ALSA-2022:7830

[ALSA-2022:7830] Moderate: nodejs:14 security update

Type:

security

Severity:

moderate

Release date:

2022-11-23

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-6.14.17-1.14.20.1.2.module_el8.7.0+3342+b2df8497.aarch64.rpm	4df9f4e097e3d63a074485533edd70c1ba38a369770c885a1d91a8c7f6d1b073
aarch64	nodejs-devel-14.20.1-2.module_el8.7.0+3342+b2df8497.aarch64.rpm	9fd8c9e9247fc417dad65cf865611647a4ab88f2a0a5922754ae03ca6679f6f9
aarch64	nodejs-14.20.1-2.module_el8.7.0+3342+b2df8497.aarch64.rpm	a696123ed210da31e6ff202431d374979daddca6b870d31ab651d5d5be64c62b
aarch64	nodejs-full-i18n-14.20.1-2.module_el8.7.0+3342+b2df8497.aarch64.rpm	e744b1e0170ca829e9a61a18a53c682bc4401bfd209722ef6092a050010f5382
noarch	nodejs-nodemon-2.0.19-2.module_el8.6.0+3261+490666b3.noarch.rpm	3fc1746096791c98b03b70040c6e2a76c192ed1f045020f5190e0632fd6f75a9
noarch	nodejs-docs-14.20.1-2.module_el8.7.0+3342+b2df8497.noarch.rpm	560e2efec02dfd517b1324f3a1c44f1dff24ed115cf60c98d569c612ebeffea3
noarch	nodejs-packaging-23-3.module_el8.4.0+2522+3bd42762.noarch.rpm	5ec709f70c833b784601552cba74067eb2a98aecaf8403431e26580abb8601b5
ppc64le	nodejs-full-i18n-14.20.1-2.module_el8.7.0+3342+b2df8497.ppc64le.rpm	6f51b20406a24e464626e063acaf838ed6ab8a01e8c8f7e24b704eb063134e37
ppc64le	nodejs-14.20.1-2.module_el8.7.0+3342+b2df8497.ppc64le.rpm	d0bf7dd081bec1024c6e2c0bbe1a47524694792938b61d57d920c5316a9a00da
ppc64le	npm-6.14.17-1.14.20.1.2.module_el8.7.0+3342+b2df8497.ppc64le.rpm	ea51e87bfe99d92a7c0e38f5e346db7443547fb0eb1777442a7734f39dd39a66
ppc64le	nodejs-devel-14.20.1-2.module_el8.7.0+3342+b2df8497.ppc64le.rpm	f6173d6186b0eb3faeea9fa4c79f9dd819f105fe727883f3e4f8cda5b58cbd3e
s390x	nodejs-full-i18n-14.20.1-2.module_el8.7.0+3342+b2df8497.s390x.rpm	166f65c3053245e2e9dc088ab60d03bdf5ee4dc6dd906d2a04897afbbf5e5547
s390x	nodejs-14.20.1-2.module_el8.7.0+3342+b2df8497.s390x.rpm	2fba05a506bb1d5a28ad43dfda308e9003917b3420922c6bc58424cfb27e3c25
s390x	npm-6.14.17-1.14.20.1.2.module_el8.7.0+3342+b2df8497.s390x.rpm	e2f6723c82b58731cb61a24d298fe522cba5da3d95f35ea4ef84ae0e6d8ba857
s390x	nodejs-devel-14.20.1-2.module_el8.7.0+3342+b2df8497.s390x.rpm	ff26f0ef4c4b89828aac8cef0ebefe0332d21d45cecab9f9fe013aff86682494
x86_64	nodejs-full-i18n-14.20.1-2.module_el8.7.0+3342+b2df8497.x86_64.rpm	7f00ab156cb62b2c3a7cfb2877355439094ad9260ae0a9ca2e6912689289b9c8
x86_64	nodejs-14.20.1-2.module_el8.7.0+3342+b2df8497.x86_64.rpm	9bf5ef4c25e842ec48626030c8649a41f50f5f9e7dbbd5abe3630a43b899a44a
x86_64	nodejs-devel-14.20.1-2.module_el8.7.0+3342+b2df8497.x86_64.rpm	c844eb52052fad00660cedc136278cbcc24d45287632e8663ffff93fa83fa17b
x86_64	npm-6.14.17-1.14.20.1.2.module_el8.7.0+3342+b2df8497.x86_64.rpm	ee8615bffe2df2078d8971a13dc37a44f7bdee460c04f0f28d359678948cbcf2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.