ALSA-2022:6964

[ALSA-2022:6964] Important: nodejs:16 security update

Type:

security

Severity:

important

Release date:

2022-10-27

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs 16.

Security Fix(es):

* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-16.17.1-1.module_el8.6.0+3328+2e4711d7.aarch64.rpm	2d01c44489293cb35df080dcb8fe75d2f79e4339a2467dd3ee77b477e215eb63
aarch64	nodejs-full-i18n-16.17.1-1.module_el8.6.0+3328+2e4711d7.aarch64.rpm	864c15e40296536ab76fcc514b82645c0c0efa085a96deec580a08858f0ab802
aarch64	nodejs-devel-16.17.1-1.module_el8.6.0+3328+2e4711d7.aarch64.rpm	91fb0832cdf6f5978359e62f582115b21c77c19aae69addc14cf206c73463059
aarch64	npm-8.15.0-1.16.17.1.1.module_el8.6.0+3328+2e4711d7.aarch64.rpm	98a00811522f38be629c504c5a69c393c7b4f6e0e27c9cedc5e7716affd1558a
noarch	nodejs-nodemon-2.0.19-2.module_el8.6.0+3261+490666b3.noarch.rpm	3fc1746096791c98b03b70040c6e2a76c192ed1f045020f5190e0632fd6f75a9
noarch	nodejs-docs-16.17.1-1.module_el8.6.0+3328+2e4711d7.noarch.rpm	6c16fd1d18a221b7b5bae12caf123529d9c7c5fea9a20df50486027577db9d1e
noarch	nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm	cb0391aca612f152879a96ea35099dc00cc9685ea52575761848c9e6eb7578bf
ppc64le	npm-8.15.0-1.16.17.1.1.module_el8.6.0+3328+2e4711d7.ppc64le.rpm	1910df749c3c38e80309fdd05163dec9ef679503fa2c60489ae7c8425892d72c
ppc64le	nodejs-full-i18n-16.17.1-1.module_el8.6.0+3328+2e4711d7.ppc64le.rpm	807082ed1e4740d09e509ae42157d7b929fd681bec874637fb98ea95cd64b576
ppc64le	nodejs-devel-16.17.1-1.module_el8.6.0+3328+2e4711d7.ppc64le.rpm	d4ada3c9c3921526a399d6b6e2a549db9819adaacd8fd82a53c31564cbfe0c21
ppc64le	nodejs-16.17.1-1.module_el8.6.0+3328+2e4711d7.ppc64le.rpm	e6407ac8f761e88c4c4050d24a7aadc902ec3945b7e60968ac703142b07224e0
s390x	nodejs-full-i18n-16.17.1-1.module_el8.6.0+3328+2e4711d7.s390x.rpm	9b3bb0179ebd3b413472a0cc6c69dae97a32571f4bf1bdd5dc6931a82aecb1aa
s390x	npm-8.15.0-1.16.17.1.1.module_el8.6.0+3328+2e4711d7.s390x.rpm	b3ca4135efecb85b08b3d1e6c6bbc7ab172e869f36d6a03f407ac774d04f796e
s390x	nodejs-16.17.1-1.module_el8.6.0+3328+2e4711d7.s390x.rpm	cd808f6339789affd47c123c9330f3edea6a6edae7308a4880230d33bd3c44f4
s390x	nodejs-devel-16.17.1-1.module_el8.6.0+3328+2e4711d7.s390x.rpm	d23dc601a49fb26db3d4e433af4c469508d376ddf4d828c7a9a0d0eef07ef6f0
x86_64	npm-8.15.0-1.16.17.1.1.module_el8.6.0+3328+2e4711d7.x86_64.rpm	0ea0074469412394283c3cbf497975ea4ed8b1a34ecc8eaebef3bae13c87234d
x86_64	nodejs-16.17.1-1.module_el8.6.0+3328+2e4711d7.x86_64.rpm	440040a697c89d39c7480d33211b033e47ff76daa69a1160fd07b8612d2d5655
x86_64	nodejs-full-i18n-16.17.1-1.module_el8.6.0+3328+2e4711d7.x86_64.rpm	aea6e29e10959405279a62329633ba8f7e494032ddadf14598b5ff01b4b897fa
x86_64	nodejs-devel-16.17.1-1.module_el8.6.0+3328+2e4711d7.x86_64.rpm	d0853aed730a2cb174c85331aa233506c0846625977e3161cf2c2ab13c079a83

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.