ALSA-2022:8833

[ALSA-2022:8833] Moderate: nodejs:18 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2022-12-07

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (18.12.1), nodejs-nodemon (2.0.20). (BZ#2142818)

Security Fix(es):

* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-18.12.1-2.module_el8.7.0+3370+40ccb2a8.aarch64.rpm	1eb36a6c25a09f11f0820c62de450f018c860f64d337437f2ec78f252caf9fa8
aarch64	npm-8.19.2-1.18.12.1.2.module_el8.7.0+3370+40ccb2a8.aarch64.rpm	3b2d5bf4d33b44ca1961b86530a3c65f718f579e5dcbed8a7dfd96f17215da74
aarch64	nodejs-devel-18.12.1-2.module_el8.7.0+3370+40ccb2a8.aarch64.rpm	42f4b2ef4ace94013a284d385892525951337bfd5d6c8eac37914d24758f5a60
aarch64	nodejs-full-i18n-18.12.1-2.module_el8.7.0+3370+40ccb2a8.aarch64.rpm	6e7d39d816b44e3f43987149829b31aa5404b584fea7d6087a98d5bf028e8cb0
noarch	nodejs-docs-18.12.1-2.module_el8.7.0+3370+40ccb2a8.noarch.rpm	12d5f2acb2f58c05be8a803cdad82efc954240c9cb2850e009fa5ad5e3e07f7a
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-nodemon-2.0.20-1.module_el8.7.0+3370+40ccb2a8.noarch.rpm	ba19905dba169e9eaa458b192b04ad1956ec1a5eb5668a65733f65a1eec4a755
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	nodejs-18.12.1-2.module_el8.7.0+3370+40ccb2a8.ppc64le.rpm	3bbda97a448712083736059fd9b5614242816ac97202b537fb32d6106bf83f27
ppc64le	nodejs-full-i18n-18.12.1-2.module_el8.7.0+3370+40ccb2a8.ppc64le.rpm	5eeb1e42cbbc54dc909d79b3cdf1e985c4d7b805a0f7b1a18d1bad826452f6f6
ppc64le	npm-8.19.2-1.18.12.1.2.module_el8.7.0+3370+40ccb2a8.ppc64le.rpm	70c94c658148514ecb1508b712ce4ac7e1cd868be2054891b619f4681be2b0fb
ppc64le	nodejs-devel-18.12.1-2.module_el8.7.0+3370+40ccb2a8.ppc64le.rpm	aebc0cb2c6c8cf799341023a1b862d3e884f5e9390f2d10791c22c78ff0f0df9
s390x	nodejs-devel-18.12.1-2.module_el8.7.0+3370+40ccb2a8.s390x.rpm	58a285a58d83ad5d83fd92a3c02d4931cf8d8e6cde60a16a2b8e64194c1fa1dc
s390x	nodejs-full-i18n-18.12.1-2.module_el8.7.0+3370+40ccb2a8.s390x.rpm	791d75596caafb378666583cf0a1caf53140c9e2a9c9676c4001e916009dcfc3
s390x	npm-8.19.2-1.18.12.1.2.module_el8.7.0+3370+40ccb2a8.s390x.rpm	abffddbbc4cea39a04cbbb98dbfebd65fa1afc787ff91391a36ddddd0f38c39f
s390x	nodejs-18.12.1-2.module_el8.7.0+3370+40ccb2a8.s390x.rpm	d567d5ddf246cb35fd8a0d595d71349f4dea8ea8e0e874e3304485829da33475
x86_64	nodejs-18.12.1-2.module_el8.7.0+3370+40ccb2a8.x86_64.rpm	8c716d639e2c4b9966304ee4a4f0631003229bd4c0c08774ecdce02daa853d6b
x86_64	nodejs-full-i18n-18.12.1-2.module_el8.7.0+3370+40ccb2a8.x86_64.rpm	bdada88ea775bd07cb641924becd5ff8c1588a803e9d11118adf4e1879076724
x86_64	npm-8.19.2-1.18.12.1.2.module_el8.7.0+3370+40ccb2a8.x86_64.rpm	d20cab0965213e62dcae3fca8426ebc573ac4d86ac3bdafbc6f1725c890dbc58
x86_64	nodejs-devel-18.12.1-2.module_el8.7.0+3370+40ccb2a8.x86_64.rpm	f95391cd1faa0289e3ce7efdef7a9749e8ec7efe349a33f83fa6e56a70a71f29

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.