ALSA-2022:7821

[ALSA-2022:7821] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2022-11-11

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (18.9.1). (BZ#2130559, BZ#2131750)

Security Fix(es):

* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-18.9.1-1.module_el8.7.0+3343+ea2b7901.aarch64.rpm	2b79573ff68d99848d6758a983b965f6ce25ac26e7c27d8330a0866906b8d8e9
aarch64	nodejs-devel-18.9.1-1.module_el8.7.0+3343+ea2b7901.aarch64.rpm	31003cdd2b855a43ee3c1bd1565c7ae56f3829aa127932fb8fc429f4c78eed33
aarch64	nodejs-full-i18n-18.9.1-1.module_el8.7.0+3343+ea2b7901.aarch64.rpm	e487a4f3eb561be56b062425d80979518cbeb107d043710897707e7444f0bc34
aarch64	npm-8.19.1-1.18.9.1.1.module_el8.7.0+3343+ea2b7901.aarch64.rpm	ee4cdb74a67eb32e4e2111206b40778ae52a2af5d88b19bc6c3057951e6e24cb
noarch	nodejs-docs-18.9.1-1.module_el8.7.0+3343+ea2b7901.noarch.rpm	3872af599a757c986898c477f028b0622a7b92a00d693d80e795068af06330f8
noarch	nodejs-nodemon-2.0.19-1.module_el8.7.0+3343+ea2b7901.noarch.rpm	5c25dc7f64c208c71abad8e87002398690aaf8356d5339a7c3502825d9b14e1b
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	nodejs-devel-18.9.1-1.module_el8.7.0+3343+ea2b7901.ppc64le.rpm	6748f4162050eb4086b51e243427aa8076344c11738e06c13ca9637af9d0f0ea
ppc64le	npm-8.19.1-1.18.9.1.1.module_el8.7.0+3343+ea2b7901.ppc64le.rpm	85a1cc55ee6b59b5a1ba409d15adccc20bfefde83490f5039f37d8d4b6b7fe27
ppc64le	nodejs-18.9.1-1.module_el8.7.0+3343+ea2b7901.ppc64le.rpm	ce49a7349ae94dedc86a9d525e69ed13baf205bc59739ec53ca92826d10f3e4d
ppc64le	nodejs-full-i18n-18.9.1-1.module_el8.7.0+3343+ea2b7901.ppc64le.rpm	ee4d8eeddbd1e4cde81c093821d4566333ca4d2402d212ae8433f37306cb7927
s390x	nodejs-full-i18n-18.9.1-1.module_el8.7.0+3343+ea2b7901.s390x.rpm	74e5c556588bcccc14fe1197c0642951f39284956f845138ad3328afe1ce8449
s390x	nodejs-devel-18.9.1-1.module_el8.7.0+3343+ea2b7901.s390x.rpm	8f27eaced0d3912ee7ce9f258fb4a3a9a5e99f0e7d2ff8c33fec9876f0622882
s390x	nodejs-18.9.1-1.module_el8.7.0+3343+ea2b7901.s390x.rpm	c46aa535bcf7308f6eed69579eca75412c5a299294035b7b2e122f9ef4316ed5
s390x	npm-8.19.1-1.18.9.1.1.module_el8.7.0+3343+ea2b7901.s390x.rpm	eb9ba9202672f8e3988f430e2cbe3c2e71080499170061744df461034c30783d
x86_64	nodejs-full-i18n-18.9.1-1.module_el8.7.0+3343+ea2b7901.x86_64.rpm	1c50f17f36b2f1634792601a8e0cb1b603f8462e159a63195bf646e1e2493216
x86_64	nodejs-devel-18.9.1-1.module_el8.7.0+3343+ea2b7901.x86_64.rpm	51125a70f4f77ff706d3111cb322664daefa484f92a1fe7603466a84a7e9a168
x86_64	npm-8.19.1-1.18.9.1.1.module_el8.7.0+3343+ea2b7901.x86_64.rpm	a251f94d8e10526d2c6dab3128161b32b943956a0483913f9fe6fa298008c745
x86_64	nodejs-18.9.1-1.module_el8.7.0+3343+ea2b7901.x86_64.rpm	f27a171e9a36db0a45c4b7810113b5d5e543c4faf7a48465c06c52505cdac7e2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.