[ALSA-2022:9073] Moderate: nodejs:16 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-09-15
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs (16.18.1), nodejs-nodemon (2.0.20). Security Fix(es): * nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531) * nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532) * nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533) * minimist: prototype pollution (CVE-2021-44906) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) * nodejs: Prototype pollution via console.table properties (CVE-2022-21824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:16/nodejs: Packaged version of undici does not fit with declared version. [almalinux-8] (BZ#2151625)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm 6016a7417750b289b632851cccedae625af333be26e3ab6e777fe3fedc4f9a96
aarch64 nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm 70f03aaba7a54f792a596ac96ca93e8c4ed925f194639078242db49fe47eb128
aarch64 npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.aarch64.rpm 83d4f9bdea54e6a4eeeea6ed06fc2041ebff3f499aeb3b1b5747709548f18dbb
aarch64 nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm a8e2574cd52f4904475626bf9e9c6ffe7663cb695c57bf2d4ac4756524995c95
noarch nodejs-nodemon-2.0.20-2.module_el8.7.0+3371+ed8c43db.noarch.rpm 54890e68223d51cacf0234467b13a2b148a15a5cf46e20d7413b92f145a2d1da
noarch nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm cb0391aca612f152879a96ea35099dc00cc9685ea52575761848c9e6eb7578bf
noarch nodejs-docs-16.18.1-3.module_el8.7.0+3371+ed8c43db.noarch.rpm dae78dcd8670614a486ebe2a024f7fddf6d1d74dc79f65c7a53ee0e5a83d5d23
ppc64le nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm 61c7bfabbb6bd95821e579b174c70879ed08dd2bc9e8a6d48cc1d4f7f4a11ac3
ppc64le nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm 6235c3176119fee81ff38b809c3e79db823c4e11930f14eeeb6fbf6b6f9278b5
ppc64le nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm 62657d6a29d8cd8ec66706e036ca4fde9819d7536b70be817f325a7a3475aad0
ppc64le npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm c4ea7051c23979dce59e0bb06a20c4905c235f25bc65dfb96eae58a19b65e809
s390x npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.s390x.rpm 0028dff9bb57f11eb7e9d46d594505f63c0569fdd7a1d976de1103bebcb74bd1
s390x nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm 82f585073caac76f0d5fcbf897b5b620a8a2a1a579675068d5d9d26b70b7d334
s390x nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm b3c835f619fc998ba9ada3d9212d0903e0861f1f7afcf59c8962fb52d88a8f54
s390x nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm ff087a097fe55f0ddcb7fd017d54a4153925f2f256721461049a305998b0ecda
x86_64 nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm 39cd659a504ba7ad7877f445bca23e67b1ee677d2180ab2391a013ab25499d0e
x86_64 npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.x86_64.rpm 5a9e3be3ceb25d2ddfe8ad5b44de95065e1fbd5ab106de622c228479bcb9e3fe
x86_64 nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm bd5256e5de7ebf3efadb268194209bb55253502dac0987cc6b19dd2c5e9ce01d
x86_64 nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm ef15aef52a3c33d55cf788aa3bb93bef3f7e23c35d63b78b6034361d83b12b82
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.