430f8dc5e062efa3a554e9f9ba5835f8388ce524fd6501fa78423a4bfe
s390x nodejs-14.20.0-2.module_el8.6.0+3261+490666b3.s390x.rpm d3b7eda24cad654bf0ffe415f5fd7477c4040013bf1ccdbcf4a0031c2c695b08
x86_64 nodejs-devel-14.20.0-2.module_el8.6.0+3261+490666b3.x86_64.rpm 25fe413a03c2e053dffa7171051be0e06ab906c3dc2dd6c83cc3ff44477bd550
x86_64 nodejs-14.20.0-2.module_el8.6.0+3261+490666b3.x86_64.rpm 60f86d44bb01044f20a811143bae7435098d2dbb3b7d1e7d886184a7bffc2d42
x86_64 npm-6.14.17-1.14.20.0.2.module_el8.6.0+3261+490666b3.x86_64.rpm 63788d076bcb15d08ce8eccd0c36f56dad68a2db6b71d48a5f746c5b3a5201a6
x86_64 nodejs-full-i18n-14.20.0-2.module_el8.6.0+3261+490666b3.x86_64.rpm ea971759e8d1f74add84f03812776a4d85e54c0c5e67d841da25a48f092e64f2
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.